# Flog Txt Version 1 # Analyzer Version: 2.3.2 # Analyzer Build Date: Oct 25 2018 12:55:11 # Log Creation Date: 01.11.2018 09:56:40.855 Process: id = "1" image_name = "nstpeer.exe" filename = "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe" page_root = "0x30e5e000" os_pid = "0xe28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe\" " cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 5 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 6 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 8 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 9 start_va = 0x400000 end_va = 0x51efff entry_point = 0x400000 region_type = mapped_file name = "nstpeer.exe" filename = "\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe") Region: id = 10 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 11 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 12 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 13 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 14 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 15 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 16 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 17 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 18 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 158 start_va = 0x380000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 159 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 160 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 161 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 162 start_va = 0x6e0000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 163 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 164 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 165 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 166 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 167 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 168 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 169 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 170 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 171 start_va = 0x2d0000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 172 start_va = 0x520000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 173 start_va = 0x7e0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 174 start_va = 0x73f70000 end_va = 0x73f76fff entry_point = 0x73f70000 region_type = mapped_file name = "dciman32.dll" filename = "\\Windows\\SysWOW64\\dciman32.dll" (normalized: "c:\\windows\\syswow64\\dciman32.dll") Region: id = 175 start_va = 0x73f80000 end_va = 0x73fa0fff entry_point = 0x73f80000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 176 start_va = 0x73fb0000 end_va = 0x74270fff entry_point = 0x73fb0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 177 start_va = 0x74280000 end_va = 0x742b7fff entry_point = 0x74280000 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\SysWOW64\\adsldpc.dll" (normalized: "c:\\windows\\syswow64\\adsldpc.dll") Region: id = 178 start_va = 0x742c0000 end_va = 0x743aafff entry_point = 0x742c0000 region_type = mapped_file name = "ddraw.dll" filename = "\\Windows\\SysWOW64\\ddraw.dll" (normalized: "c:\\windows\\syswow64\\ddraw.dll") Region: id = 179 start_va = 0x743b0000 end_va = 0x743d2fff entry_point = 0x743b0000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 180 start_va = 0x743e0000 end_va = 0x7454afff entry_point = 0x743e0000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\\gdiplus.dll") Region: id = 181 start_va = 0x74550000 end_va = 0x74557fff entry_point = 0x74550000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 182 start_va = 0x74560000 end_va = 0x746bffff entry_point = 0x74560000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 183 start_va = 0x746c0000 end_va = 0x74702fff entry_point = 0x746c0000 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 184 start_va = 0x74710000 end_va = 0x747effff entry_point = 0x74710000 region_type = mapped_file name = "opengl32.dll" filename = "\\Windows\\SysWOW64\\opengl32.dll" (normalized: "c:\\windows\\syswow64\\opengl32.dll") Region: id = 185 start_va = 0x747f0000 end_va = 0x7482afff entry_point = 0x747f0000 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\SysWOW64\\activeds.dll" (normalized: "c:\\windows\\syswow64\\activeds.dll") Region: id = 186 start_va = 0x74830000 end_va = 0x74853fff entry_point = 0x74830000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 187 start_va = 0x74860000 end_va = 0x74a83fff entry_point = 0x74860000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 188 start_va = 0x74a90000 end_va = 0x74ab4fff entry_point = 0x74a90000 region_type = mapped_file name = "glu32.dll" filename = "\\Windows\\SysWOW64\\glu32.dll" (normalized: "c:\\windows\\syswow64\\glu32.dll") Region: id = 189 start_va = 0x74ac0000 end_va = 0x74b58fff entry_point = 0x74ac0000 region_type = mapped_file name = "odbc32.dll" filename = "\\Windows\\SysWOW64\\odbc32.dll" (normalized: "c:\\windows\\syswow64\\odbc32.dll") Region: id = 190 start_va = 0x74b60000 end_va = 0x74bf1fff entry_point = 0x74b60000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 191 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 192 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 193 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 194 start_va = 0x75160000 end_va = 0x7521dfff entry_point = 0x75160000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 195 start_va = 0x75220000 end_va = 0x75255fff entry_point = 0x75220000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 196 start_va = 0x75350000 end_va = 0x753a2fff entry_point = 0x75350000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 197 start_va = 0x753b0000 end_va = 0x753f3fff entry_point = 0x753b0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 198 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 199 start_va = 0x75430000 end_va = 0x767eefff entry_point = 0x75430000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 200 start_va = 0x76810000 end_va = 0x7681efff entry_point = 0x76810000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 201 start_va = 0x768b0000 end_va = 0x76999fff entry_point = 0x768b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 202 start_va = 0x76a10000 end_va = 0x76a8afff entry_point = 0x76a10000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 203 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 204 start_va = 0x76c90000 end_va = 0x76d21fff entry_point = 0x76c90000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 205 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 206 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 207 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 208 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 209 start_va = 0x77290000 end_va = 0x772d3fff entry_point = 0x77290000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 210 start_va = 0x77340000 end_va = 0x773ccfff entry_point = 0x77340000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 211 start_va = 0x773f0000 end_va = 0x778ccfff entry_point = 0x773f0000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 212 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 213 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 214 start_va = 0x77c30000 end_va = 0x77c3bfff entry_point = 0x77c30000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 215 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 216 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 217 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 218 start_va = 0x310000 end_va = 0x310fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 219 start_va = 0x320000 end_va = 0x323fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 220 start_va = 0x370000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 221 start_va = 0x6d0000 end_va = 0x6dffff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 222 start_va = 0x8e0000 end_va = 0xa67fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 223 start_va = 0xa70000 end_va = 0xbf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 224 start_va = 0xc00000 end_va = 0x1ffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 225 start_va = 0x2000000 end_va = 0x2336fff entry_point = 0x2000000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 226 start_va = 0x2340000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 227 start_va = 0x7fe50000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 228 start_va = 0x2480000 end_va = 0x287ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002480000" filename = "" Region: id = 229 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 230 start_va = 0x330000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 231 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 232 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 233 start_va = 0x350000 end_va = 0x350fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 234 start_va = 0x2340000 end_va = 0x23f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002340000" filename = "" Region: id = 235 start_va = 0x2470000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 236 start_va = 0x350000 end_va = 0x353fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 237 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 240 start_va = 0x360000 end_va = 0x364fff entry_point = 0x360000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 241 start_va = 0x620000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 242 start_va = 0x390000 end_va = 0x393fff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 243 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 244 start_va = 0x2880000 end_va = 0x28fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002880000" filename = "" Region: id = 245 start_va = 0x3a0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 246 start_va = 0x2900000 end_va = 0x29fffff entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 247 start_va = 0x7fe4d000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe4d000" filename = "" Region: id = 248 start_va = 0x60000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 249 start_va = 0x160000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 250 start_va = 0x2400000 end_va = 0x243ffff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 251 start_va = 0x2a00000 end_va = 0x2afffff entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 252 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 253 start_va = 0x73d80000 end_va = 0x73f6ffff entry_point = 0x73d80000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 254 start_va = 0x2880000 end_va = 0x28f5fff entry_point = 0x2880000 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 255 start_va = 0x2b00000 end_va = 0x2bfffff entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 256 start_va = 0x2c00000 end_va = 0x3bfffff entry_point = 0x2c00000 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 257 start_va = 0x170000 end_va = 0x173fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 258 start_va = 0x3c00000 end_va = 0x3cfffff entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 259 start_va = 0x180000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 260 start_va = 0x3d00000 end_va = 0x3dfffff entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 261 start_va = 0x180000 end_va = 0x195fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 262 start_va = 0x3e0000 end_va = 0x3e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 263 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 264 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 265 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 266 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 267 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 268 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 269 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 270 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 271 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 272 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 273 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 274 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 275 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 276 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 277 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 278 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 279 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 280 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 281 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 282 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 283 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 284 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 285 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 286 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 287 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 288 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 289 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 290 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 291 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 292 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 293 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 294 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 295 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 296 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 297 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 298 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 299 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 300 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 301 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 302 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 303 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 304 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 305 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 306 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 307 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 308 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 309 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 310 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 311 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 312 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 313 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 314 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 315 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 316 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 317 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 318 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 319 start_va = 0x180000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 320 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 321 start_va = 0x3e00000 end_va = 0x4e3ffff entry_point = 0x3e00000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 322 start_va = 0x4e40000 end_va = 0x5331fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e40000" filename = "" Region: id = 323 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 324 start_va = 0x76820000 end_va = 0x768a1fff entry_point = 0x76820000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 325 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 326 start_va = 0x73cd0000 end_va = 0x73d76fff entry_point = 0x73cd0000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 327 start_va = 0x73d60000 end_va = 0x73d72fff entry_point = 0x73d60000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 328 start_va = 0x73d40000 end_va = 0x73d5afff entry_point = 0x73d40000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 329 start_va = 0x73d10000 end_va = 0x73d3efff entry_point = 0x73d10000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 330 start_va = 0x73cf0000 end_va = 0x73d08fff entry_point = 0x73cf0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 331 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 332 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 333 start_va = 0x73c90000 end_va = 0x73ce3fff entry_point = 0x73c90000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\SysWOW64\\MMDevAPI.dll" (normalized: "c:\\windows\\syswow64\\mmdevapi.dll") Region: id = 334 start_va = 0x73b40000 end_va = 0x73c81fff entry_point = 0x73b40000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 335 start_va = 0x73b00000 end_va = 0x73b37fff entry_point = 0x73b00000 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\SysWOW64\\wdmaud.drv" (normalized: "c:\\windows\\syswow64\\wdmaud.drv") Region: id = 336 start_va = 0x73ae0000 end_va = 0x73ae6fff entry_point = 0x73ae0000 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\SysWOW64\\ksuser.dll" (normalized: "c:\\windows\\syswow64\\ksuser.dll") Region: id = 337 start_va = 0x73af0000 end_va = 0x73af8fff entry_point = 0x73af0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\SysWOW64\\avrt.dll" (normalized: "c:\\windows\\syswow64\\avrt.dll") Region: id = 338 start_va = 0x6a0000 end_va = 0x6a0fff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 339 start_va = 0x6b0000 end_va = 0x6b0fff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 340 start_va = 0x6c0000 end_va = 0x6c0fff entry_point = 0x6c0000 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\SysWOW64\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wdmaud.drv.mui") Region: id = 341 start_va = 0x2440000 end_va = 0x2457fff entry_point = 0x2440000 region_type = mapped_file name = "hdaudio.pnf" filename = "\\Windows\\INF\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf") Region: id = 342 start_va = 0x2440000 end_va = 0x2440fff entry_point = 0x2440000 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mmdevapi.dll.mui") Region: id = 343 start_va = 0x73a70000 end_va = 0x73ad7fff entry_point = 0x73a70000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\SysWOW64\\AudioSes.dll" (normalized: "c:\\windows\\syswow64\\audioses.dll") Region: id = 344 start_va = 0x739a0000 end_va = 0x73a64fff entry_point = 0x739a0000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 345 start_va = 0x2450000 end_va = 0x2467fff entry_point = 0x2450000 region_type = mapped_file name = "hdaudio.pnf" filename = "\\Windows\\INF\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf") Region: id = 346 start_va = 0x73990000 end_va = 0x73998fff entry_point = 0x73990000 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\SysWOW64\\msacm32.drv" (normalized: "c:\\windows\\syswow64\\msacm32.drv") Region: id = 347 start_va = 0x73970000 end_va = 0x73987fff entry_point = 0x73970000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\SysWOW64\\msacm32.dll" (normalized: "c:\\windows\\syswow64\\msacm32.dll") Region: id = 348 start_va = 0x73960000 end_va = 0x73967fff entry_point = 0x73960000 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\SysWOW64\\midimap.dll" (normalized: "c:\\windows\\syswow64\\midimap.dll") Region: id = 349 start_va = 0x2450000 end_va = 0x2451fff entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 350 start_va = 0x2460000 end_va = 0x2469fff entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 351 start_va = 0x5340000 end_va = 0x537ffff entry_point = 0x0 region_type = private name = "private_0x0000000005340000" filename = "" Region: id = 352 start_va = 0x5380000 end_va = 0x547ffff entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 353 start_va = 0x5480000 end_va = 0x5481fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005480000" filename = "" Region: id = 354 start_va = 0x5490000 end_va = 0x5491fff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 355 start_va = 0x7fe4a000 end_va = 0x7fe4cfff entry_point = 0x0 region_type = private name = "private_0x000000007fe4a000" filename = "" Region: id = 356 start_va = 0x54a0000 end_va = 0x54dffff entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 357 start_va = 0x54e0000 end_va = 0x55dffff entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 358 start_va = 0x55e0000 end_va = 0x55e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055e0000" filename = "" Region: id = 359 start_va = 0x7fe47000 end_va = 0x7fe49fff entry_point = 0x0 region_type = private name = "private_0x000000007fe47000" filename = "" Region: id = 360 start_va = 0x55f0000 end_va = 0x55f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055f0000" filename = "" Region: id = 361 start_va = 0x5600000 end_va = 0x5601fff entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 362 start_va = 0x73920000 end_va = 0x7395afff entry_point = 0x73920000 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\SysWOW64\\adsldp.dll" (normalized: "c:\\windows\\syswow64\\adsldp.dll") Region: id = 363 start_va = 0x738a0000 end_va = 0x7391ffff entry_point = 0x738a0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 364 start_va = 0x5610000 end_va = 0x562bfff entry_point = 0x5610000 region_type = mapped_file name = "activeds.tlb" filename = "\\Windows\\SysWOW64\\activeds.tlb" (normalized: "c:\\windows\\syswow64\\activeds.tlb") Region: id = 365 start_va = 0x73890000 end_va = 0x73899fff entry_point = 0x73890000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 366 start_va = 0x5630000 end_va = 0x5631fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005630000" filename = "" Region: id = 367 start_va = 0x5640000 end_va = 0x5641fff entry_point = 0x0 region_type = private name = "private_0x0000000005640000" filename = "" Region: id = 368 start_va = 0x5650000 end_va = 0x5651fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005650000" filename = "" Region: id = 369 start_va = 0x5660000 end_va = 0x5661fff entry_point = 0x0 region_type = private name = "private_0x0000000005660000" filename = "" Region: id = 370 start_va = 0x5670000 end_va = 0x5729fff entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 371 start_va = 0x5730000 end_va = 0x5732fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005730000" filename = "" Region: id = 372 start_va = 0x5740000 end_va = 0x5741fff entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 373 start_va = 0x5750000 end_va = 0x5751fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005750000" filename = "" Region: id = 374 start_va = 0x5760000 end_va = 0x5761fff entry_point = 0x0 region_type = private name = "private_0x0000000005760000" filename = "" Region: id = 375 start_va = 0x5770000 end_va = 0x5771fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005770000" filename = "" Region: id = 376 start_va = 0x5780000 end_va = 0x5781fff entry_point = 0x0 region_type = private name = "private_0x0000000005780000" filename = "" Region: id = 377 start_va = 0x5790000 end_va = 0x584afff entry_point = 0x0 region_type = private name = "private_0x0000000005790000" filename = "" Region: id = 378 start_va = 0x5850000 end_va = 0x5852fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005850000" filename = "" Region: id = 379 start_va = 0x5860000 end_va = 0x5861fff entry_point = 0x0 region_type = private name = "private_0x0000000005860000" filename = "" Region: id = 380 start_va = 0x5870000 end_va = 0x5871fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005870000" filename = "" Region: id = 381 start_va = 0x5880000 end_va = 0x5881fff entry_point = 0x0 region_type = private name = "private_0x0000000005880000" filename = "" Region: id = 382 start_va = 0x5890000 end_va = 0x593efff entry_point = 0x0 region_type = private name = "private_0x0000000005890000" filename = "" Region: id = 383 start_va = 0x5940000 end_va = 0x5942fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005940000" filename = "" Region: id = 384 start_va = 0x5950000 end_va = 0x5951fff entry_point = 0x0 region_type = private name = "private_0x0000000005950000" filename = "" Region: id = 385 start_va = 0x5960000 end_va = 0x5a19fff entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 386 start_va = 0x5a20000 end_va = 0x5a22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005a20000" filename = "" Region: id = 387 start_va = 0x5a30000 end_va = 0x5a31fff entry_point = 0x0 region_type = private name = "private_0x0000000005a30000" filename = "" Region: id = 388 start_va = 0x5a40000 end_va = 0x5a43fff entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 389 start_va = 0x5a50000 end_va = 0x5a88fff entry_point = 0x5a50000 region_type = mapped_file name = "odbcint.dll" filename = "\\Windows\\SysWOW64\\odbcint.dll" (normalized: "c:\\windows\\syswow64\\odbcint.dll") Region: id = 390 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 391 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 392 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 393 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 394 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 395 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 396 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 397 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 398 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 399 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 400 start_va = 0x5a50000 end_va = 0x5b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 401 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 402 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 403 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 404 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 405 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 406 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 407 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 408 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 409 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 410 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 411 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 412 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 413 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 414 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 415 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 416 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 417 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 418 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 419 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 420 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 421 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 422 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 423 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 424 start_va = 0x5b60000 end_va = 0x5d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 425 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 426 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 427 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 428 start_va = 0x5b50000 end_va = 0x5b50fff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 429 start_va = 0x76a90000 end_va = 0x76c34fff entry_point = 0x76a90000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 430 start_va = 0x5d60000 end_va = 0x5d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d60000" filename = "" Region: id = 431 start_va = 0x5da0000 end_va = 0x5e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000005da0000" filename = "" Region: id = 432 start_va = 0x5ea0000 end_va = 0x632ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ea0000" filename = "" Region: id = 433 start_va = 0x7fe44000 end_va = 0x7fe46fff entry_point = 0x0 region_type = private name = "private_0x000000007fe44000" filename = "" Region: id = 434 start_va = 0x76d40000 end_va = 0x76d81fff entry_point = 0x76d40000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 435 start_va = 0x76d30000 end_va = 0x76d3dfff entry_point = 0x76d30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 436 start_va = 0x77ab0000 end_va = 0x77c24fff entry_point = 0x77ab0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 437 start_va = 0x3a0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 438 start_va = 0x2900000 end_va = 0x29fffff entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 439 start_va = 0x7fe4d000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe4d000" filename = "" Region: id = 440 start_va = 0x54a0000 end_va = 0x55c4fff entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 441 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 442 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 443 start_va = 0x520000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 444 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 445 start_va = 0x2e0000 end_va = 0x2e3fff entry_point = 0x2e0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 446 start_va = 0x7e0000 end_va = 0x822fff entry_point = 0x7e0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 447 start_va = 0x2f0000 end_va = 0x2f3fff entry_point = 0x2f0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 448 start_va = 0x830000 end_va = 0x8bafff entry_point = 0x830000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 449 start_va = 0x8c0000 end_va = 0x8d0fff entry_point = 0x8c0000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 450 start_va = 0x300000 end_va = 0x303fff entry_point = 0x300000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 451 start_va = 0x5ea0000 end_va = 0x5eb2fff entry_point = 0x5ea0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db") Region: id = 452 start_va = 0x5f20000 end_va = 0x632ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f20000" filename = "" Region: id = 453 start_va = 0x55d0000 end_va = 0x55d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055d0000" filename = "" Region: id = 454 start_va = 0x5ec0000 end_va = 0x5efffff entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 455 start_va = 0x6330000 end_va = 0x642ffff entry_point = 0x0 region_type = private name = "private_0x0000000006330000" filename = "" Region: id = 456 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 457 start_va = 0x6430000 end_va = 0x646ffff entry_point = 0x0 region_type = private name = "private_0x0000000006430000" filename = "" Region: id = 458 start_va = 0x6470000 end_va = 0x656ffff entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 459 start_va = 0x7fe47000 end_va = 0x7fe49fff entry_point = 0x0 region_type = private name = "private_0x000000007fe47000" filename = "" Region: id = 460 start_va = 0x6570000 end_va = 0x65affff entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 461 start_va = 0x65b0000 end_va = 0x66affff entry_point = 0x0 region_type = private name = "private_0x00000000065b0000" filename = "" Region: id = 462 start_va = 0x7fe41000 end_va = 0x7fe43fff entry_point = 0x0 region_type = private name = "private_0x000000007fe41000" filename = "" Region: id = 463 start_va = 0x300000 end_va = 0x300fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Thread: id = 1 os_tid = 0xe2c [0044.753] GetStartupInfoW (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0044.753] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0044.755] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0044.756] GetProcAddress (hModule=0x75260000, lpProcName="FlsAlloc") returned 0x7527a330 [0044.756] GetProcAddress (hModule=0x75260000, lpProcName="FlsGetValue") returned 0x75277580 [0044.756] GetProcAddress (hModule=0x75260000, lpProcName="FlsSetValue") returned 0x75279910 [0044.756] GetProcAddress (hModule=0x75260000, lpProcName="FlsFree") returned 0x7527f400 [0044.761] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0044.762] GetCurrentThreadId () returned 0xe2c [0044.762] GetStartupInfoW (in: lpStartupInfo=0x19fea0 | out: lpStartupInfo=0x19fea0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0044.762] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0044.762] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0044.762] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0044.763] SetHandleCount (uNumber=0x20) returned 0x20 [0044.763] GetCommandLineA () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe\" " [0044.763] GetEnvironmentStringsW () returned 0x701d10* [0044.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1331, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1331 [0044.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1331, lpMultiByteStr=0x2471038, cbMultiByte=1331, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1331 [0044.763] FreeEnvironmentStringsW (penv=0x701d10) returned 1 [0044.763] GetLastError () returned 0xcb [0044.763] SetLastError (dwErrCode=0xcb) [0044.763] GetLastError () returned 0xcb [0044.764] SetLastError (dwErrCode=0xcb) [0044.764] GetLastError () returned 0xcb [0044.764] SetLastError (dwErrCode=0xcb) [0044.764] GetACP () returned 0x4e4 [0044.764] GetLastError () returned 0xcb [0044.764] SetLastError (dwErrCode=0xcb) [0044.764] IsValidCodePage (CodePage=0x4e4) returned 1 [0044.764] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe50 | out: lpCPInfo=0x19fe50) returned 1 [0044.764] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f914 | out: lpCPInfo=0x19f914) returned 1 [0044.764] GetLastError () returned 0xcb [0044.764] SetLastError (dwErrCode=0xcb) [0044.764] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0044.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x24717f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0044.765] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpCharType=0x19fc34 | out: lpCharType=0x19fc34) returned 1 [0044.765] GetLastError () returned 0xcb [0044.765] SetLastError (dwErrCode=0xcb) [0044.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0044.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x24717f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0044.765] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0044.766] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2471a28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0044.766] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fb34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0044.766] GetLastError () returned 0xcb [0044.766] SetLastError (dwErrCode=0xcb) [0044.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0044.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x24717f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0044.766] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0044.766] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2471a28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽") returned 256 [0044.766] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fa34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x48\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x68\x02\x28\x02\x28\x02\x28\x02\x28\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x48\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02\x20\x02", lpUsedDefaultChar=0x0) returned 256 [0044.767] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x463700, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe")) returned 0x29 [0044.767] GetLastError () returned 0x0 [0044.767] SetLastError (dwErrCode=0x0) [0044.767] GetLastError () returned 0x0 [0044.767] SetLastError (dwErrCode=0x0) [0044.767] GetLastError () returned 0x0 [0044.767] SetLastError (dwErrCode=0x0) [0044.767] GetLastError () returned 0x0 [0044.767] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.768] GetLastError () returned 0x0 [0044.768] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.769] GetLastError () returned 0x0 [0044.769] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.770] GetLastError () returned 0x0 [0044.770] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.771] SetLastError (dwErrCode=0x0) [0044.771] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.772] SetLastError (dwErrCode=0x0) [0044.772] GetLastError () returned 0x0 [0044.773] SetLastError (dwErrCode=0x0) [0044.773] GetLastError () returned 0x0 [0044.773] SetLastError (dwErrCode=0x0) [0044.773] GetLastError () returned 0x0 [0044.785] SetLastError (dwErrCode=0x0) [0044.785] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.786] GetLastError () returned 0x0 [0044.786] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.787] SetLastError (dwErrCode=0x0) [0044.787] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.788] GetLastError () returned 0x0 [0044.788] SetLastError (dwErrCode=0x0) [0044.790] GetLastError () returned 0x0 [0044.790] SetLastError (dwErrCode=0x0) [0044.790] GetLastError () returned 0x0 [0044.790] SetLastError (dwErrCode=0x0) [0044.790] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.791] SetLastError (dwErrCode=0x0) [0044.791] GetLastError () returned 0x0 [0044.792] SetLastError (dwErrCode=0x0) [0044.792] GetLastError () returned 0x0 [0044.792] SetLastError (dwErrCode=0x0) [0044.796] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0044.796] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0044.796] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x435a30) returned 0x0 [0044.798] GetLastError () returned 0x0 [0044.798] SetLastError (dwErrCode=0x0) [0044.798] GetLastError () returned 0x0 [0044.798] SetLastError (dwErrCode=0x0) [0044.798] GetCurrentProcessId () returned 0xe28 [0044.798] GetLastError () returned 0x0 [0044.798] SetLastError (dwErrCode=0x0) [0044.798] GetLastError () returned 0x0 [0044.798] SetLastError (dwErrCode=0x0) [0044.798] GetLastError () returned 0x0 [0044.798] SetLastError (dwErrCode=0x0) [0044.799] GetLastError () returned 0x0 [0044.799] SetLastError (dwErrCode=0x0) [0044.799] GetLastError () returned 0x0 [0044.799] SetLastError (dwErrCode=0x0) [0044.799] GetCurrentThread () returned 0xfffffffe [0044.799] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x6, OpenAsSelf=1, TokenHandle=0x19fd78 | out: TokenHandle=0x19fd78*=0x0) returned 0 [0044.800] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400000, lpName="AtlDebugAllocator_FileMappingNameStatic_100_e28") returned 0x1e4 [0044.800] GetLastError () returned 0x0 [0044.800] MapViewOfFile (hFileMappingObject=0x1e4, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2480000 [0044.800] GetSystemInfo (in: lpSystemInfo=0x19fd50 | out: lpSystemInfo=0x19fd50*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0044.800] VirtualAlloc (lpAddress=0x2480000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2480000 [0044.801] GetCurrentProcessId () returned 0xe28 [0044.801] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fafc, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe")) returned 0x29 [0044.802] VirtualAlloc (lpAddress=0x2481000, dwSize=0x2990, flAllocationType=0x1000, flProtect=0x4) returned 0x2481000 [0044.802] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19fc48, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe")) returned 0x29 [0044.802] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.803] lstrlenA (lpString="atlTraceGeneral") returned 15 [0044.803] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bb90, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceGeneral") returned 16 [0044.804] VirtualAlloc (lpAddress=0x287fa10, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x287f000 [0044.805] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.805] lstrlenA (lpString="atlTraceCOM") returned 11 [0044.805] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bba0, cbMultiByte=12, lpWideCharStr=0x19fd88, cchWideChar=12 | out: lpWideCharStr="atlTraceCOM") returned 12 [0044.805] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.805] lstrlenA (lpString="atlTraceQI") returned 10 [0044.805] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbac, cbMultiByte=11, lpWideCharStr=0x19fd88, cchWideChar=11 | out: lpWideCharStr="atlTraceQI") returned 11 [0044.806] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.806] lstrlenA (lpString="atlTraceRegistrar") returned 17 [0044.806] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbb8, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceRegistrar") returned 18 [0044.806] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.806] lstrlenA (lpString="atlTraceRefcount") returned 16 [0044.806] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbcc, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceRefcount") returned 17 [0044.806] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.806] lstrlenA (lpString="atlTraceWindowing") returned 17 [0044.806] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbe0, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceWindowing") returned 18 [0044.806] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.807] lstrlenA (lpString="atlTraceControls") returned 16 [0044.807] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbf4, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceControls") returned 17 [0044.807] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.807] lstrlenA (lpString="atlTraceHosting") returned 15 [0044.807] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc08, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceHosting") returned 16 [0044.807] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.807] lstrlenA (lpString="atlTraceDBClient") returned 16 [0044.807] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc18, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceDBClient") returned 17 [0044.807] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.807] lstrlenA (lpString="atlTraceDBProvider") returned 18 [0044.807] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc2c, cbMultiByte=19, lpWideCharStr=0x19fd88, cchWideChar=19 | out: lpWideCharStr="atlTraceDBProvider") returned 19 [0044.808] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.808] lstrlenA (lpString="atlTraceSnapin") returned 14 [0044.808] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc40, cbMultiByte=15, lpWideCharStr=0x19fd88, cchWideChar=15 | out: lpWideCharStr="atlTraceSnapin") returned 15 [0044.808] VirtualAlloc (lpAddress=0x287f420, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x287f000 [0044.808] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.808] lstrlenA (lpString="atlTraceNotImpl") returned 15 [0044.809] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc50, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceNotImpl") returned 16 [0044.809] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.809] lstrlenA (lpString="atlTraceAllocation") returned 18 [0044.809] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc60, cbMultiByte=19, lpWideCharStr=0x19fd88, cchWideChar=19 | out: lpWideCharStr="atlTraceAllocation") returned 19 [0044.809] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.809] lstrlenA (lpString="atlTraceException") returned 17 [0044.809] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc74, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceException") returned 18 [0044.809] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.809] lstrlenA (lpString="atlTraceTime") returned 12 [0044.809] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc88, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceTime") returned 13 [0044.810] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.810] lstrlenA (lpString="atlTraceCache") returned 13 [0044.810] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc98, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceCache") returned 14 [0044.810] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.810] lstrlenA (lpString="atlTraceStencil") returned 15 [0044.810] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bca8, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceStencil") returned 16 [0044.810] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.810] lstrlenA (lpString="atlTraceString") returned 14 [0044.810] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcb8, cbMultiByte=15, lpWideCharStr=0x19fd88, cchWideChar=15 | out: lpWideCharStr="atlTraceString") returned 15 [0044.810] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.811] lstrlenA (lpString="atlTraceMap") returned 11 [0044.811] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcc8, cbMultiByte=12, lpWideCharStr=0x19fd88, cchWideChar=12 | out: lpWideCharStr="atlTraceMap") returned 12 [0044.811] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.811] lstrlenA (lpString="atlTraceUtil") returned 12 [0044.811] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcd4, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceUtil") returned 13 [0044.811] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.811] lstrlenA (lpString="atlTraceSecurity") returned 16 [0044.811] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bce4, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceSecurity") returned 17 [0044.811] VirtualAlloc (lpAddress=0x287ee30, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x287e000 [0044.813] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.813] lstrlenA (lpString="atlTraceSync") returned 12 [0044.813] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcf8, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceSync") returned 13 [0044.816] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.816] lstrlenA (lpString="atlTraceISAPI") returned 13 [0044.816] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd08, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceISAPI") returned 14 [0044.816] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.816] lstrlenA (lpString="atlTraceUser") returned 12 [0044.817] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd18, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceUser") returned 13 [0044.817] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.817] lstrlenA (lpString="atlTraceUser2") returned 13 [0044.817] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd28, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser2") returned 14 [0044.817] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.818] lstrlenA (lpString="atlTraceUser3") returned 13 [0044.818] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd38, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser3") returned 14 [0044.818] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.818] lstrlenA (lpString="atlTraceUser4") returned 13 [0044.818] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd48, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser4") returned 14 [0044.819] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.820] lstrlenA (lpString="atlTraceUI") returned 10 [0044.822] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x456fd0, cbMultiByte=11, lpWideCharStr=0x19fd88, cchWideChar=11 | out: lpWideCharStr="atlTraceUI") returned 11 [0044.823] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0044.824] GetLastError () returned 0x2 [0044.825] SetLastError (dwErrCode=0x2) [0044.826] GetLastError () returned 0x2 [0044.826] SetLastError (dwErrCode=0x2) [0044.826] GetLastError () returned 0x2 [0044.826] SetLastError (dwErrCode=0x2) [0044.826] GetLastError () returned 0x2 [0044.827] SetLastError (dwErrCode=0x2) [0044.827] GetLastError () returned 0x2 [0044.827] SetLastError (dwErrCode=0x2) [0044.827] GetLastError () returned 0x2 [0044.827] SetLastError (dwErrCode=0x2) [0044.827] GetLastError () returned 0x2 [0044.828] SetLastError (dwErrCode=0x2) [0044.828] GetLastError () returned 0x2 [0044.828] SetLastError (dwErrCode=0x2) [0044.828] GetLastError () returned 0x2 [0044.828] SetLastError (dwErrCode=0x2) [0044.828] GetLastError () returned 0x2 [0044.828] SetLastError (dwErrCode=0x2) [0044.828] GetLastError () returned 0x2 [0044.828] SetLastError (dwErrCode=0x2) [0044.828] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.829] SetLastError (dwErrCode=0x2) [0044.829] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.830] SetLastError (dwErrCode=0x2) [0044.830] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] GetLastError () returned 0x2 [0044.831] SetLastError (dwErrCode=0x2) [0044.831] CoInitialize (pvReserved=0x0) returned 0x0 [0045.697] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0045.698] InitCommonControlsEx (picce=0x19febc) returned 1 [0045.698] GetCurrentThreadId () returned 0xe2c [0045.699] GetCurrentThreadId () returned 0xe2c [0045.699] GetCurrentThreadId () returned 0xe2c [0045.700] SetRectEmpty (in: lprc=0x19fe60 | out: lprc=0x19fe60) returned 1 [0045.700] SetRectEmpty (in: lprc=0x19fea0 | out: lprc=0x19fea0) returned 1 [0045.700] IsProcessorFeaturePresent (ProcessorFeature=0xc) returned 1 [0045.700] RtlInterlockedPopEntrySList (in: ListHead=0x6e5258 | out: ListHead=0x6e5258) returned 0x0 [0045.700] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x330000 [0045.701] RtlInterlockedPopEntrySList (in: ListHead=0x6e5258 | out: ListHead=0x6e5258) returned 0x0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330000 | out: ListHead=0x6e5258, ListEntry=0x330000) returned 0x0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330010 | out: ListHead=0x6e5258, ListEntry=0x330010) returned 0x330000 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330020 | out: ListHead=0x6e5258, ListEntry=0x330020) returned 0x330010 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330030 | out: ListHead=0x6e5258, ListEntry=0x330030) returned 0x330020 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330040 | out: ListHead=0x6e5258, ListEntry=0x330040) returned 0x330030 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330050 | out: ListHead=0x6e5258, ListEntry=0x330050) returned 0x330040 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330060 | out: ListHead=0x6e5258, ListEntry=0x330060) returned 0x330050 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330070 | out: ListHead=0x6e5258, ListEntry=0x330070) returned 0x330060 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330080 | out: ListHead=0x6e5258, ListEntry=0x330080) returned 0x330070 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330090 | out: ListHead=0x6e5258, ListEntry=0x330090) returned 0x330080 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3300a0 | out: ListHead=0x6e5258, ListEntry=0x3300a0) returned 0x330090 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3300b0 | out: ListHead=0x6e5258, ListEntry=0x3300b0) returned 0x3300a0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3300c0 | out: ListHead=0x6e5258, ListEntry=0x3300c0) returned 0x3300b0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3300d0 | out: ListHead=0x6e5258, ListEntry=0x3300d0) returned 0x3300c0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3300e0 | out: ListHead=0x6e5258, ListEntry=0x3300e0) returned 0x3300d0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3300f0 | out: ListHead=0x6e5258, ListEntry=0x3300f0) returned 0x3300e0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330100 | out: ListHead=0x6e5258, ListEntry=0x330100) returned 0x3300f0 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330110 | out: ListHead=0x6e5258, ListEntry=0x330110) returned 0x330100 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330120 | out: ListHead=0x6e5258, ListEntry=0x330120) returned 0x330110 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330130 | out: ListHead=0x6e5258, ListEntry=0x330130) returned 0x330120 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330140 | out: ListHead=0x6e5258, ListEntry=0x330140) returned 0x330130 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330150 | out: ListHead=0x6e5258, ListEntry=0x330150) returned 0x330140 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330160 | out: ListHead=0x6e5258, ListEntry=0x330160) returned 0x330150 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330170 | out: ListHead=0x6e5258, ListEntry=0x330170) returned 0x330160 [0045.701] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330180 | out: ListHead=0x6e5258, ListEntry=0x330180) returned 0x330170 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330190 | out: ListHead=0x6e5258, ListEntry=0x330190) returned 0x330180 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3301a0 | out: ListHead=0x6e5258, ListEntry=0x3301a0) returned 0x330190 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3301b0 | out: ListHead=0x6e5258, ListEntry=0x3301b0) returned 0x3301a0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3301c0 | out: ListHead=0x6e5258, ListEntry=0x3301c0) returned 0x3301b0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3301d0 | out: ListHead=0x6e5258, ListEntry=0x3301d0) returned 0x3301c0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3301e0 | out: ListHead=0x6e5258, ListEntry=0x3301e0) returned 0x3301d0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3301f0 | out: ListHead=0x6e5258, ListEntry=0x3301f0) returned 0x3301e0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330200 | out: ListHead=0x6e5258, ListEntry=0x330200) returned 0x3301f0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330210 | out: ListHead=0x6e5258, ListEntry=0x330210) returned 0x330200 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330220 | out: ListHead=0x6e5258, ListEntry=0x330220) returned 0x330210 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330230 | out: ListHead=0x6e5258, ListEntry=0x330230) returned 0x330220 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330240 | out: ListHead=0x6e5258, ListEntry=0x330240) returned 0x330230 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330250 | out: ListHead=0x6e5258, ListEntry=0x330250) returned 0x330240 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330260 | out: ListHead=0x6e5258, ListEntry=0x330260) returned 0x330250 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330270 | out: ListHead=0x6e5258, ListEntry=0x330270) returned 0x330260 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330280 | out: ListHead=0x6e5258, ListEntry=0x330280) returned 0x330270 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330290 | out: ListHead=0x6e5258, ListEntry=0x330290) returned 0x330280 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3302a0 | out: ListHead=0x6e5258, ListEntry=0x3302a0) returned 0x330290 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3302b0 | out: ListHead=0x6e5258, ListEntry=0x3302b0) returned 0x3302a0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3302c0 | out: ListHead=0x6e5258, ListEntry=0x3302c0) returned 0x3302b0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3302d0 | out: ListHead=0x6e5258, ListEntry=0x3302d0) returned 0x3302c0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3302e0 | out: ListHead=0x6e5258, ListEntry=0x3302e0) returned 0x3302d0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3302f0 | out: ListHead=0x6e5258, ListEntry=0x3302f0) returned 0x3302e0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330300 | out: ListHead=0x6e5258, ListEntry=0x330300) returned 0x3302f0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330310 | out: ListHead=0x6e5258, ListEntry=0x330310) returned 0x330300 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330320 | out: ListHead=0x6e5258, ListEntry=0x330320) returned 0x330310 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330330 | out: ListHead=0x6e5258, ListEntry=0x330330) returned 0x330320 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330340 | out: ListHead=0x6e5258, ListEntry=0x330340) returned 0x330330 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330350 | out: ListHead=0x6e5258, ListEntry=0x330350) returned 0x330340 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330360 | out: ListHead=0x6e5258, ListEntry=0x330360) returned 0x330350 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330370 | out: ListHead=0x6e5258, ListEntry=0x330370) returned 0x330360 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330380 | out: ListHead=0x6e5258, ListEntry=0x330380) returned 0x330370 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330390 | out: ListHead=0x6e5258, ListEntry=0x330390) returned 0x330380 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3303a0 | out: ListHead=0x6e5258, ListEntry=0x3303a0) returned 0x330390 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3303b0 | out: ListHead=0x6e5258, ListEntry=0x3303b0) returned 0x3303a0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3303c0 | out: ListHead=0x6e5258, ListEntry=0x3303c0) returned 0x3303b0 [0045.702] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3303d0 | out: ListHead=0x6e5258, ListEntry=0x3303d0) returned 0x3303c0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3303e0 | out: ListHead=0x6e5258, ListEntry=0x3303e0) returned 0x3303d0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3303f0 | out: ListHead=0x6e5258, ListEntry=0x3303f0) returned 0x3303e0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330400 | out: ListHead=0x6e5258, ListEntry=0x330400) returned 0x3303f0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330410 | out: ListHead=0x6e5258, ListEntry=0x330410) returned 0x330400 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330420 | out: ListHead=0x6e5258, ListEntry=0x330420) returned 0x330410 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330430 | out: ListHead=0x6e5258, ListEntry=0x330430) returned 0x330420 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330440 | out: ListHead=0x6e5258, ListEntry=0x330440) returned 0x330430 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330450 | out: ListHead=0x6e5258, ListEntry=0x330450) returned 0x330440 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330460 | out: ListHead=0x6e5258, ListEntry=0x330460) returned 0x330450 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330470 | out: ListHead=0x6e5258, ListEntry=0x330470) returned 0x330460 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330480 | out: ListHead=0x6e5258, ListEntry=0x330480) returned 0x330470 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330490 | out: ListHead=0x6e5258, ListEntry=0x330490) returned 0x330480 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3304a0 | out: ListHead=0x6e5258, ListEntry=0x3304a0) returned 0x330490 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3304b0 | out: ListHead=0x6e5258, ListEntry=0x3304b0) returned 0x3304a0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3304c0 | out: ListHead=0x6e5258, ListEntry=0x3304c0) returned 0x3304b0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3304d0 | out: ListHead=0x6e5258, ListEntry=0x3304d0) returned 0x3304c0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3304e0 | out: ListHead=0x6e5258, ListEntry=0x3304e0) returned 0x3304d0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3304f0 | out: ListHead=0x6e5258, ListEntry=0x3304f0) returned 0x3304e0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330500 | out: ListHead=0x6e5258, ListEntry=0x330500) returned 0x3304f0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330510 | out: ListHead=0x6e5258, ListEntry=0x330510) returned 0x330500 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330520 | out: ListHead=0x6e5258, ListEntry=0x330520) returned 0x330510 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330530 | out: ListHead=0x6e5258, ListEntry=0x330530) returned 0x330520 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330540 | out: ListHead=0x6e5258, ListEntry=0x330540) returned 0x330530 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330550 | out: ListHead=0x6e5258, ListEntry=0x330550) returned 0x330540 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330560 | out: ListHead=0x6e5258, ListEntry=0x330560) returned 0x330550 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330570 | out: ListHead=0x6e5258, ListEntry=0x330570) returned 0x330560 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330580 | out: ListHead=0x6e5258, ListEntry=0x330580) returned 0x330570 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330590 | out: ListHead=0x6e5258, ListEntry=0x330590) returned 0x330580 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3305a0 | out: ListHead=0x6e5258, ListEntry=0x3305a0) returned 0x330590 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3305b0 | out: ListHead=0x6e5258, ListEntry=0x3305b0) returned 0x3305a0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3305c0 | out: ListHead=0x6e5258, ListEntry=0x3305c0) returned 0x3305b0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3305d0 | out: ListHead=0x6e5258, ListEntry=0x3305d0) returned 0x3305c0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3305e0 | out: ListHead=0x6e5258, ListEntry=0x3305e0) returned 0x3305d0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3305f0 | out: ListHead=0x6e5258, ListEntry=0x3305f0) returned 0x3305e0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330600 | out: ListHead=0x6e5258, ListEntry=0x330600) returned 0x3305f0 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330610 | out: ListHead=0x6e5258, ListEntry=0x330610) returned 0x330600 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330620 | out: ListHead=0x6e5258, ListEntry=0x330620) returned 0x330610 [0045.703] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330630 | out: ListHead=0x6e5258, ListEntry=0x330630) returned 0x330620 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330640 | out: ListHead=0x6e5258, ListEntry=0x330640) returned 0x330630 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330650 | out: ListHead=0x6e5258, ListEntry=0x330650) returned 0x330640 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330660 | out: ListHead=0x6e5258, ListEntry=0x330660) returned 0x330650 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330670 | out: ListHead=0x6e5258, ListEntry=0x330670) returned 0x330660 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330680 | out: ListHead=0x6e5258, ListEntry=0x330680) returned 0x330670 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330690 | out: ListHead=0x6e5258, ListEntry=0x330690) returned 0x330680 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3306a0 | out: ListHead=0x6e5258, ListEntry=0x3306a0) returned 0x330690 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3306b0 | out: ListHead=0x6e5258, ListEntry=0x3306b0) returned 0x3306a0 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3306c0 | out: ListHead=0x6e5258, ListEntry=0x3306c0) returned 0x3306b0 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3306d0 | out: ListHead=0x6e5258, ListEntry=0x3306d0) returned 0x3306c0 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3306e0 | out: ListHead=0x6e5258, ListEntry=0x3306e0) returned 0x3306d0 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3306f0 | out: ListHead=0x6e5258, ListEntry=0x3306f0) returned 0x3306e0 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330700 | out: ListHead=0x6e5258, ListEntry=0x330700) returned 0x3306f0 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330710 | out: ListHead=0x6e5258, ListEntry=0x330710) returned 0x330700 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330720 | out: ListHead=0x6e5258, ListEntry=0x330720) returned 0x330710 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330730 | out: ListHead=0x6e5258, ListEntry=0x330730) returned 0x330720 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330740 | out: ListHead=0x6e5258, ListEntry=0x330740) returned 0x330730 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330750 | out: ListHead=0x6e5258, ListEntry=0x330750) returned 0x330740 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330760 | out: ListHead=0x6e5258, ListEntry=0x330760) returned 0x330750 [0045.704] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330770 | out: ListHead=0x6e5258, ListEntry=0x330770) returned 0x330760 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330780 | out: ListHead=0x6e5258, ListEntry=0x330780) returned 0x330770 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330790 | out: ListHead=0x6e5258, ListEntry=0x330790) returned 0x330780 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3307a0 | out: ListHead=0x6e5258, ListEntry=0x3307a0) returned 0x330790 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3307b0 | out: ListHead=0x6e5258, ListEntry=0x3307b0) returned 0x3307a0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3307c0 | out: ListHead=0x6e5258, ListEntry=0x3307c0) returned 0x3307b0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3307d0 | out: ListHead=0x6e5258, ListEntry=0x3307d0) returned 0x3307c0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3307e0 | out: ListHead=0x6e5258, ListEntry=0x3307e0) returned 0x3307d0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3307f0 | out: ListHead=0x6e5258, ListEntry=0x3307f0) returned 0x3307e0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330800 | out: ListHead=0x6e5258, ListEntry=0x330800) returned 0x3307f0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330810 | out: ListHead=0x6e5258, ListEntry=0x330810) returned 0x330800 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330820 | out: ListHead=0x6e5258, ListEntry=0x330820) returned 0x330810 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330830 | out: ListHead=0x6e5258, ListEntry=0x330830) returned 0x330820 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330840 | out: ListHead=0x6e5258, ListEntry=0x330840) returned 0x330830 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330850 | out: ListHead=0x6e5258, ListEntry=0x330850) returned 0x330840 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330860 | out: ListHead=0x6e5258, ListEntry=0x330860) returned 0x330850 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330870 | out: ListHead=0x6e5258, ListEntry=0x330870) returned 0x330860 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330880 | out: ListHead=0x6e5258, ListEntry=0x330880) returned 0x330870 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330890 | out: ListHead=0x6e5258, ListEntry=0x330890) returned 0x330880 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3308a0 | out: ListHead=0x6e5258, ListEntry=0x3308a0) returned 0x330890 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3308b0 | out: ListHead=0x6e5258, ListEntry=0x3308b0) returned 0x3308a0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3308c0 | out: ListHead=0x6e5258, ListEntry=0x3308c0) returned 0x3308b0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3308d0 | out: ListHead=0x6e5258, ListEntry=0x3308d0) returned 0x3308c0 [0045.705] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3308e0 | out: ListHead=0x6e5258, ListEntry=0x3308e0) returned 0x3308d0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3308f0 | out: ListHead=0x6e5258, ListEntry=0x3308f0) returned 0x3308e0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330900 | out: ListHead=0x6e5258, ListEntry=0x330900) returned 0x3308f0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330910 | out: ListHead=0x6e5258, ListEntry=0x330910) returned 0x330900 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330920 | out: ListHead=0x6e5258, ListEntry=0x330920) returned 0x330910 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330930 | out: ListHead=0x6e5258, ListEntry=0x330930) returned 0x330920 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330940 | out: ListHead=0x6e5258, ListEntry=0x330940) returned 0x330930 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330950 | out: ListHead=0x6e5258, ListEntry=0x330950) returned 0x330940 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330960 | out: ListHead=0x6e5258, ListEntry=0x330960) returned 0x330950 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330970 | out: ListHead=0x6e5258, ListEntry=0x330970) returned 0x330960 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330980 | out: ListHead=0x6e5258, ListEntry=0x330980) returned 0x330970 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330990 | out: ListHead=0x6e5258, ListEntry=0x330990) returned 0x330980 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3309a0 | out: ListHead=0x6e5258, ListEntry=0x3309a0) returned 0x330990 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3309b0 | out: ListHead=0x6e5258, ListEntry=0x3309b0) returned 0x3309a0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3309c0 | out: ListHead=0x6e5258, ListEntry=0x3309c0) returned 0x3309b0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3309d0 | out: ListHead=0x6e5258, ListEntry=0x3309d0) returned 0x3309c0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3309e0 | out: ListHead=0x6e5258, ListEntry=0x3309e0) returned 0x3309d0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x3309f0 | out: ListHead=0x6e5258, ListEntry=0x3309f0) returned 0x3309e0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a00 | out: ListHead=0x6e5258, ListEntry=0x330a00) returned 0x3309f0 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a10 | out: ListHead=0x6e5258, ListEntry=0x330a10) returned 0x330a00 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a20 | out: ListHead=0x6e5258, ListEntry=0x330a20) returned 0x330a10 [0045.706] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a30 | out: ListHead=0x6e5258, ListEntry=0x330a30) returned 0x330a20 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a40 | out: ListHead=0x6e5258, ListEntry=0x330a40) returned 0x330a30 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a50 | out: ListHead=0x6e5258, ListEntry=0x330a50) returned 0x330a40 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a60 | out: ListHead=0x6e5258, ListEntry=0x330a60) returned 0x330a50 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a70 | out: ListHead=0x6e5258, ListEntry=0x330a70) returned 0x330a60 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a80 | out: ListHead=0x6e5258, ListEntry=0x330a80) returned 0x330a70 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330a90 | out: ListHead=0x6e5258, ListEntry=0x330a90) returned 0x330a80 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330aa0 | out: ListHead=0x6e5258, ListEntry=0x330aa0) returned 0x330a90 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ab0 | out: ListHead=0x6e5258, ListEntry=0x330ab0) returned 0x330aa0 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ac0 | out: ListHead=0x6e5258, ListEntry=0x330ac0) returned 0x330ab0 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ad0 | out: ListHead=0x6e5258, ListEntry=0x330ad0) returned 0x330ac0 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ae0 | out: ListHead=0x6e5258, ListEntry=0x330ae0) returned 0x330ad0 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330af0 | out: ListHead=0x6e5258, ListEntry=0x330af0) returned 0x330ae0 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b00 | out: ListHead=0x6e5258, ListEntry=0x330b00) returned 0x330af0 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b10 | out: ListHead=0x6e5258, ListEntry=0x330b10) returned 0x330b00 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b20 | out: ListHead=0x6e5258, ListEntry=0x330b20) returned 0x330b10 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b30 | out: ListHead=0x6e5258, ListEntry=0x330b30) returned 0x330b20 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b40 | out: ListHead=0x6e5258, ListEntry=0x330b40) returned 0x330b30 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b50 | out: ListHead=0x6e5258, ListEntry=0x330b50) returned 0x330b40 [0045.707] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b60 | out: ListHead=0x6e5258, ListEntry=0x330b60) returned 0x330b50 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b70 | out: ListHead=0x6e5258, ListEntry=0x330b70) returned 0x330b60 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b80 | out: ListHead=0x6e5258, ListEntry=0x330b80) returned 0x330b70 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330b90 | out: ListHead=0x6e5258, ListEntry=0x330b90) returned 0x330b80 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ba0 | out: ListHead=0x6e5258, ListEntry=0x330ba0) returned 0x330b90 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330bb0 | out: ListHead=0x6e5258, ListEntry=0x330bb0) returned 0x330ba0 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330bc0 | out: ListHead=0x6e5258, ListEntry=0x330bc0) returned 0x330bb0 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330bd0 | out: ListHead=0x6e5258, ListEntry=0x330bd0) returned 0x330bc0 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330be0 | out: ListHead=0x6e5258, ListEntry=0x330be0) returned 0x330bd0 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330bf0 | out: ListHead=0x6e5258, ListEntry=0x330bf0) returned 0x330be0 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c00 | out: ListHead=0x6e5258, ListEntry=0x330c00) returned 0x330bf0 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c10 | out: ListHead=0x6e5258, ListEntry=0x330c10) returned 0x330c00 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c20 | out: ListHead=0x6e5258, ListEntry=0x330c20) returned 0x330c10 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c30 | out: ListHead=0x6e5258, ListEntry=0x330c30) returned 0x330c20 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c40 | out: ListHead=0x6e5258, ListEntry=0x330c40) returned 0x330c30 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c50 | out: ListHead=0x6e5258, ListEntry=0x330c50) returned 0x330c40 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c60 | out: ListHead=0x6e5258, ListEntry=0x330c60) returned 0x330c50 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c70 | out: ListHead=0x6e5258, ListEntry=0x330c70) returned 0x330c60 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c80 | out: ListHead=0x6e5258, ListEntry=0x330c80) returned 0x330c70 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330c90 | out: ListHead=0x6e5258, ListEntry=0x330c90) returned 0x330c80 [0045.708] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ca0 | out: ListHead=0x6e5258, ListEntry=0x330ca0) returned 0x330c90 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330cb0 | out: ListHead=0x6e5258, ListEntry=0x330cb0) returned 0x330ca0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330cc0 | out: ListHead=0x6e5258, ListEntry=0x330cc0) returned 0x330cb0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330cd0 | out: ListHead=0x6e5258, ListEntry=0x330cd0) returned 0x330cc0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ce0 | out: ListHead=0x6e5258, ListEntry=0x330ce0) returned 0x330cd0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330cf0 | out: ListHead=0x6e5258, ListEntry=0x330cf0) returned 0x330ce0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d00 | out: ListHead=0x6e5258, ListEntry=0x330d00) returned 0x330cf0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d10 | out: ListHead=0x6e5258, ListEntry=0x330d10) returned 0x330d00 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d20 | out: ListHead=0x6e5258, ListEntry=0x330d20) returned 0x330d10 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d30 | out: ListHead=0x6e5258, ListEntry=0x330d30) returned 0x330d20 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d40 | out: ListHead=0x6e5258, ListEntry=0x330d40) returned 0x330d30 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d50 | out: ListHead=0x6e5258, ListEntry=0x330d50) returned 0x330d40 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d60 | out: ListHead=0x6e5258, ListEntry=0x330d60) returned 0x330d50 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d70 | out: ListHead=0x6e5258, ListEntry=0x330d70) returned 0x330d60 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d80 | out: ListHead=0x6e5258, ListEntry=0x330d80) returned 0x330d70 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330d90 | out: ListHead=0x6e5258, ListEntry=0x330d90) returned 0x330d80 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330da0 | out: ListHead=0x6e5258, ListEntry=0x330da0) returned 0x330d90 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330db0 | out: ListHead=0x6e5258, ListEntry=0x330db0) returned 0x330da0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330dc0 | out: ListHead=0x6e5258, ListEntry=0x330dc0) returned 0x330db0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330dd0 | out: ListHead=0x6e5258, ListEntry=0x330dd0) returned 0x330dc0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330de0 | out: ListHead=0x6e5258, ListEntry=0x330de0) returned 0x330dd0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330df0 | out: ListHead=0x6e5258, ListEntry=0x330df0) returned 0x330de0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e00 | out: ListHead=0x6e5258, ListEntry=0x330e00) returned 0x330df0 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e10 | out: ListHead=0x6e5258, ListEntry=0x330e10) returned 0x330e00 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e20 | out: ListHead=0x6e5258, ListEntry=0x330e20) returned 0x330e10 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e30 | out: ListHead=0x6e5258, ListEntry=0x330e30) returned 0x330e20 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e40 | out: ListHead=0x6e5258, ListEntry=0x330e40) returned 0x330e30 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e50 | out: ListHead=0x6e5258, ListEntry=0x330e50) returned 0x330e40 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e60 | out: ListHead=0x6e5258, ListEntry=0x330e60) returned 0x330e50 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e70 | out: ListHead=0x6e5258, ListEntry=0x330e70) returned 0x330e60 [0045.709] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e80 | out: ListHead=0x6e5258, ListEntry=0x330e80) returned 0x330e70 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330e90 | out: ListHead=0x6e5258, ListEntry=0x330e90) returned 0x330e80 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ea0 | out: ListHead=0x6e5258, ListEntry=0x330ea0) returned 0x330e90 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330eb0 | out: ListHead=0x6e5258, ListEntry=0x330eb0) returned 0x330ea0 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ec0 | out: ListHead=0x6e5258, ListEntry=0x330ec0) returned 0x330eb0 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ed0 | out: ListHead=0x6e5258, ListEntry=0x330ed0) returned 0x330ec0 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ee0 | out: ListHead=0x6e5258, ListEntry=0x330ee0) returned 0x330ed0 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330ef0 | out: ListHead=0x6e5258, ListEntry=0x330ef0) returned 0x330ee0 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f00 | out: ListHead=0x6e5258, ListEntry=0x330f00) returned 0x330ef0 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f10 | out: ListHead=0x6e5258, ListEntry=0x330f10) returned 0x330f00 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f20 | out: ListHead=0x6e5258, ListEntry=0x330f20) returned 0x330f10 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f30 | out: ListHead=0x6e5258, ListEntry=0x330f30) returned 0x330f20 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f40 | out: ListHead=0x6e5258, ListEntry=0x330f40) returned 0x330f30 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f50 | out: ListHead=0x6e5258, ListEntry=0x330f50) returned 0x330f40 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f60 | out: ListHead=0x6e5258, ListEntry=0x330f60) returned 0x330f50 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f70 | out: ListHead=0x6e5258, ListEntry=0x330f70) returned 0x330f60 [0045.710] RtlInterlockedPushEntrySList (in: ListHead=0x6e5258, ListEntry=0x330f80 | out: ListHead=0x6e5258, ListEntry=0x330f80) returned 0x330f70 [0045.710] GetCurrentProcess () returned 0xffffffff [0045.710] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x330ff0, dwSize=0xd) returned 1 [0045.710] GetCurrentThreadId () returned 0xe2c [0045.711] CreateDialogParamA (hInstance=0x400000, lpTemplateName=0x81, hWndParent=0x0, lpDialogFunc=0x40a020, dwInitParam=0x0) returned 0x40172 [0046.271] GetCurrentThreadId () returned 0xe2c [0046.272] GetCurrentProcess () returned 0xffffffff [0046.272] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x330ff0, dwSize=0xd) returned 1 [0046.272] SetWindowLongA (hWnd=0x40172, nIndex=4, dwNewLong=3346416) returned 4235296 [0046.287] IsWindow (hWnd=0x40172) returned 1 [0046.287] IsWindow (hWnd=0x40172) returned 1 [0046.287] GetWindowLongA (hWnd=0x40172, nIndex=-16) returned 80347204 [0046.287] GetWindow (hWnd=0x40172, uCmd=0x4) returned 0x0 [0046.287] GetWindowRect (in: hWnd=0x40172, lpRect=0x19f89c | out: lpRect=0x19f89c) returned 1 [0046.287] MonitorFromWindow (hwnd=0x40172, dwFlags=0x2) returned 0x10001 [0046.287] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19f860 | out: lpmi=0x19f860) returned 1 [0046.287] SetWindowPos (hWnd=0x40172, hWndInsertAfter=0x0, X=535, Y=255, cx=-1, cy=-1, uFlags=0x15) returned 1 [0046.297] GetSystemMetrics (nIndex=12) returned 32 [0046.297] GetSystemMetrics (nIndex=11) returned 32 [0046.297] LoadImageA (hInst=0x400000, name=0x80, type=0x1, cx=32, cy=32, fuLoad=0x0) returned 0x3a0211 [0046.298] IsWindow (hWnd=0x40172) returned 1 [0046.298] SendMessageA (hWnd=0x40172, Msg=0x80, wParam=0x1, lParam=0x3a0211) returned 0x0 [0046.301] GetSystemMetrics (nIndex=50) returned 16 [0046.301] GetSystemMetrics (nIndex=49) returned 16 [0046.301] LoadImageA (hInst=0x400000, name=0x80, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x1c0149 [0046.302] IsWindow (hWnd=0x40172) returned 1 [0046.302] SendMessageA (hWnd=0x40172, Msg=0x80, wParam=0x0, lParam=0x1c0149) returned 0x0 [0046.302] GetDlgItem (hDlg=0x40172, nIDDlgItem=1000) returned 0x40174 [0046.302] IsWindow (hWnd=0x40174) returned 1 [0046.302] RtlInterlockedPopEntrySList (in: ListHead=0x6e5258 | out: ListHead=0x6e5258) returned 0x330fe0 [0046.302] GetCurrentProcess () returned 0xffffffff [0046.302] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x330fe0, dwSize=0xd) returned 1 [0046.303] SetWindowLongA (hWnd=0x40174, nIndex=-4, dwNewLong=3346400) returned 2010237808 [0046.303] GetWindowRect (in: hWnd=0x40174, lpRect=0x19f8c4 | out: lpRect=0x19f8c4) returned 1 [0046.303] IsWindow (hWnd=0x40174) returned 1 [0046.303] GetParent (hWnd=0x40174) returned 0x40172 [0046.303] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40172, lpPoints=0x19f8c4, cPoints=0x2 | out: lpPoints=0x19f8c4) returned -18350618 [0046.303] IsWindow (hWnd=0x40174) returned 1 [0046.303] SetWindowPos (hWnd=0x40174, hWndInsertAfter=0x0, X=84, Y=49, cx=269, cy=59, uFlags=0x20) returned 1 [0046.303] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x40174, Msg=0x46, wParam=0x0, lParam=0x19f854) returned 0x0 [0046.303] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x40174, Msg=0x83, wParam=0x1, lParam=0x19f82c) returned 0x0 [0046.303] CopyRect (in: lprcDst=0x19fe60, lprcSrc=0x19f82c | out: lprcDst=0x19fe60) returned 1 [0046.303] OffsetRect (in: lprc=0x19fe60, dx=-84, dy=-49 | out: lprc=0x19fe60) returned 1 [0046.305] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x40174, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0046.305] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x40174, Msg=0x47, wParam=0x0, lParam=0x19f854) returned 0x0 [0046.305] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x40174, Msg=0x5, wParam=0x0, lParam=0x3700dd) returned 0x0 [0046.305] GetDlgItem (hDlg=0x40172, nIDDlgItem=1001) returned 0x400f0 [0046.305] IsWindow (hWnd=0x400f0) returned 1 [0046.305] RtlInterlockedPopEntrySList (in: ListHead=0x6e5258 | out: ListHead=0x6e5258) returned 0x330fd0 [0046.305] GetCurrentProcess () returned 0xffffffff [0046.305] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x330fd0, dwSize=0xd) returned 1 [0046.305] SetWindowLongA (hWnd=0x400f0, nIndex=-4, dwNewLong=3346384) returned 2010237808 [0046.305] GetWindowRect (in: hWnd=0x400f0, lpRect=0x19f8c4 | out: lpRect=0x19f8c4) returned 1 [0046.305] IsWindow (hWnd=0x400f0) returned 1 [0046.305] GetParent (hWnd=0x400f0) returned 0x40172 [0046.305] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40172, lpPoints=0x19f8c4, cPoints=0x2 | out: lpPoints=0x19f8c4) returned -18350618 [0046.305] IsWindow (hWnd=0x400f0) returned 1 [0046.305] SetWindowPos (hWnd=0x400f0, hWndInsertAfter=0x0, X=105, Y=80, cx=315, cy=52, uFlags=0x20) returned 1 [0046.305] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x46, wParam=0x0, lParam=0x19f854) returned 0x0 [0046.306] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x83, wParam=0x1, lParam=0x19f82c) returned 0x0 [0046.306] CopyRect (in: lprcDst=0x19fea0, lprcSrc=0x19f82c | out: lprcDst=0x19fea0) returned 1 [0046.306] OffsetRect (in: lprc=0x19fea0, dx=-105, dy=-80 | out: lprc=0x19fea0) returned 1 [0046.307] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0046.307] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x47, wParam=0x0, lParam=0x19f854) returned 0x0 [0046.307] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x5, wParam=0x0, lParam=0x300111) returned 0x0 [0046.307] GetCurrentThreadId () returned 0xe2c [0046.308] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x89 [0046.308] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0xb1, wParam=0x0, lParam=0x7fffffff) returned 0x1 [0046.318] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0046.323] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0046.323] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0046.323] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0046.323] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x282, wParam=0xf, lParam=0xe0219) returned 0x0 [0046.324] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0046.324] IsWindow (hWnd=0x400f0) returned 1 [0046.324] SendMessageA (hWnd=0x400f0, Msg=0x2111, wParam=0x10003e9, lParam=0x400f0) returned 0x0 [0046.324] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x2111, wParam=0x10003e9, lParam=0x400f0) returned 0x0 [0046.324] SetWindowLongA (hWnd=0x40172, nIndex=0, dwNewLong=0) returned 0 [0046.325] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x89 [0046.325] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0046.325] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x40174, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0046.326] IsWindow (hWnd=0x40172) returned 1 [0046.326] ShowWindow (hWnd=0x40172, nCmdShow=1) returned 0 [0046.381] IsWindow (hWnd=0x40172) returned 1 [0046.381] SendMessageA (hWnd=0x40172, Msg=0x2136, wParam=0x10105c2, lParam=0x40172) returned 0x0 [0046.386] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.386] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.386] IsWindow (hWnd=0x40172) returned 1 [0046.386] IsDialogMessageA (hDlg=0x40172, lpMsg=0x19fdd4) returned 1 [0046.386] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.387] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.387] IsWindow (hWnd=0x40172) returned 1 [0046.387] IsDialogMessageA (hDlg=0x40172, lpMsg=0x19fdd4) returned 1 [0046.387] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.387] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.388] IsWindow (hWnd=0x40172) returned 1 [0046.388] IsDialogMessageA (hDlg=0x40172, lpMsg=0x19fdd4) returned 1 [0046.388] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.388] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0046.388] IsWindow (hWnd=0x40172) returned 1 [0046.388] IsDialogMessageA (hDlg=0x40172, lpMsg=0x19fdd4) [0046.388] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0xf, wParam=0x0, lParam=0x0) [0046.388] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x400f0, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0046.388] IsWindow (hWnd=0x400f0) returned 1 [0046.388] GetWindowLongA (hWnd=0x400f0, nIndex=-16) returned 1342242944 [0046.388] OffsetRect (in: lprc=0x463a10, dx=-275, dy=-2 | out: lprc=0x463a10) returned 1 [0046.389] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0046.389] GetLastError () returned 0x0 [0046.389] SetLastError (dwErrCode=0x0) [0046.389] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0046.389] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4270e0, lpParameter=0x24710e8, dwCreationFlags=0x4, lpThreadId=0x24710e8 | out: lpThreadId=0x24710e8*=0xe8c) returned 0x21c [0046.390] ResumeThread (hThread=0x21c) returned 0x1 [0046.390] GetLastError () returned 0x0 [0046.390] SetLastError (dwErrCode=0x0) [0046.390] RtlExitUserThread (Status=0x0) Thread: id = 2 os_tid = 0xe30 Thread: id = 3 os_tid = 0xe48 Thread: id = 4 os_tid = 0xe8c [0046.410] GetLastError () returned 0x0 [0046.410] SetLastError (dwErrCode=0x0) [0046.411] CancelDC (hdc=0x0) returned 0 [0046.411] GetDC (hWnd=0x0) returned 0x10105c2 [0046.411] SetBkColor (hdc=0x10105c2, color=0x1) returned 0xffffff [0046.412] GetLastError () returned 0x6 [0046.412] CreateDIBSection (in: hdc=0x0, lpbmi=0x29fe9f8, usage=0x0, ppvBits=0x29fe9d8, hSection=0x0, offset=0x0 | out: ppvBits=0x29fe9d8) returned 0x1e050688 [0046.412] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0046.413] GdipCreateFontFamilyFromName (name=0x4557b8, fontCollection=0x0, fontFamily=0x29feac4) returned 0x12 [0046.435] GdipCreateFont (fontFamily=0x0, emSize=0x40c00000, style=1, unit=0x2, font=0x29f999c) returned 0x12 [0046.435] GdiplusStartup (in: token=0x29feac0, input=0x29fea78, output=0x0 | out: token=0x29feac0, output=0x0) returned 0x0 [0046.440] GdipCreateFromHDC2 (hdc=0x0, hDevice=0x0, graphics=0x29f99a4) returned 0x3 [0046.443] GdipCreateSolidFill (color=0xffffffff, brush=0x29f99a8) returned 0x0 [0046.452] GdipCreateFontFamilyFromName (name="Times New Roman", fontCollection=0x0, fontFamily=0x29fea40) returned 0x0 [0046.937] GdipDrawString (graphics=0x0, string="Using \"Technology\", i.e.", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.937] GdipDrawString (graphics=0x0, string="GDI+, I have created a", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.938] GdipDrawString (graphics=0x0, string="texture from system", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.938] GdipDrawString (graphics=0x0, string="installed fonts! That", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.938] GdipDrawString (graphics=0x0, string="means international", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.938] GdipDrawString (graphics=0x0, string="characters!", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.938] GdipDrawString (graphics=0x0, string="", length=-1, font=0x0, layoutRect=0x29f998c, stringFormat=0x0, brush=0x161f08) returned 0x2 [0046.938] GdipFlush (graphics=0x0, intention=0x0) returned 0x2 [0046.938] GdipCreateBitmapFromHBITMAP (hbm=0x0, hpal=0x0, bitmap=0x29f99a4) returned 0x7 [0046.938] DeleteObject (ho=0x0) returned 0 [0046.938] DeleteDC (hdc=0x0) returned 0 [0046.938] GdipDisposeImage (image=0x0) returned 0x2 [0046.940] GdipDeleteFontFamily (fontFamily=0x3c0a0c8) returned 0x0 [0046.940] GdipDeleteBrush (brush=0x161f08) returned 0x0 [0046.941] GdipDeleteGraphics (graphics=0x0) returned 0x2 [0046.942] GdipDeleteFont (font=0x0) returned 0x2 [0046.942] GdipDeleteFontFamily (fontFamily=0x0) returned 0x2 [0046.942] GetSysColorBrush (nIndex=15) returned 0x1100074 [0046.942] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0046.942] RegisterClassA (lpWndClass=0x29fe3c4) returned 0xc160 [0046.942] CreateWindowExA (dwExStyle=0x0, lpClassName="Check Box", lpWindowName="", dwStyle=0x10cf0000, X=150, Y=150, nWidth=230, nHeight=150, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0046.943] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x79e) returned 0x0 [0046.944] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22c [0046.955] Process32First (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0046.956] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0046.957] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0046.958] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x150, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0046.959] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x150, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0046.960] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x190, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0046.961] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x190, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0046.962] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x198, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0046.963] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x198, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0046.964] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.965] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x268, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.966] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d0, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0046.967] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x46, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.968] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.969] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.970] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.970] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.971] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.972] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x230, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0046.973] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.974] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.975] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0046.976] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0046.977] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0046.978] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0046.979] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3f, th32ParentProcessID=0x4ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0046.980] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0046.981] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0046.982] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0046.983] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0046.984] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x588, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0046.985] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="uni-likely.exe")) returned 1 [0046.986] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="treo.exe")) returned 1 [0046.986] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="subsection berry drainage.exe")) returned 1 [0046.987] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="shade.exe")) returned 1 [0046.988] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="conversations.exe")) returned 1 [0046.989] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x420, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="maui observation.exe")) returned 1 [0046.990] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="oldsleepsdelay.exe")) returned 1 [0046.991] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="interactions-miles-validity.exe")) returned 1 [0047.023] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="infraredpdf.exe")) returned 1 [0047.024] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="ranges tremendous.exe")) returned 1 [0047.025] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="statute lan.exe")) returned 1 [0047.026] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x658, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="batteries.exe")) returned 1 [0047.027] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="word_societies.exe")) returned 1 [0047.027] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtreserves.exe")) returned 1 [0047.028] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x988, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="skiing_layer_resolutions.exe")) returned 1 [0047.029] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-auditor.exe")) returned 1 [0047.030] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="alpine zones.exe")) returned 1 [0047.031] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="completion.exe")) returned 1 [0047.032] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="fiscalrkansas.exe")) returned 1 [0047.032] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="funny.exe")) returned 1 [0047.033] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0047.034] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0047.035] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0047.036] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="nstpeer.exe")) returned 1 [0047.037] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0047.037] Process32Next (in: hSnapshot=0x22c, lppe=0x29fe168 | out: lppe=0x29fe168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 0 [0047.038] CloseHandle (hObject=0x22c) returned 1 [0047.039] DefWindowProcW (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0047.039] DefWindowProcW (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0047.039] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x158, pvParam=0x29fdc78, fWinIni=0x0 | out: pvParam=0x29fdc78) returned 1 [0047.039] CreateFontIndirectA (lplf=0x29fdbec) returned 0x160a0741 [0047.039] DdeAccessData (in: hData=0x0, pcbDataSize=0x29fddd4 | out: pcbDataSize=0x29fddd4) returned 0x0 [0047.039] CreateWindowExA (dwExStyle=0x0, lpClassName="SysListView32", lpWindowName=0x0, dwStyle=0x50000000, X=50, Y=50, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0047.039] LoadImageA (hInst=0x400000, name=0x688, type=0x0, cx=0, cy=0, fuLoad=0x0) returned 0x0 [0047.039] SendMessageA (hWnd=0x0, Msg=0x1044, wParam=0x0, lParam=0x29fdc60) returned 0x0 [0047.039] GetTitleBarInfo (in: hwnd=0x0, pti=0x0 | out: pti=0x0) returned 0 [0047.040] DestroyWindow (hWnd=0x0) returned 0 [0047.040] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x1e050688, lParam=0x0) returned 0x0 [0047.040] BeginPaint (in: hWnd=0x0, lpPaint=0x29fdde8 | out: lpPaint=0x29fdde8) returned 0x0 [0047.040] EndPaint (hWnd=0x0, lpPaint=0x29fdde8) returned 0 [0047.040] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x1e050688, lParam=0x0) returned 0x0 [0047.040] CreateCompatibleDC (hdc=0x1) returned 0x0 [0047.040] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0047.040] DeleteDC (hdc=0x0) returned 0 [0047.040] GetDC (hWnd=0x0) returned 0xa0100d0 [0047.040] CreateCompatibleDC (hdc=0xa0100d0) returned 0x8010736 [0047.040] CreateCompatibleBitmap (hdc=0x8010736, cx=512, cy=512) returned 0x9050732 [0047.041] SelectObject (hdc=0x8010736, h=0x9050732) returned 0x185000f [0047.041] SelectObject (hdc=0x8010736, h=0x0) returned 0x0 [0047.041] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=0, xRight=512, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.041] GetStockObject (i=0) returned 0x1900010 [0047.041] FillRect (hDC=0x8010736, lprc=0x29fd314, hbr=0x1900010) returned 1 [0047.041] SetTextColor (hdc=0x8010736, color=0x0) returned 0x0 [0047.041] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=0, xRight=32, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.041] DrawTextA (in: hdc=0x8010736, lpchText="", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="", lprc=0x29fd314) returned 16 [0047.200] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=0, xRight=64, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.200] DrawTextA (in: hdc=0x8010736, lpchText="\x01\x01", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x01\x01", lprc=0x29fd314) returned 16 [0047.201] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=0, xRight=96, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.201] DrawTextA (in: hdc=0x8010736, lpchText="\x02\x02", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x02\x02", lprc=0x29fd314) returned 16 [0047.202] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=0, xRight=128, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.202] DrawTextA (in: hdc=0x8010736, lpchText="\x03\x03", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x03\x03", lprc=0x29fd314) returned 16 [0047.203] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=0, xRight=160, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.203] DrawTextA (in: hdc=0x8010736, lpchText="\x04\x04", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x04\x04", lprc=0x29fd314) returned 16 [0047.204] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=0, xRight=192, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.204] DrawTextA (in: hdc=0x8010736, lpchText="\x05\x05", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x05\x05", lprc=0x29fd314) returned 16 [0047.205] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=0, xRight=224, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.205] DrawTextA (in: hdc=0x8010736, lpchText="\x06\x06", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x06\x06", lprc=0x29fd314) returned 16 [0047.206] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=0, xRight=256, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.206] DrawTextA (in: hdc=0x8010736, lpchText="\x07\x07", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x07\x07", lprc=0x29fd314) returned 16 [0047.206] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=0, xRight=288, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.206] DrawTextA (in: hdc=0x8010736, lpchText="\x08\x08", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x08\x08", lprc=0x29fd314) returned 16 [0047.207] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=0, xRight=320, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.207] DrawTextA (in: hdc=0x8010736, lpchText="\x09\x09", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x09\x09", lprc=0x29fd314) returned 16 [0047.208] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=0, xRight=352, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.208] DrawTextA (in: hdc=0x8010736, lpchText="\n\n", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\n\n", lprc=0x29fd314) returned 32 [0047.208] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=0, xRight=384, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.208] DrawTextA (in: hdc=0x8010736, lpchText="\x0b\x0b", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x0b\x0b", lprc=0x29fd314) returned 16 [0047.209] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=0, xRight=416, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.209] DrawTextA (in: hdc=0x8010736, lpchText="\x0c\x0c", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x0c\x0c", lprc=0x29fd314) returned 16 [0047.215] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=0, xRight=448, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.215] DrawTextA (in: hdc=0x8010736, lpchText="\r\r", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\r\r", lprc=0x29fd314) returned 32 [0047.215] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=0, xRight=480, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.215] DrawTextA (in: hdc=0x8010736, lpchText="\x0e\x0e", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x0e\x0e", lprc=0x29fd314) returned 16 [0047.216] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=0, xRight=512, yBottom=32 | out: lprc=0x29fd314) returned 1 [0047.216] DrawTextA (in: hdc=0x8010736, lpchText="\x0f\x0f", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x0f\x0f", lprc=0x29fd314) returned 16 [0047.216] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=32, xRight=32, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.216] DrawTextA (in: hdc=0x8010736, lpchText="\x10\x10", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x10\x10", lprc=0x29fd314) returned 16 [0047.217] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=32, xRight=64, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.217] DrawTextA (in: hdc=0x8010736, lpchText="\x11\x11", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x11\x11", lprc=0x29fd314) returned 16 [0047.218] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=32, xRight=96, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.218] DrawTextA (in: hdc=0x8010736, lpchText="\x12\x12", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x12\x12", lprc=0x29fd314) returned 16 [0047.218] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=32, xRight=128, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.218] DrawTextA (in: hdc=0x8010736, lpchText="\x13\x13", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x13\x13", lprc=0x29fd314) returned 16 [0047.219] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=32, xRight=160, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.219] DrawTextA (in: hdc=0x8010736, lpchText="\x14\x14", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x14\x14", lprc=0x29fd314) returned 16 [0047.220] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=32, xRight=192, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.220] DrawTextA (in: hdc=0x8010736, lpchText="\x15\x15", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x15\x15", lprc=0x29fd314) returned 16 [0047.221] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=32, xRight=224, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.221] DrawTextA (in: hdc=0x8010736, lpchText="\x16\x16", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x16\x16", lprc=0x29fd314) returned 16 [0047.221] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=32, xRight=256, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.221] DrawTextA (in: hdc=0x8010736, lpchText="\x17\x17", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x17\x17", lprc=0x29fd314) returned 16 [0047.222] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=32, xRight=288, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.222] DrawTextA (in: hdc=0x8010736, lpchText="\x18\x18", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x18\x18", lprc=0x29fd314) returned 16 [0047.223] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=32, xRight=320, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.223] DrawTextA (in: hdc=0x8010736, lpchText="\x19\x19", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x19\x19", lprc=0x29fd314) returned 16 [0047.224] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=32, xRight=352, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.224] DrawTextA (in: hdc=0x8010736, lpchText="\x1a\x1a", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x1a\x1a", lprc=0x29fd314) returned 16 [0047.225] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=32, xRight=384, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.225] DrawTextA (in: hdc=0x8010736, lpchText="\x1b\x1b", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x1b\x1b", lprc=0x29fd314) returned 16 [0047.227] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=32, xRight=416, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.227] DrawTextA (in: hdc=0x8010736, lpchText="\x1c\x1c", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x1c\x1c", lprc=0x29fd314) returned 16 [0047.227] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=32, xRight=448, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.227] DrawTextA (in: hdc=0x8010736, lpchText="\x1d\x1d", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x1d\x1d", lprc=0x29fd314) returned 16 [0047.228] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=32, xRight=480, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.228] DrawTextA (in: hdc=0x8010736, lpchText="\x1e\x1e", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x1e\x1e", lprc=0x29fd314) returned 16 [0047.228] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=32, xRight=512, yBottom=64 | out: lprc=0x29fd314) returned 1 [0047.229] DrawTextA (in: hdc=0x8010736, lpchText="\x1f\x1f", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x1f\x1f", lprc=0x29fd314) returned 16 [0047.229] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=64, xRight=32, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.229] DrawTextA (in: hdc=0x8010736, lpchText=" ", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText=" ", lprc=0x29fd314) returned 16 [0047.229] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=64, xRight=64, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.229] DrawTextA (in: hdc=0x8010736, lpchText="!!", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="!!", lprc=0x29fd314) returned 16 [0047.229] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=64, xRight=96, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.229] DrawTextA (in: hdc=0x8010736, lpchText="\"\"", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\"\"", lprc=0x29fd314) returned 16 [0047.230] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=64, xRight=128, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.230] DrawTextA (in: hdc=0x8010736, lpchText="##", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="##", lprc=0x29fd314) returned 16 [0047.230] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=64, xRight=160, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.230] DrawTextA (in: hdc=0x8010736, lpchText="$$", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="$$", lprc=0x29fd314) returned 16 [0047.230] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=64, xRight=192, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.230] DrawTextA (in: hdc=0x8010736, lpchText="%%", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="%%", lprc=0x29fd314) returned 16 [0047.231] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=64, xRight=224, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.231] DrawTextA (in: hdc=0x8010736, lpchText="&&", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="&&", lprc=0x29fd314) returned 16 [0047.231] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=64, xRight=256, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.231] DrawTextA (in: hdc=0x8010736, lpchText="''", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="''", lprc=0x29fd314) returned 16 [0047.231] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=64, xRight=288, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.231] DrawTextA (in: hdc=0x8010736, lpchText="((", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="((", lprc=0x29fd314) returned 16 [0047.232] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=64, xRight=320, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.232] DrawTextA (in: hdc=0x8010736, lpchText="))", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="))", lprc=0x29fd314) returned 16 [0047.232] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=64, xRight=352, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.232] DrawTextA (in: hdc=0x8010736, lpchText="**", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="**", lprc=0x29fd314) returned 16 [0047.233] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=64, xRight=384, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.233] DrawTextA (in: hdc=0x8010736, lpchText="++", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="++", lprc=0x29fd314) returned 16 [0047.233] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=64, xRight=416, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.233] DrawTextA (in: hdc=0x8010736, lpchText=",,", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText=",,", lprc=0x29fd314) returned 16 [0047.233] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=64, xRight=448, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.233] DrawTextA (in: hdc=0x8010736, lpchText="--", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="--", lprc=0x29fd314) returned 16 [0047.234] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=64, xRight=480, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.234] DrawTextA (in: hdc=0x8010736, lpchText="..", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="..", lprc=0x29fd314) returned 16 [0047.234] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=64, xRight=512, yBottom=96 | out: lprc=0x29fd314) returned 1 [0047.234] DrawTextA (in: hdc=0x8010736, lpchText="//", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="//", lprc=0x29fd314) returned 16 [0047.235] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=96, xRight=32, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.235] DrawTextA (in: hdc=0x8010736, lpchText="00", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="00", lprc=0x29fd314) returned 16 [0047.235] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=96, xRight=64, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.235] DrawTextA (in: hdc=0x8010736, lpchText="11", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="11", lprc=0x29fd314) returned 16 [0047.235] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=96, xRight=96, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.236] DrawTextA (in: hdc=0x8010736, lpchText="22", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="22", lprc=0x29fd314) returned 16 [0047.236] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=96, xRight=128, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.236] DrawTextA (in: hdc=0x8010736, lpchText="33", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="33", lprc=0x29fd314) returned 16 [0047.236] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=96, xRight=160, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.236] DrawTextA (in: hdc=0x8010736, lpchText="44", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="44", lprc=0x29fd314) returned 16 [0047.237] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=96, xRight=192, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.237] DrawTextA (in: hdc=0x8010736, lpchText="55", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="55", lprc=0x29fd314) returned 16 [0047.237] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=96, xRight=224, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.237] DrawTextA (in: hdc=0x8010736, lpchText="66", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="66", lprc=0x29fd314) returned 16 [0047.237] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=96, xRight=256, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.237] DrawTextA (in: hdc=0x8010736, lpchText="77", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="77", lprc=0x29fd314) returned 16 [0047.238] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=96, xRight=288, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.238] DrawTextA (in: hdc=0x8010736, lpchText="88", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="88", lprc=0x29fd314) returned 16 [0047.238] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=96, xRight=320, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.238] DrawTextA (in: hdc=0x8010736, lpchText="99", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="99", lprc=0x29fd314) returned 16 [0047.239] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=96, xRight=352, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.239] DrawTextA (in: hdc=0x8010736, lpchText="::", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="::", lprc=0x29fd314) returned 16 [0047.239] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=96, xRight=384, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.239] DrawTextA (in: hdc=0x8010736, lpchText=";;", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText=";;", lprc=0x29fd314) returned 16 [0047.239] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=96, xRight=416, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.240] DrawTextA (in: hdc=0x8010736, lpchText="<<", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="<<", lprc=0x29fd314) returned 16 [0047.240] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=96, xRight=448, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.240] DrawTextA (in: hdc=0x8010736, lpchText="==", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="==", lprc=0x29fd314) returned 16 [0047.240] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=96, xRight=480, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.240] DrawTextA (in: hdc=0x8010736, lpchText=">>", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText=">>", lprc=0x29fd314) returned 16 [0047.241] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=96, xRight=512, yBottom=128 | out: lprc=0x29fd314) returned 1 [0047.241] DrawTextA (in: hdc=0x8010736, lpchText="??", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="??", lprc=0x29fd314) returned 16 [0047.241] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=128, xRight=32, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.241] DrawTextA (in: hdc=0x8010736, lpchText="@@", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="@@", lprc=0x29fd314) returned 16 [0047.242] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=128, xRight=64, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.242] DrawTextA (in: hdc=0x8010736, lpchText="AA", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="AA", lprc=0x29fd314) returned 16 [0047.243] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=128, xRight=96, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.243] DrawTextA (in: hdc=0x8010736, lpchText="BB", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="BB", lprc=0x29fd314) returned 16 [0047.243] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=128, xRight=128, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.243] DrawTextA (in: hdc=0x8010736, lpchText="CC", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="CC", lprc=0x29fd314) returned 16 [0047.243] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=128, xRight=160, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.244] DrawTextA (in: hdc=0x8010736, lpchText="DD", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="DD", lprc=0x29fd314) returned 16 [0047.244] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=128, xRight=192, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.244] DrawTextA (in: hdc=0x8010736, lpchText="EE", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="EE", lprc=0x29fd314) returned 16 [0047.244] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=128, xRight=224, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.244] DrawTextA (in: hdc=0x8010736, lpchText="FF", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="FF", lprc=0x29fd314) returned 16 [0047.245] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=128, xRight=256, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.245] DrawTextA (in: hdc=0x8010736, lpchText="GG", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="GG", lprc=0x29fd314) returned 16 [0047.245] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=128, xRight=288, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.245] DrawTextA (in: hdc=0x8010736, lpchText="HH", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="HH", lprc=0x29fd314) returned 16 [0047.245] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=128, xRight=320, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.246] DrawTextA (in: hdc=0x8010736, lpchText="II", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="II", lprc=0x29fd314) returned 16 [0047.246] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=128, xRight=352, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.246] DrawTextA (in: hdc=0x8010736, lpchText="JJ", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="JJ", lprc=0x29fd314) returned 16 [0047.246] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=128, xRight=384, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.246] DrawTextA (in: hdc=0x8010736, lpchText="KK", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="KK", lprc=0x29fd314) returned 16 [0047.247] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=128, xRight=416, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.247] DrawTextA (in: hdc=0x8010736, lpchText="LL", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="LL", lprc=0x29fd314) returned 16 [0047.247] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=128, xRight=448, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.247] DrawTextA (in: hdc=0x8010736, lpchText="MM", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="MM", lprc=0x29fd314) returned 16 [0047.247] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=128, xRight=480, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.247] DrawTextA (in: hdc=0x8010736, lpchText="NN", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="NN", lprc=0x29fd314) returned 16 [0047.248] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=128, xRight=512, yBottom=160 | out: lprc=0x29fd314) returned 1 [0047.248] DrawTextA (in: hdc=0x8010736, lpchText="OO", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="OO", lprc=0x29fd314) returned 16 [0047.248] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=160, xRight=32, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.248] DrawTextA (in: hdc=0x8010736, lpchText="PP", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="PP", lprc=0x29fd314) returned 16 [0047.249] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=160, xRight=64, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.249] DrawTextA (in: hdc=0x8010736, lpchText="QQ", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="QQ", lprc=0x29fd314) returned 16 [0047.249] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=160, xRight=96, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.249] DrawTextA (in: hdc=0x8010736, lpchText="RR", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="RR", lprc=0x29fd314) returned 16 [0047.249] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=160, xRight=128, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.249] DrawTextA (in: hdc=0x8010736, lpchText="SS", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="SS", lprc=0x29fd314) returned 16 [0047.250] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=160, xRight=160, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.250] DrawTextA (in: hdc=0x8010736, lpchText="TT", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="TT", lprc=0x29fd314) returned 16 [0047.250] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=160, xRight=192, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.250] DrawTextA (in: hdc=0x8010736, lpchText="UU", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="UU", lprc=0x29fd314) returned 16 [0047.251] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=160, xRight=224, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.251] DrawTextA (in: hdc=0x8010736, lpchText="VV", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="VV", lprc=0x29fd314) returned 16 [0047.251] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=160, xRight=256, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.251] DrawTextA (in: hdc=0x8010736, lpchText="WW", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="WW", lprc=0x29fd314) returned 16 [0047.251] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=160, xRight=288, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.251] DrawTextA (in: hdc=0x8010736, lpchText="XX", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="XX", lprc=0x29fd314) returned 16 [0047.252] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=160, xRight=320, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.252] DrawTextA (in: hdc=0x8010736, lpchText="YY", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="YY", lprc=0x29fd314) returned 16 [0047.252] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=160, xRight=352, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.252] DrawTextA (in: hdc=0x8010736, lpchText="ZZ", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ZZ", lprc=0x29fd314) returned 16 [0047.253] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=160, xRight=384, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.253] DrawTextA (in: hdc=0x8010736, lpchText="[[", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="[[", lprc=0x29fd314) returned 16 [0047.253] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=160, xRight=416, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.253] DrawTextA (in: hdc=0x8010736, lpchText="\\\\", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\\\\", lprc=0x29fd314) returned 16 [0047.253] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=160, xRight=448, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.253] DrawTextA (in: hdc=0x8010736, lpchText="]]", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="]]", lprc=0x29fd314) returned 16 [0047.254] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=160, xRight=480, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.254] DrawTextA (in: hdc=0x8010736, lpchText="^^", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="^^", lprc=0x29fd314) returned 16 [0047.254] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=160, xRight=512, yBottom=192 | out: lprc=0x29fd314) returned 1 [0047.254] DrawTextA (in: hdc=0x8010736, lpchText="__", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="__", lprc=0x29fd314) returned 16 [0047.255] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=192, xRight=32, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.255] DrawTextA (in: hdc=0x8010736, lpchText="``", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="``", lprc=0x29fd314) returned 16 [0047.255] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=192, xRight=64, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.255] DrawTextA (in: hdc=0x8010736, lpchText="aa", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="aa", lprc=0x29fd314) returned 16 [0047.255] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=192, xRight=96, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.255] DrawTextA (in: hdc=0x8010736, lpchText="bb", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="bb", lprc=0x29fd314) returned 16 [0047.256] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=192, xRight=128, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.256] DrawTextA (in: hdc=0x8010736, lpchText="cc", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="cc", lprc=0x29fd314) returned 16 [0047.256] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=192, xRight=160, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.256] DrawTextA (in: hdc=0x8010736, lpchText="dd", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="dd", lprc=0x29fd314) returned 16 [0047.256] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=192, xRight=192, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.257] DrawTextA (in: hdc=0x8010736, lpchText="ee", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ee", lprc=0x29fd314) returned 16 [0047.257] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=192, xRight=224, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.257] DrawTextA (in: hdc=0x8010736, lpchText="ff", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ff", lprc=0x29fd314) returned 16 [0047.258] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=192, xRight=256, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.258] DrawTextA (in: hdc=0x8010736, lpchText="gg", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="gg", lprc=0x29fd314) returned 16 [0047.258] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=192, xRight=288, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.258] DrawTextA (in: hdc=0x8010736, lpchText="hh", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="hh", lprc=0x29fd314) returned 16 [0047.259] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=192, xRight=320, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.259] DrawTextA (in: hdc=0x8010736, lpchText="ii", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ii", lprc=0x29fd314) returned 16 [0047.259] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=192, xRight=352, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.259] DrawTextA (in: hdc=0x8010736, lpchText="jj", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="jj", lprc=0x29fd314) returned 16 [0047.259] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=192, xRight=384, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.260] DrawTextA (in: hdc=0x8010736, lpchText="kk", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="kk", lprc=0x29fd314) returned 16 [0047.260] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=192, xRight=416, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.260] DrawTextA (in: hdc=0x8010736, lpchText="ll", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ll", lprc=0x29fd314) returned 16 [0047.260] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=192, xRight=448, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.260] DrawTextA (in: hdc=0x8010736, lpchText="mm", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="mm", lprc=0x29fd314) returned 16 [0047.261] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=192, xRight=480, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.261] DrawTextA (in: hdc=0x8010736, lpchText="nn", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="nn", lprc=0x29fd314) returned 16 [0047.261] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=192, xRight=512, yBottom=224 | out: lprc=0x29fd314) returned 1 [0047.261] DrawTextA (in: hdc=0x8010736, lpchText="oo", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="oo", lprc=0x29fd314) returned 16 [0047.261] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=224, xRight=32, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.262] DrawTextA (in: hdc=0x8010736, lpchText="pp", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="pp", lprc=0x29fd314) returned 16 [0047.262] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=224, xRight=64, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.262] DrawTextA (in: hdc=0x8010736, lpchText="qq", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="qq", lprc=0x29fd314) returned 16 [0047.262] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=224, xRight=96, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.262] DrawTextA (in: hdc=0x8010736, lpchText="rr", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="rr", lprc=0x29fd314) returned 16 [0047.263] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=224, xRight=128, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.263] DrawTextA (in: hdc=0x8010736, lpchText="ss", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ss", lprc=0x29fd314) returned 16 [0047.263] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=224, xRight=160, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.263] DrawTextA (in: hdc=0x8010736, lpchText="tt", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="tt", lprc=0x29fd314) returned 16 [0047.264] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=224, xRight=192, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.264] DrawTextA (in: hdc=0x8010736, lpchText="uu", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="uu", lprc=0x29fd314) returned 16 [0047.264] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=224, xRight=224, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.264] DrawTextA (in: hdc=0x8010736, lpchText="vv", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="vv", lprc=0x29fd314) returned 16 [0047.264] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=224, xRight=256, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.264] DrawTextA (in: hdc=0x8010736, lpchText="ww", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="ww", lprc=0x29fd314) returned 16 [0047.265] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=224, xRight=288, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.265] DrawTextA (in: hdc=0x8010736, lpchText="xx", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="xx", lprc=0x29fd314) returned 16 [0047.265] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=224, xRight=320, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.265] DrawTextA (in: hdc=0x8010736, lpchText="yy", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="yy", lprc=0x29fd314) returned 16 [0047.265] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=224, xRight=352, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.266] DrawTextA (in: hdc=0x8010736, lpchText="zz", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="zz", lprc=0x29fd314) returned 16 [0047.266] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=224, xRight=384, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.266] DrawTextA (in: hdc=0x8010736, lpchText="{{", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="{{", lprc=0x29fd314) returned 16 [0047.266] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=224, xRight=416, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.266] DrawTextA (in: hdc=0x8010736, lpchText="||", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="||", lprc=0x29fd314) returned 16 [0047.267] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=224, xRight=448, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.267] DrawTextA (in: hdc=0x8010736, lpchText="}}", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="}}", lprc=0x29fd314) returned 16 [0047.267] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=224, xRight=480, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.267] DrawTextA (in: hdc=0x8010736, lpchText="~~", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="~~", lprc=0x29fd314) returned 16 [0047.268] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=224, xRight=512, yBottom=256 | out: lprc=0x29fd314) returned 1 [0047.268] DrawTextA (in: hdc=0x8010736, lpchText="\x7f\x7f", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x7f\x7f", lprc=0x29fd314) returned 16 [0047.273] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=256, xRight=32, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.273] DrawTextA (in: hdc=0x8010736, lpchText="\x80\x80", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x80\x80", lprc=0x29fd314) returned 16 [0047.298] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=256, xRight=64, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.298] DrawTextA (in: hdc=0x8010736, lpchText="\x81\x81", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x81\x81", lprc=0x29fd314) returned 16 [0047.298] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=256, xRight=96, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.298] DrawTextA (in: hdc=0x8010736, lpchText="\x82\x82", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x82\x82", lprc=0x29fd314) returned 16 [0047.298] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=256, xRight=128, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.298] DrawTextA (in: hdc=0x8010736, lpchText="\x83\x83", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x83\x83", lprc=0x29fd314) returned 16 [0047.299] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=256, xRight=160, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.299] DrawTextA (in: hdc=0x8010736, lpchText="\x84\x84", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x84\x84", lprc=0x29fd314) returned 16 [0047.299] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=256, xRight=192, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.299] DrawTextA (in: hdc=0x8010736, lpchText="\x85\x85", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x85\x85", lprc=0x29fd314) returned 16 [0047.299] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=256, xRight=224, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.299] DrawTextA (in: hdc=0x8010736, lpchText="\x86\x86", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x86\x86", lprc=0x29fd314) returned 16 [0047.300] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=256, xRight=256, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.300] DrawTextA (in: hdc=0x8010736, lpchText="\x87\x87", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x87\x87", lprc=0x29fd314) returned 16 [0047.300] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=256, xRight=288, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.300] DrawTextA (in: hdc=0x8010736, lpchText="\x88\x88", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x88\x88", lprc=0x29fd314) returned 16 [0047.300] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=256, xRight=320, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.300] DrawTextA (in: hdc=0x8010736, lpchText="\x89\x89", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x89\x89", lprc=0x29fd314) returned 16 [0047.301] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=256, xRight=352, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.301] DrawTextA (in: hdc=0x8010736, lpchText="\x8a\x8a", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x8a\x8a", lprc=0x29fd314) returned 16 [0047.301] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=256, xRight=384, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.301] DrawTextA (in: hdc=0x8010736, lpchText="\x8b\x8b", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x8b\x8b", lprc=0x29fd314) returned 16 [0047.301] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=256, xRight=416, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.302] DrawTextA (in: hdc=0x8010736, lpchText="\x8c\x8c", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x8c\x8c", lprc=0x29fd314) returned 16 [0047.302] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=256, xRight=448, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.302] DrawTextA (in: hdc=0x8010736, lpchText="\x8d\x8d", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x8d\x8d", lprc=0x29fd314) returned 16 [0047.302] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=256, xRight=480, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.302] DrawTextA (in: hdc=0x8010736, lpchText="\x8e\x8e", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x8e\x8e", lprc=0x29fd314) returned 16 [0047.303] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=256, xRight=512, yBottom=288 | out: lprc=0x29fd314) returned 1 [0047.303] DrawTextA (in: hdc=0x8010736, lpchText="\x8f\x8f", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x8f\x8f", lprc=0x29fd314) returned 16 [0047.303] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=288, xRight=32, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.303] DrawTextA (in: hdc=0x8010736, lpchText="\x90\x90", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x90\x90", lprc=0x29fd314) returned 16 [0047.303] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=288, xRight=64, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.303] DrawTextA (in: hdc=0x8010736, lpchText="\x91\x91", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x91\x91", lprc=0x29fd314) returned 16 [0047.304] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=288, xRight=96, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.304] DrawTextA (in: hdc=0x8010736, lpchText="\x92\x92", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x92\x92", lprc=0x29fd314) returned 16 [0047.304] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=288, xRight=128, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.304] DrawTextA (in: hdc=0x8010736, lpchText="\x93\x93", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x93\x93", lprc=0x29fd314) returned 16 [0047.305] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=288, xRight=160, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.305] DrawTextA (in: hdc=0x8010736, lpchText="\x94\x94", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x94\x94", lprc=0x29fd314) returned 16 [0047.305] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=288, xRight=192, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.305] DrawTextA (in: hdc=0x8010736, lpchText="\x95\x95", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x95\x95", lprc=0x29fd314) returned 16 [0047.306] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=288, xRight=224, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.306] DrawTextA (in: hdc=0x8010736, lpchText="\x96\x96", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x96\x96", lprc=0x29fd314) returned 16 [0047.306] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=288, xRight=256, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.306] DrawTextA (in: hdc=0x8010736, lpchText="\x97\x97", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x97\x97", lprc=0x29fd314) returned 16 [0047.306] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=288, xRight=288, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.306] DrawTextA (in: hdc=0x8010736, lpchText="\x98\x98", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x98\x98", lprc=0x29fd314) returned 16 [0047.307] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=288, xRight=320, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.307] DrawTextA (in: hdc=0x8010736, lpchText="\x99\x99", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x99\x99", lprc=0x29fd314) returned 16 [0047.307] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=288, xRight=352, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.307] DrawTextA (in: hdc=0x8010736, lpchText="\x9a\x9a", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x9a\x9a", lprc=0x29fd314) returned 16 [0047.307] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=288, xRight=384, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.307] DrawTextA (in: hdc=0x8010736, lpchText="\x9b\x9b", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x9b\x9b", lprc=0x29fd314) returned 16 [0047.308] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=288, xRight=416, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.308] DrawTextA (in: hdc=0x8010736, lpchText="\x9c\x9c", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x9c\x9c", lprc=0x29fd314) returned 16 [0047.308] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=288, xRight=448, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.308] DrawTextA (in: hdc=0x8010736, lpchText="\x9d\x9d", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x9d\x9d", lprc=0x29fd314) returned 16 [0047.308] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=288, xRight=480, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.308] DrawTextA (in: hdc=0x8010736, lpchText="\x9e\x9e", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x9e\x9e", lprc=0x29fd314) returned 16 [0047.309] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=288, xRight=512, yBottom=320 | out: lprc=0x29fd314) returned 1 [0047.309] DrawTextA (in: hdc=0x8010736, lpchText="\x9f\x9f", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\x9f\x9f", lprc=0x29fd314) returned 16 [0047.309] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=320, xRight=32, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.309] DrawTextA (in: hdc=0x8010736, lpchText="\xa0\xa0", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa0\xa0", lprc=0x29fd314) returned 16 [0047.309] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=320, xRight=64, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.309] DrawTextA (in: hdc=0x8010736, lpchText="\xa1\xa1", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa1\xa1", lprc=0x29fd314) returned 16 [0047.310] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=320, xRight=96, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.310] DrawTextA (in: hdc=0x8010736, lpchText="\xa2\xa2", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa2\xa2", lprc=0x29fd314) returned 16 [0047.310] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=320, xRight=128, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.310] DrawTextA (in: hdc=0x8010736, lpchText="\xa3\xa3", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa3\xa3", lprc=0x29fd314) returned 16 [0047.310] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=320, xRight=160, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.310] DrawTextA (in: hdc=0x8010736, lpchText="\xa4\xa4", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa4\xa4", lprc=0x29fd314) returned 16 [0047.311] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=320, xRight=192, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.311] DrawTextA (in: hdc=0x8010736, lpchText="\xa5\xa5", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa5\xa5", lprc=0x29fd314) returned 16 [0047.311] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=320, xRight=224, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.311] DrawTextA (in: hdc=0x8010736, lpchText="\xa6\xa6", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa6\xa6", lprc=0x29fd314) returned 16 [0047.311] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=320, xRight=256, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.311] DrawTextA (in: hdc=0x8010736, lpchText="\xa7\xa7", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa7\xa7", lprc=0x29fd314) returned 16 [0047.312] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=320, xRight=288, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.312] DrawTextA (in: hdc=0x8010736, lpchText="\xa8\xa8", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa8\xa8", lprc=0x29fd314) returned 16 [0047.312] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=320, xRight=320, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.312] DrawTextA (in: hdc=0x8010736, lpchText="\xa9\xa9", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xa9\xa9", lprc=0x29fd314) returned 16 [0047.312] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=320, xRight=352, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.312] DrawTextA (in: hdc=0x8010736, lpchText="\xaa\xaa", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xaa\xaa", lprc=0x29fd314) returned 16 [0047.313] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=320, xRight=384, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.313] DrawTextA (in: hdc=0x8010736, lpchText="\xab\xab", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xab\xab", lprc=0x29fd314) returned 16 [0047.313] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=320, xRight=416, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.313] DrawTextA (in: hdc=0x8010736, lpchText="\xac\xac", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xac\xac", lprc=0x29fd314) returned 16 [0047.313] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=320, xRight=448, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.313] DrawTextA (in: hdc=0x8010736, lpchText="\xad\xad", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xad\xad", lprc=0x29fd314) returned 16 [0047.314] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=320, xRight=480, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.314] DrawTextA (in: hdc=0x8010736, lpchText="\xae\xae", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xae\xae", lprc=0x29fd314) returned 16 [0047.314] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=320, xRight=512, yBottom=352 | out: lprc=0x29fd314) returned 1 [0047.314] DrawTextA (in: hdc=0x8010736, lpchText="\xaf\xaf", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xaf\xaf", lprc=0x29fd314) returned 16 [0047.314] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=352, xRight=32, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.314] DrawTextA (in: hdc=0x8010736, lpchText="\xb0\xb0", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb0\xb0", lprc=0x29fd314) returned 16 [0047.314] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=352, xRight=64, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.314] DrawTextA (in: hdc=0x8010736, lpchText="\xb1\xb1", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb1\xb1", lprc=0x29fd314) returned 16 [0047.315] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=352, xRight=96, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.315] DrawTextA (in: hdc=0x8010736, lpchText="\xb2\xb2", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb2\xb2", lprc=0x29fd314) returned 16 [0047.315] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=352, xRight=128, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.315] DrawTextA (in: hdc=0x8010736, lpchText="\xb3\xb3", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb3\xb3", lprc=0x29fd314) returned 16 [0047.315] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=352, xRight=160, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.315] DrawTextA (in: hdc=0x8010736, lpchText="\xb4\xb4", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb4\xb4", lprc=0x29fd314) returned 16 [0047.316] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=352, xRight=192, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.316] DrawTextA (in: hdc=0x8010736, lpchText="\xb5\xb5", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb5\xb5", lprc=0x29fd314) returned 16 [0047.316] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=352, xRight=224, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.316] DrawTextA (in: hdc=0x8010736, lpchText="\xb6\xb6", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb6\xb6", lprc=0x29fd314) returned 16 [0047.316] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=352, xRight=256, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.316] DrawTextA (in: hdc=0x8010736, lpchText="\xb7\xb7", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb7\xb7", lprc=0x29fd314) returned 16 [0047.317] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=352, xRight=288, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.317] DrawTextA (in: hdc=0x8010736, lpchText="\xb8\xb8", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb8\xb8", lprc=0x29fd314) returned 16 [0047.317] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=352, xRight=320, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.317] DrawTextA (in: hdc=0x8010736, lpchText="\xb9\xb9", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xb9\xb9", lprc=0x29fd314) returned 16 [0047.317] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=352, xRight=352, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.317] DrawTextA (in: hdc=0x8010736, lpchText="\xba\xba", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xba\xba", lprc=0x29fd314) returned 16 [0047.318] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=352, xRight=384, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.318] DrawTextA (in: hdc=0x8010736, lpchText="\xbb\xbb", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xbb\xbb", lprc=0x29fd314) returned 16 [0047.318] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=352, xRight=416, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.318] DrawTextA (in: hdc=0x8010736, lpchText="\xbc\xbc", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xbc\xbc", lprc=0x29fd314) returned 16 [0047.318] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=352, xRight=448, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.318] DrawTextA (in: hdc=0x8010736, lpchText="\xbd\xbd", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xbd\xbd", lprc=0x29fd314) returned 16 [0047.319] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=352, xRight=480, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.319] DrawTextA (in: hdc=0x8010736, lpchText="\xbe\xbe", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xbe\xbe", lprc=0x29fd314) returned 16 [0047.319] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=352, xRight=512, yBottom=384 | out: lprc=0x29fd314) returned 1 [0047.319] DrawTextA (in: hdc=0x8010736, lpchText="\xbf\xbf", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xbf\xbf", lprc=0x29fd314) returned 16 [0047.319] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=384, xRight=32, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.319] DrawTextA (in: hdc=0x8010736, lpchText="\xc0\xc0", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc0\xc0", lprc=0x29fd314) returned 16 [0047.320] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=384, xRight=64, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.320] DrawTextA (in: hdc=0x8010736, lpchText="\xc1\xc1", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc1\xc1", lprc=0x29fd314) returned 16 [0047.321] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=384, xRight=96, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.321] DrawTextA (in: hdc=0x8010736, lpchText="\xc2\xc2", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc2\xc2", lprc=0x29fd314) returned 16 [0047.321] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=384, xRight=128, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.321] DrawTextA (in: hdc=0x8010736, lpchText="\xc3\xc3", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc3\xc3", lprc=0x29fd314) returned 16 [0047.321] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=384, xRight=160, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.321] DrawTextA (in: hdc=0x8010736, lpchText="\xc4\xc4", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc4\xc4", lprc=0x29fd314) returned 16 [0047.322] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=384, xRight=192, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.322] DrawTextA (in: hdc=0x8010736, lpchText="\xc5\xc5", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc5\xc5", lprc=0x29fd314) returned 16 [0047.322] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=384, xRight=224, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.322] DrawTextA (in: hdc=0x8010736, lpchText="\xc6\xc6", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc6\xc6", lprc=0x29fd314) returned 16 [0047.322] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=384, xRight=256, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.322] DrawTextA (in: hdc=0x8010736, lpchText="\xc7\xc7", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc7\xc7", lprc=0x29fd314) returned 16 [0047.323] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=384, xRight=288, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.323] DrawTextA (in: hdc=0x8010736, lpchText="\xc8\xc8", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc8\xc8", lprc=0x29fd314) returned 16 [0047.323] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=384, xRight=320, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.323] DrawTextA (in: hdc=0x8010736, lpchText="\xc9\xc9", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xc9\xc9", lprc=0x29fd314) returned 16 [0047.323] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=384, xRight=352, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.323] DrawTextA (in: hdc=0x8010736, lpchText="\xca\xca", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xca\xca", lprc=0x29fd314) returned 16 [0047.324] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=384, xRight=384, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.324] DrawTextA (in: hdc=0x8010736, lpchText="\xcb\xcb", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xcb\xcb", lprc=0x29fd314) returned 16 [0047.324] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=384, xRight=416, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.324] DrawTextA (in: hdc=0x8010736, lpchText="\xcc\xcc", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xcc\xcc", lprc=0x29fd314) returned 16 [0047.324] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=384, xRight=448, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.324] DrawTextA (in: hdc=0x8010736, lpchText="\xcd\xcd", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xcd\xcd", lprc=0x29fd314) returned 16 [0047.325] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=384, xRight=480, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.325] DrawTextA (in: hdc=0x8010736, lpchText="\xce\xce", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xce\xce", lprc=0x29fd314) returned 16 [0047.325] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=384, xRight=512, yBottom=416 | out: lprc=0x29fd314) returned 1 [0047.325] DrawTextA (in: hdc=0x8010736, lpchText="\xcf\xcf", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xcf\xcf", lprc=0x29fd314) returned 16 [0047.326] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=416, xRight=32, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.326] DrawTextA (in: hdc=0x8010736, lpchText="\xd0\xd0", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd0\xd0", lprc=0x29fd314) returned 16 [0047.326] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=416, xRight=64, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.326] DrawTextA (in: hdc=0x8010736, lpchText="\xd1\xd1", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd1\xd1", lprc=0x29fd314) returned 16 [0047.327] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=416, xRight=96, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.327] DrawTextA (in: hdc=0x8010736, lpchText="\xd2\xd2", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd2\xd2", lprc=0x29fd314) returned 16 [0047.327] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=416, xRight=128, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.327] DrawTextA (in: hdc=0x8010736, lpchText="\xd3\xd3", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd3\xd3", lprc=0x29fd314) returned 16 [0047.327] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=416, xRight=160, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.327] DrawTextA (in: hdc=0x8010736, lpchText="\xd4\xd4", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd4\xd4", lprc=0x29fd314) returned 16 [0047.328] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=416, xRight=192, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.328] DrawTextA (in: hdc=0x8010736, lpchText="\xd5\xd5", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd5\xd5", lprc=0x29fd314) returned 16 [0047.328] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=416, xRight=224, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.328] DrawTextA (in: hdc=0x8010736, lpchText="\xd6\xd6", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd6\xd6", lprc=0x29fd314) returned 16 [0047.329] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=416, xRight=256, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.329] DrawTextA (in: hdc=0x8010736, lpchText="\xd7\xd7", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd7\xd7", lprc=0x29fd314) returned 16 [0047.329] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=416, xRight=288, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.329] DrawTextA (in: hdc=0x8010736, lpchText="\xd8\xd8", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd8\xd8", lprc=0x29fd314) returned 16 [0047.330] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=416, xRight=320, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.330] DrawTextA (in: hdc=0x8010736, lpchText="\xd9\xd9", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xd9\xd9", lprc=0x29fd314) returned 16 [0047.330] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=416, xRight=352, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.330] DrawTextA (in: hdc=0x8010736, lpchText="\xda\xda", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xda\xda", lprc=0x29fd314) returned 16 [0047.330] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=416, xRight=384, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.331] DrawTextA (in: hdc=0x8010736, lpchText="\xdb\xdb", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xdb\xdb", lprc=0x29fd314) returned 16 [0047.331] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=416, xRight=416, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.331] DrawTextA (in: hdc=0x8010736, lpchText="\xdc\xdc", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xdc\xdc", lprc=0x29fd314) returned 16 [0047.331] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=416, xRight=448, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.331] DrawTextA (in: hdc=0x8010736, lpchText="\xdd\xdd", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xdd\xdd", lprc=0x29fd314) returned 16 [0047.332] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=416, xRight=480, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.332] DrawTextA (in: hdc=0x8010736, lpchText="\xde\xde", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xde\xde", lprc=0x29fd314) returned 16 [0047.332] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=416, xRight=512, yBottom=448 | out: lprc=0x29fd314) returned 1 [0047.332] DrawTextA (in: hdc=0x8010736, lpchText="\xdf\xdf", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xdf\xdf", lprc=0x29fd314) returned 16 [0047.333] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=448, xRight=32, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.333] DrawTextA (in: hdc=0x8010736, lpchText="\xe0\xe0", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe0\xe0", lprc=0x29fd314) returned 16 [0047.333] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=448, xRight=64, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.333] DrawTextA (in: hdc=0x8010736, lpchText="\xe1\xe1", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe1\xe1", lprc=0x29fd314) returned 16 [0047.334] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=448, xRight=96, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.334] DrawTextA (in: hdc=0x8010736, lpchText="\xe2\xe2", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe2\xe2", lprc=0x29fd314) returned 16 [0047.334] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=448, xRight=128, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.334] DrawTextA (in: hdc=0x8010736, lpchText="\xe3\xe3", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe3\xe3", lprc=0x29fd314) returned 16 [0047.334] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=448, xRight=160, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.334] DrawTextA (in: hdc=0x8010736, lpchText="\xe4\xe4", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe4\xe4", lprc=0x29fd314) returned 16 [0047.335] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=448, xRight=192, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.335] DrawTextA (in: hdc=0x8010736, lpchText="\xe5\xe5", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe5\xe5", lprc=0x29fd314) returned 16 [0047.336] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=448, xRight=224, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.336] DrawTextA (in: hdc=0x8010736, lpchText="\xe6\xe6", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe6\xe6", lprc=0x29fd314) returned 16 [0047.336] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=448, xRight=256, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.336] DrawTextA (in: hdc=0x8010736, lpchText="\xe7\xe7", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe7\xe7", lprc=0x29fd314) returned 16 [0047.337] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=448, xRight=288, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.337] DrawTextA (in: hdc=0x8010736, lpchText="\xe8\xe8", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe8\xe8", lprc=0x29fd314) returned 16 [0047.337] SetRect (in: lprc=0x29fd314, xLeft=288, yTop=448, xRight=320, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.337] DrawTextA (in: hdc=0x8010736, lpchText="\xe9\xe9", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xe9\xe9", lprc=0x29fd314) returned 16 [0047.337] SetRect (in: lprc=0x29fd314, xLeft=320, yTop=448, xRight=352, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.337] DrawTextA (in: hdc=0x8010736, lpchText="\xea\xea", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xea\xea", lprc=0x29fd314) returned 16 [0047.338] SetRect (in: lprc=0x29fd314, xLeft=352, yTop=448, xRight=384, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.338] DrawTextA (in: hdc=0x8010736, lpchText="\xeb\xeb", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xeb\xeb", lprc=0x29fd314) returned 16 [0047.338] SetRect (in: lprc=0x29fd314, xLeft=384, yTop=448, xRight=416, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.338] DrawTextA (in: hdc=0x8010736, lpchText="\xec\xec", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xec\xec", lprc=0x29fd314) returned 16 [0047.339] SetRect (in: lprc=0x29fd314, xLeft=416, yTop=448, xRight=448, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.339] DrawTextA (in: hdc=0x8010736, lpchText="\xed\xed", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xed\xed", lprc=0x29fd314) returned 16 [0047.339] SetRect (in: lprc=0x29fd314, xLeft=448, yTop=448, xRight=480, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.339] DrawTextA (in: hdc=0x8010736, lpchText="\xee\xee", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xee\xee", lprc=0x29fd314) returned 16 [0047.340] SetRect (in: lprc=0x29fd314, xLeft=480, yTop=448, xRight=512, yBottom=480 | out: lprc=0x29fd314) returned 1 [0047.340] DrawTextA (in: hdc=0x8010736, lpchText="\xef\xef", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xef\xef", lprc=0x29fd314) returned 16 [0047.340] SetRect (in: lprc=0x29fd314, xLeft=0, yTop=480, xRight=32, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.340] DrawTextA (in: hdc=0x8010736, lpchText="\xf0\xf0", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf0\xf0", lprc=0x29fd314) returned 16 [0047.340] SetRect (in: lprc=0x29fd314, xLeft=32, yTop=480, xRight=64, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.341] DrawTextA (in: hdc=0x8010736, lpchText="\xf1\xf1", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf1\xf1", lprc=0x29fd314) returned 16 [0047.341] SetRect (in: lprc=0x29fd314, xLeft=64, yTop=480, xRight=96, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.341] DrawTextA (in: hdc=0x8010736, lpchText="\xf2\xf2", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf2\xf2", lprc=0x29fd314) returned 16 [0047.341] SetRect (in: lprc=0x29fd314, xLeft=96, yTop=480, xRight=128, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.341] DrawTextA (in: hdc=0x8010736, lpchText="\xf3\xf3", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf3\xf3", lprc=0x29fd314) returned 16 [0047.342] SetRect (in: lprc=0x29fd314, xLeft=128, yTop=480, xRight=160, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.342] DrawTextA (in: hdc=0x8010736, lpchText="\xf4\xf4", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf4\xf4", lprc=0x29fd314) returned 16 [0047.342] SetRect (in: lprc=0x29fd314, xLeft=160, yTop=480, xRight=192, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.342] DrawTextA (in: hdc=0x8010736, lpchText="\xf5\xf5", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf5\xf5", lprc=0x29fd314) returned 16 [0047.343] SetRect (in: lprc=0x29fd314, xLeft=192, yTop=480, xRight=224, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.343] DrawTextA (in: hdc=0x8010736, lpchText="\xf6\xf6", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf6\xf6", lprc=0x29fd314) returned 16 [0047.343] SetRect (in: lprc=0x29fd314, xLeft=224, yTop=480, xRight=256, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.343] DrawTextA (in: hdc=0x8010736, lpchText="\xf7\xf7", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf7\xf7", lprc=0x29fd314) returned 16 [0047.344] SetRect (in: lprc=0x29fd314, xLeft=256, yTop=480, xRight=288, yBottom=512 | out: lprc=0x29fd314) returned 1 [0047.344] DrawTextA (in: hdc=0x8010736, lpchText="\xf8\xf8", cchText=1, lprc=0x29fd314, format=0x5 | out: lpchText="\xf8\xf8", lprc=0x29fd314) returned 16 [0047.348] DeleteObject (ho=0x0) returned 0 [0047.348] DeleteDC (hdc=0x8010736) returned 1 [0047.348] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0047.348] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x29fcbe0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1 [0047.348] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x29fcbe0, cbMultiByte=-1, lpWideCharStr=0x7030d4, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0047.348] CoInitialize (pvReserved=0x0) returned 0x0 [0047.352] CLSIDFromProgID (in: lpszProgID="WinHttp.WinHttpRequest.5.1", lpclsid=0x29fcb90 | out: lpclsid=0x29fcb90*(Data1=0x2087c2f4, Data2=0x2cef, Data3=0x4953, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x77, [4]=0x9b, [5]=0x67, [6]=0x4, [7]=0x95))) returned 0x0 [0047.738] CoCreateInstance (in: rclsid=0x29fcb90*(Data1=0x2087c2f4, Data2=0x2cef, Data3=0x4953, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x77, [4]=0x9b, [5]=0x67, [6]=0x4, [7]=0x95)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x29fcbd0*(Data1=0x6f29373, Data2=0x5c5a, Data3=0x4b54, Data4=([0]=0xb0, [1]=0x25, [2]=0x6e, [3]=0xf1, [4]=0xbf, [5]=0x8a, [6]=0xbf, [7]=0xe)), ppv=0x29fcba4 | out: ppv=0x29fcba4*=0x7124e8) returned 0x0 [0048.104] GetLastError () returned 0x0 [0048.104] SetLastError (dwErrCode=0x0) [0048.104] GetLastError () returned 0x0 [0048.104] SetLastError (dwErrCode=0x0) [0048.104] GetLastError () returned 0x0 [0048.105] SetLastError (dwErrCode=0x0) [0048.105] GetLastError () returned 0x0 [0048.105] SetLastError (dwErrCode=0x0) [0048.105] CoUninitialize () [0048.109] CryptAcquireContextA (in: phProv=0x29fb778, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x29fb778*=0x6eec98) returned 1 [0048.806] CryptGenRandom (in: hProv=0x6eec98, dwLen=0x800, pbBuffer=0x29fb7c0 | out: pbBuffer=0x29fb7c0) returned 1 [0048.806] GetTextExtentPoint32A (in: hdc=0x0, lpString=0x0, c=44037175, psizl=0x29fb744 | out: psizl=0x29fb744) returned 0 [0048.806] glViewport () returned 0x0 [0048.806] glMatrixMode () returned 0x0 [0048.806] glLoadIdentity () returned 0x0 [0048.806] glOrtho () returned 0x0 [0048.918] gluLookAt () returned 0x0 [0048.918] glMatrixMode () returned 0x0 [0048.919] GetDC (hWnd=0x0) returned 0xa0100d0 [0048.919] glViewport () returned 0x0 [0048.919] glMatrixMode () returned 0x0 [0048.919] glLoadIdentity () returned 0x0 [0048.919] glOrtho () returned 0x0 [0048.919] gluLookAt () returned 0x0 [0048.919] glMatrixMode () returned 0x0 [0048.919] GetDC (hWnd=0x0) returned 0x36010674 [0048.919] glViewport () returned 0x0 [0048.919] glMatrixMode () returned 0x0 [0048.919] glLoadIdentity () returned 0x0 [0048.919] glOrtho () returned 0x0 [0048.919] gluLookAt () returned 0x0 [0048.919] glMatrixMode () returned 0x0 [0048.919] GetDC (hWnd=0x0) returned 0x5f010699 [0048.919] glViewport () returned 0x0 [0048.919] glMatrixMode () returned 0x0 [0048.919] glLoadIdentity () returned 0x0 [0048.919] glOrtho () returned 0x0 [0048.920] gluLookAt () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] GetDC (hWnd=0x0) returned 0x22010675 [0048.920] glViewport () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] glLoadIdentity () returned 0x0 [0048.920] glOrtho () returned 0x0 [0048.920] gluLookAt () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] GetDC (hWnd=0x0) returned 0x10010735 [0048.920] glViewport () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] glLoadIdentity () returned 0x0 [0048.920] glOrtho () returned 0x0 [0048.920] gluLookAt () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] GetDC (hWnd=0x0) returned 0xe010736 [0048.920] glViewport () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] glLoadIdentity () returned 0x0 [0048.920] glOrtho () returned 0x0 [0048.920] gluLookAt () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] GetDC (hWnd=0x0) returned 0xb101067a [0048.920] glViewport () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] glLoadIdentity () returned 0x0 [0048.920] glOrtho () returned 0x0 [0048.920] gluLookAt () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.920] GetDC (hWnd=0x0) returned 0x75010727 [0048.920] glViewport () returned 0x0 [0048.920] glMatrixMode () returned 0x0 [0048.921] glLoadIdentity () returned 0x0 [0048.921] glOrtho () returned 0x0 [0048.921] gluLookAt () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] GetDC (hWnd=0x0) returned 0x1101066f [0048.921] glViewport () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] glLoadIdentity () returned 0x0 [0048.921] glOrtho () returned 0x0 [0048.921] gluLookAt () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] GetDC (hWnd=0x0) returned 0x3f0105d7 [0048.921] glViewport () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] glLoadIdentity () returned 0x0 [0048.921] glOrtho () returned 0x0 [0048.921] gluLookAt () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] GetDC (hWnd=0x0) returned 0xe5010690 [0048.921] glViewport () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] glLoadIdentity () returned 0x0 [0048.921] glOrtho () returned 0x0 [0048.921] gluLookAt () returned 0x0 [0048.921] glMatrixMode () returned 0x0 [0048.921] GetDC (hWnd=0x0) returned 0x9010748 [0048.922] glViewport () returned 0x0 [0048.922] glMatrixMode () returned 0x0 [0048.922] glLoadIdentity () returned 0x0 [0048.922] glOrtho () returned 0x0 [0048.922] gluLookAt () returned 0x0 [0048.922] glMatrixMode () returned 0x0 [0048.922] GetDC (hWnd=0x0) returned 0x24010744 [0048.922] FindFirstFileA (in: lpFileName="", lpFindFileData=0x29fb5f8 | out: lpFindFileData=0x29fb5f8) returned 0xffffffff [0048.922] CryptGenKey (in: hProv=0x6eec98, Algid=0x6801, dwFlags=0x0, phKey=0x29fbff8 | out: phKey=0x29fbff8*=0x7204c0) returned 1 [0048.923] GetDeviceCaps (hdc=0x24010744, index=8) returned 1440 [0048.923] SelectObject (hdc=0x0, h=0x79e) returned 0x0 [0048.923] CryptReleaseContext (hProv=0x6eec98, dwFlags=0x0) returned 1 [0048.923] GetDeviceCaps (hdc=0x24010744, index=10) returned 900 [0048.923] GetLastError () returned 0x6 [0048.923] SetLastError (dwErrCode=0x6) [0048.923] VirtualAlloc (lpAddress=0x0, dwSize=0x7000, flAllocationType=0x3000, flProtect=0x40) returned 0x3f0000 [0048.927] GetStockObject (i=0) returned 0x1900010 [0048.927] RegisterClassA (lpWndClass=0x29f95c8) returned 0x0 [0048.927] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0048.928] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0048.928] waveOutOpen (in: phwo=0x29f917c, uDeviceID=0xffffffff, pwfx=0x29f9148, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f917c) returned 0x0 [0051.796] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f9134 | out: ppv=0x29f9134*=0x71a2d0) returned 0x0 [0051.798] waveOutOpen (in: phwo=0x29f912c, uDeviceID=0xffffffff, pwfx=0x29f90f4, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f912c) returned 0x0 [0051.813] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.814] GetLastError () returned 0x0 [0051.814] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.815] SetLastError (dwErrCode=0x0) [0051.815] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.816] SetLastError (dwErrCode=0x0) [0051.816] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.817] GetLastError () returned 0x0 [0051.817] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.818] SetLastError (dwErrCode=0x0) [0051.818] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.819] GetLastError () returned 0x0 [0051.819] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.820] SetLastError (dwErrCode=0x0) [0051.820] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.821] SetLastError (dwErrCode=0x0) [0051.821] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.822] SetLastError (dwErrCode=0x0) [0051.822] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.823] SetLastError (dwErrCode=0x0) [0051.823] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.824] SetLastError (dwErrCode=0x0) [0051.824] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.825] SetLastError (dwErrCode=0x0) [0051.825] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.826] SetLastError (dwErrCode=0x0) [0051.826] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.827] SetLastError (dwErrCode=0x0) [0051.827] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.828] GetLastError () returned 0x0 [0051.828] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.829] SetLastError (dwErrCode=0x0) [0051.829] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.830] SetLastError (dwErrCode=0x0) [0051.830] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.831] SetLastError (dwErrCode=0x0) [0051.831] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.832] SetLastError (dwErrCode=0x0) [0051.832] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.833] GetLastError () returned 0x0 [0051.833] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.834] SetLastError (dwErrCode=0x0) [0051.834] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.835] SetLastError (dwErrCode=0x0) [0051.835] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.836] SetLastError (dwErrCode=0x0) [0051.836] GetLastError () returned 0x0 [0051.837] SetLastError (dwErrCode=0x0) [0051.837] GetLastError () returned 0x0 [0051.837] SetLastError (dwErrCode=0x0) [0051.837] GetLastError () returned 0x0 [0051.837] SetLastError (dwErrCode=0x0) [0051.837] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f80e0 | out: ppv=0x29f80e0*=0x71a2d0) returned 0x0 [0051.837] glColor3f () returned 0x0 [0051.837] glBegin () returned 0x0 [0051.837] glVertex3f () returned 0x0 [0051.837] glVertex3f () returned 0x0 [0051.837] glVertex3f () returned 0x0 [0051.837] glEnd () returned 0x0 [0051.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29f09fc | out: lpSystemTimeAsFileTime=0x29f09fc*(dwLowDateTime=0x4ee72e93, dwHighDateTime=0x1d471c9)) [0051.837] GetLastError () returned 0x36b7 [0051.837] SetLastError (dwErrCode=0x36b7) [0051.837] glClearColor () returned 0x0 [0051.837] glColor3f () returned 0x0 [0051.837] glPointSize () returned 0x0 [0051.838] CoInitialize (pvReserved=0x0) returned 0x0 [0051.885] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x29f761c | out: ppv=0x29f761c*=0x711f24) returned 0x0 [0052.454] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x711f24, retval=0x29f7618 | out: retval=0x29f7618*="") returned 0x80070534 [0052.556] GetClientRect (in: hWnd=0x0, lpRect=0x29f6d64 | out: lpRect=0x29f6d64) returned 0 [0052.556] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0052.556] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0052.556] GetSysColorBrush (nIndex=5) returned 0x110007b [0052.556] RegisterClassExA (param_1=0x29f6d28) returned 0xc15f [0052.557] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f6c00 | out: ppv=0x29f6c00*=0x71a2d0) returned 0x0 [0052.557] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0052.557] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0052.557] GetSysColorBrush (nIndex=5) returned 0x110007b [0052.557] RegisterClassExA (param_1=0x29f6bcc) returned 0x0 [0052.558] waveOutOpen (in: phwo=0x29f6bc0, uDeviceID=0xffffffff, pwfx=0x29f6b88, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f6bc0) returned 0x0 [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.672] GetLastError () returned 0x0 [0052.672] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.673] SetLastError (dwErrCode=0x0) [0052.673] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.674] GetLastError () returned 0x0 [0052.674] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.675] GetLastError () returned 0x0 [0052.675] SetLastError (dwErrCode=0x0) [0052.677] GetLastError () returned 0x0 [0052.677] SetLastError (dwErrCode=0x0) [0052.677] GetLastError () returned 0x0 [0052.677] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.678] SetLastError (dwErrCode=0x0) [0052.678] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.679] GetLastError () returned 0x0 [0052.679] SetLastError (dwErrCode=0x0) [0052.680] GetLastError () returned 0x0 [0052.680] SetLastError (dwErrCode=0x0) [0052.680] GetLastError () returned 0x0 [0052.681] SetLastError (dwErrCode=0x0) [0052.681] GetLastError () returned 0x0 [0052.681] SetLastError (dwErrCode=0x0) [0052.681] GetLastError () returned 0x0 [0052.681] SetLastError (dwErrCode=0x0) [0052.681] GetLastError () returned 0x0 [0052.681] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.682] SetLastError (dwErrCode=0x0) [0052.682] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.683] SetLastError (dwErrCode=0x0) [0052.683] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.684] SetLastError (dwErrCode=0x0) [0052.684] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.685] SetLastError (dwErrCode=0x0) [0052.685] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.686] SetLastError (dwErrCode=0x0) [0052.686] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.687] SetLastError (dwErrCode=0x0) [0052.687] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.688] SetLastError (dwErrCode=0x0) [0052.688] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.689] SetLastError (dwErrCode=0x0) [0052.689] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.690] SetLastError (dwErrCode=0x0) [0052.690] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.691] GetLastError () returned 0x0 [0052.691] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.692] SetLastError (dwErrCode=0x0) [0052.692] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.693] GetLastError () returned 0x0 [0052.693] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.694] SetLastError (dwErrCode=0x0) [0052.694] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.695] GetLastError () returned 0x0 [0052.695] SetLastError (dwErrCode=0x0) [0052.696] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0052.696] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0052.696] GetStockObject (i=0) returned 0x1900010 [0052.696] RegisterClassA (lpWndClass=0x29f5b58) returned 0xc15e [0052.696] FileTimeToLocalFileTime (in: lpFileTime=0x29f5b28, lpLocalFileTime=0x29f5b28 | out: lpLocalFileTime=0x29f5b28) returned 1 [0052.696] FileTimeToSystemTime (in: lpFileTime=0x29f5b28, lpSystemTime=0x29f5b14 | out: lpSystemTime=0x29f5b14) returned 1 [0052.696] OpenEventLogA (lpUNCServerName=0x0, lpSourceName="") returned 0x0 [0052.696] GetOldestEventLogRecord (in: hEventLog=0x0, OldestRecord=0x29f5b08 | out: OldestRecord=0x29f5b08) returned 0 [0052.696] GetNumberOfEventLogRecords (in: hEventLog=0x0, NumberOfRecords=0x29f58f4 | out: NumberOfRecords=0x29f58f4) returned 0 [0052.697] GetDC (hWnd=0x0) returned 0x4f010742 [0052.697] SelectObject (hdc=0x4f010742, h=0x79e) returned 0x0 [0052.697] wsprintfA (in: param_1=0x29f58ac, param_2="\x9e\x07" | out: param_1="\x9e\x07") returned 2 [0052.697] SelectObject (hdc=0x4f010742, h=0x0) returned 0x0 [0052.697] ReleaseDC (hWnd=0x0, hDC=0x4f010742) returned 1 [0052.697] CoInitialize (pvReserved=0x0) returned 0x1 [0052.697] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x29f5658 | out: ppv=0x29f5658*=0x6ea834) returned 0x0 [0052.698] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x6ea834, retval=0x29f5654 | out: retval=0x29f5654*="") returned 0x80070534 [0052.700] ADsGetObject (lpszPathName="", riid=0x453dc4*(Data1=0xfd8256d0, Data2=0xfd15, Data3=0x11ce, Data4=([0]=0xab, [1]=0xc4, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x9e, [6]=0x75, [7]=0x53)), ppObject=0x29f567c) returned 0x80004005 [0052.712] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627d4) returned 0xd050757 [0052.712] CreatePatternBrush (hbm=0xd050757) returned 0x610073f [0052.712] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0052.712] SelectObject (hdc=0x79e, h=0x610073f) returned 0x0 [0052.712] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0052.712] glEnable () returned 0x0 [0052.712] glShadeModel () returned 0x0 [0052.712] glEnable () returned 0x0 [0052.712] glEnable () returned 0x0 [0052.712] glEnable () returned 0x0 [0052.712] glLightfv () returned 0x0 [0052.712] glLightfv () returned 0x0 [0052.712] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f5200 | out: ppv=0x29f5200*=0x71a2d0) returned 0x0 [0052.713] waveOutOpen (in: phwo=0x29f517c, uDeviceID=0xffffffff, pwfx=0x29f5148, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f517c) returned 0x0 [0052.755] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f5134 | out: ppv=0x29f5134*=0x71a2d0) returned 0x0 [0052.755] GetDC (hWnd=0x0) returned 0x4f010742 [0052.755] SelectObject (hdc=0x4f010742, h=0x79e) returned 0x0 [0052.755] wsprintfA (in: param_1=0x29f50f8, param_2="\x9e\x07" | out: param_1="\x9e\x07") returned 2 [0052.755] SelectObject (hdc=0x4f010742, h=0x0) returned 0x0 [0052.755] ReleaseDC (hWnd=0x0, hDC=0x4f010742) returned 1 [0052.755] glEnable () returned 0x0 [0052.755] glShadeModel () returned 0x0 [0052.755] glEnable () returned 0x0 [0052.755] glEnable () returned 0x0 [0052.755] glEnable () returned 0x0 [0052.755] glLightfv () returned 0x0 [0052.755] glLightfv () returned 0x0 [0052.775] waveInOpen (in: phwi=0x29f4fd0, uDeviceID=0xffffffff, pwfx=0x29f4f9c, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x29f4fd0) returned 0x0 [0053.151] waveInPrepareHeader (in: hwi=0x72f650, pwh=0x29f4fb0, cbwh=0x20 | out: pwh=0x29f4fb0) returned 0x0 [0053.151] waveInAddBuffer (in: hwi=0x72f650, pwh=0x29f4fb0, cbwh=0x20 | out: pwh=0x29f4fb0) returned 0x0 [0053.152] glClear () returned 0x0 [0053.152] waveOutOpen (in: phwo=0x29f4f10, uDeviceID=0xffffffff, pwfx=0x29f4ed8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f4f10) returned 0x0 [0053.185] GetLastError () returned 0x0 [0053.185] SetLastError (dwErrCode=0x0) [0053.185] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.186] SetLastError (dwErrCode=0x0) [0053.186] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.187] GetLastError () returned 0x0 [0053.187] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.188] GetLastError () returned 0x0 [0053.188] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.189] SetLastError (dwErrCode=0x0) [0053.189] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.190] SetLastError (dwErrCode=0x0) [0053.190] GetLastError () returned 0x0 [0053.192] SetLastError (dwErrCode=0x0) [0053.192] GetLastError () returned 0x0 [0053.192] SetLastError (dwErrCode=0x0) [0053.192] GetLastError () returned 0x0 [0053.192] SetLastError (dwErrCode=0x0) [0053.192] GetLastError () returned 0x0 [0053.192] SetLastError (dwErrCode=0x0) [0053.192] GetLastError () returned 0x0 [0053.192] SetLastError (dwErrCode=0x0) [0053.192] GetLastError () returned 0x0 [0053.192] SetLastError (dwErrCode=0x0) [0053.192] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.193] SetLastError (dwErrCode=0x0) [0053.193] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.194] SetLastError (dwErrCode=0x0) [0053.194] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.195] SetLastError (dwErrCode=0x0) [0053.195] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.196] SetLastError (dwErrCode=0x0) [0053.196] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.197] SetLastError (dwErrCode=0x0) [0053.197] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.198] GetLastError () returned 0x0 [0053.198] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.199] SetLastError (dwErrCode=0x0) [0053.199] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.200] GetLastError () returned 0x0 [0053.200] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.201] GetLastError () returned 0x0 [0053.201] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.202] SetLastError (dwErrCode=0x0) [0053.202] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.203] SetLastError (dwErrCode=0x0) [0053.203] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.204] SetLastError (dwErrCode=0x0) [0053.204] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.205] SetLastError (dwErrCode=0x0) [0053.205] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.206] GetLastError () returned 0x0 [0053.206] SetLastError (dwErrCode=0x0) [0053.207] GetLastError () returned 0x0 [0053.207] SetLastError (dwErrCode=0x0) [0053.207] GetLastError () returned 0x0 [0053.207] SetLastError (dwErrCode=0x0) [0053.207] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f3ec0 | out: ppv=0x29f3ec0*=0x71a2d0) returned 0x0 [0053.207] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0053.207] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0053.207] GetStockObject (i=0) returned 0x1900010 [0053.207] RegisterClassA (lpWndClass=0x29f3db0) returned 0x0 [0053.207] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627e4) returned 0xd050730 [0053.207] CreatePatternBrush (hbm=0xd050730) returned 0xffffffff821005e3 [0053.207] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0053.208] SelectObject (hdc=0x79e, h=0x821005e3) returned 0x0 [0053.208] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0053.208] FileTimeToLocalFileTime (in: lpFileTime=0x29f3668, lpLocalFileTime=0x29f3668 | out: lpLocalFileTime=0x29f3668) returned 1 [0053.208] FileTimeToSystemTime (in: lpFileTime=0x29f3668, lpSystemTime=0x29f3654 | out: lpSystemTime=0x29f3654) returned 1 [0053.208] CoInitialize (pvReserved=0x0) returned 0x1 [0053.208] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x29f3404 | out: ppv=0x29f3404*=0x731d9c) returned 0x0 [0053.208] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x731d9c, retval=0x29f3400 | out: retval=0x29f3400*="") returned 0x80070534 [0053.211] GetAsyncKeyState (vKey=39) returned 0 [0053.211] waveOutOpen (in: phwo=0x29f321c, uDeviceID=0xffffffff, pwfx=0x29f31e8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f321c) returned 0x0 [0053.229] GetAsyncKeyState (vKey=39) returned 0 [0053.229] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627f4) returned 0x2105068e [0053.229] CreatePatternBrush (hbm=0x2105068e) returned 0xa100749 [0053.229] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0053.229] SelectObject (hdc=0x79e, h=0xa100749) returned 0x0 [0053.229] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0053.243] waveInOpen (in: phwi=0x29f2df4, uDeviceID=0xffffffff, pwfx=0x29f2dc0, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x29f2df4) returned 0x0 [0053.254] waveInPrepareHeader (in: hwi=0x72f1a0, pwh=0x29f2dd4, cbwh=0x20 | out: pwh=0x29f2dd4) returned 0x0 [0053.255] waveInAddBuffer (in: hwi=0x72f1a0, pwh=0x29f2dd4, cbwh=0x20 | out: pwh=0x29f2dd4) returned 0x0 [0053.255] OpenEventLogA (lpUNCServerName=0x0, lpSourceName="") returned 0x0 [0053.255] GetOldestEventLogRecord (in: hEventLog=0x0, OldestRecord=0x29f2db4 | out: OldestRecord=0x29f2db4) returned 0 [0053.256] GetNumberOfEventLogRecords (in: hEventLog=0x0, NumberOfRecords=0x29f2b9c | out: NumberOfRecords=0x29f2b9c) returned 0 [0053.257] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f2b7c | out: ppv=0x29f2b7c*=0x71a2d0) returned 0x0 [0053.257] glEnable () returned 0x0 [0053.257] glShadeModel () returned 0x0 [0053.257] glEnable () returned 0x0 [0053.257] glEnable () returned 0x0 [0053.257] glEnable () returned 0x0 [0053.257] glLightfv () returned 0x0 [0053.257] glLightfv () returned 0x0 [0053.257] GetStockObject (i=0) returned 0x1900010 [0053.257] RegisterClassA (lpWndClass=0x29f2ae0) returned 0xc15d [0053.258] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0053.258] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0053.258] waveOutOpen (in: phwo=0x29f2974, uDeviceID=0xffffffff, pwfx=0x29f2940, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x29f2974) returned 0x0 [0053.295] CoInitialize (pvReserved=0x0) returned 0x1 [0053.295] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x29f272c | out: ppv=0x29f272c*=0x731cfc) returned 0x0 [0053.296] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x731cfc, retval=0x29f2728 | out: retval=0x29f2728*="") returned 0x80070534 [0053.296] glClear () returned 0x0 [0053.296] CoInitialize (pvReserved=0x0) returned 0x1 [0053.296] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x29f23b4 | out: ppv=0x29f23b4*=0x731dec) returned 0x0 [0053.296] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x731dec, retval=0x29f23b0 | out: retval=0x29f23b0*="") returned 0x80070534 [0053.300] glColor3f () returned 0x0 [0053.300] glBegin () returned 0x0 [0053.300] glVertex3f () returned 0x0 [0053.300] glVertex3f () returned 0x0 [0053.300] glVertex3f () returned 0x0 [0053.300] glEnd () returned 0x0 [0053.300] GetDlgItem (hDlg=0x0, nIDDlgItem=0) returned 0x0 [0053.300] GetClientRect (in: hWnd=0x0, lpRect=0x29f2330 | out: lpRect=0x29f2330) returned 0 [0053.300] GetSystemMetrics (nIndex=52) returned 22 [0053.300] GetSystemMetrics (nIndex=53) returned 22 [0053.300] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29f20f0 | out: ppv=0x29f20f0*=0x71a2d0) returned 0x0 [0053.300] glColor3f () returned 0x0 [0053.301] glBegin () returned 0x0 [0053.301] glVertex3f () returned 0x0 [0053.301] glVertex3f () returned 0x0 [0053.301] glVertex3f () returned 0x0 [0053.301] glEnd () returned 0x0 [0053.687] waveInOpen (in: phwi=0x29f20dc, uDeviceID=0xffffffff, pwfx=0x29f20a8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x29f20dc) returned 0x0 [0054.018] waveInPrepareHeader (in: hwi=0x72f330, pwh=0x29f20bc, cbwh=0x20 | out: pwh=0x29f20bc) returned 0x0 [0054.019] waveInAddBuffer (in: hwi=0x72f330, pwh=0x29f20bc, cbwh=0x20 | out: pwh=0x29f20bc) returned 0x0 [0054.019] GetClientRect (in: hWnd=0x0, lpRect=0x29f2018 | out: lpRect=0x29f2018) returned 0 [0054.019] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x462804) returned 0x7050740 [0054.019] CreatePatternBrush (hbm=0x7050740) returned 0x29100697 [0054.019] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0054.019] SelectObject (hdc=0x79e, h=0x29100697) returned 0x0 [0054.019] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0054.019] GetStockObject (i=0) returned 0x1900010 [0054.019] RegisterClassA (lpWndClass=0x29f1c70) returned 0x0 [0054.022] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0054.022] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0054.024] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0054.024] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0054.024] GetSysColorBrush (nIndex=5) returned 0x110007b [0054.024] RegisterClassExA (param_1=0x29f12c8) returned 0x0 [0054.024] FileTimeToLocalFileTime (in: lpFileTime=0x29f12b0, lpLocalFileTime=0x29f12b0 | out: lpLocalFileTime=0x29f12b0) returned 1 [0054.024] FileTimeToSystemTime (in: lpFileTime=0x29f12b0, lpSystemTime=0x29f129c | out: lpSystemTime=0x29f129c) returned 1 [0054.039] waveInOpen (in: phwi=0x29f0bac, uDeviceID=0xffffffff, pwfx=0x29f0b78, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x29f0bac) returned 0x0 [0054.056] waveInPrepareHeader (in: hwi=0x72eb10, pwh=0x29f0b8c, cbwh=0x20 | out: pwh=0x29f0b8c) returned 0x0 [0054.057] waveInAddBuffer (in: hwi=0x72eb10, pwh=0x29f0b8c, cbwh=0x20 | out: pwh=0x29f0b8c) returned 0x0 [0054.057] InsertMenuItemA (hmenu=0x79e, item=0x79e, fByPosition=1, lpmi=0x29fb410) returned 0 [0054.057] PdhOpenQueryA (in: szDataSource="", dwUserData=0x0, phQuery=0x29fb450 | out: phQuery=0x29fb450) returned 0xc0000bbd [0054.058] PdhAddCounterW (in: hQuery=0x0, szFullCounterPath="\\Processor(0)\\% Processor Time", dwUserData=0x0, phCounter=0x29fb458 | out: phCounter=0x29fb458) returned 0xc0000bbc [0054.265] PdhCollectQueryData (in: hQuery=0x0 | out: hQuery=0x0) returned 0xc0000bbc [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.265] SetLastError (dwErrCode=0x579) [0054.265] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.266] GetLastError () returned 0x579 [0054.266] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.267] GetLastError () returned 0x579 [0054.267] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.268] GetLastError () returned 0x579 [0054.268] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.269] SetLastError (dwErrCode=0x579) [0054.269] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.270] GetLastError () returned 0x579 [0054.270] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.271] GetLastError () returned 0x579 [0054.271] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.272] GetLastError () returned 0x579 [0054.272] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.273] GetLastError () returned 0x579 [0054.273] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.274] GetLastError () returned 0x579 [0054.274] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.275] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.275] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.275] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.275] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.275] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.275] SetLastError (dwErrCode=0x579) [0054.275] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.276] GetLastError () returned 0x579 [0054.276] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.277] GetLastError () returned 0x579 [0054.277] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.278] GetLastError () returned 0x579 [0054.278] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.279] GetLastError () returned 0x579 [0054.279] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.280] SetLastError (dwErrCode=0x579) [0054.280] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.281] SetLastError (dwErrCode=0x579) [0054.281] GetLastError () returned 0x579 [0054.282] SetLastError (dwErrCode=0x579) [0054.282] GetLastError () returned 0x579 [0054.282] SetLastError (dwErrCode=0x579) [0054.282] GetLastError () returned 0x579 [0054.282] SetLastError (dwErrCode=0x579) [0054.282] GetLastError () returned 0x579 [0054.282] SetLastError (dwErrCode=0x579) [0054.282] GetLastError () returned 0x579 [0054.282] SetLastError (dwErrCode=0x579) [0054.282] GetLastError () returned 0x579 [0054.282] SetLastError (dwErrCode=0x579) [0054.282] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.283] GetLastError () returned 0x579 [0054.283] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.284] GetLastError () returned 0x579 [0054.284] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.285] GetLastError () returned 0x579 [0054.285] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.286] GetLastError () returned 0x579 [0054.286] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.287] SetLastError (dwErrCode=0x579) [0054.287] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.288] GetLastError () returned 0x579 [0054.288] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.289] GetLastError () returned 0x579 [0054.289] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.290] SetLastError (dwErrCode=0x579) [0054.290] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.291] SetLastError (dwErrCode=0x579) [0054.291] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.292] SetLastError (dwErrCode=0x579) [0054.292] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.293] GetLastError () returned 0x579 [0054.293] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.294] SetLastError (dwErrCode=0x579) [0054.294] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.295] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.295] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.295] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.295] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.295] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.295] GetLastError () returned 0x579 [0054.295] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.296] GetLastError () returned 0x579 [0054.296] SetLastError (dwErrCode=0x579) [0054.325] InsertMenuItemA (hmenu=0x79e, item=0x0, fByPosition=1, lpmi=0x29fb410) returned 0 [0054.325] GetCursorPos (in: lpPoint=0x29fb4ac | out: lpPoint=0x29fb4ac*(x=850, y=596)) returned 1 [0054.325] TrackPopupMenuEx (param_1=0x79e, param_2=0x0, param_3=850, param_4=596, param_5=0x0, param_6=0x0) returned 0 [0054.326] SQLAllocHandle () returned 0x0 [0054.383] SQLSetEnvAttr () returned 0x0 [0054.383] SQLAllocHandle () returned 0x74b40000 [0054.383] SQLDriverConnectA () returned 0xffff [0054.538] SQLAllocHandle () returned 0x74b4ffff [0054.543] SQLPrepareA () returned 0x74b4fffe [0054.544] SQLBindParameter () returned 0x74b4fffe [0054.546] SQLExecute () returned 0xfffe [0054.546] SQLCloseCursor () returned 0x74b4fffe [0054.546] SQLFreeHandle () returned 0x74b4fffe [0054.546] SQLAllocHandle () returned 0x74b4ffff [0054.546] SQLPrepareA () returned 0x74b4fffe [0054.546] SQLBindParameter () returned 0x74b4fffe [0054.546] SQLExecute () returned 0xfffe [0054.546] SQLCloseCursor () returned 0x74b4fffe [0054.546] SQLFreeHandle () returned 0x74b4fffe [0054.546] SQLAllocHandle () returned 0x74b4ffff [0054.546] SQLPrepareA () returned 0x74b4fffe [0054.546] SQLBindParameter () returned 0x74b4fffe [0054.546] SQLExecute () returned 0xfffe [0054.546] SQLCloseCursor () returned 0x74b4fffe [0054.546] SQLFreeHandle () returned 0x74b4fffe [0054.546] SQLAllocHandle () returned 0x74b4ffff [0054.546] SQLPrepareA () returned 0x74b4fffe [0054.546] SQLBindParameter () returned 0x74b4fffe [0054.547] SQLExecute () returned 0xfffe [0054.547] SQLCloseCursor () returned 0x74b4fffe [0054.547] SQLFreeHandle () returned 0x74b4fffe [0054.547] SQLAllocHandle () returned 0x74b4ffff [0054.547] SQLPrepareA () returned 0x74b4fffe [0054.547] SQLBindParameter () returned 0x74b4fffe [0054.547] SQLExecute () returned 0xfffe [0054.547] SQLCloseCursor () returned 0x74b4fffe [0054.547] SQLFreeHandle () returned 0x74b4fffe [0054.547] SQLAllocHandle () returned 0x74b4ffff [0054.547] SQLPrepareA () returned 0x74b4fffe [0054.547] SQLBindParameter () returned 0x74b4fffe [0054.547] SQLExecute () returned 0xfffe [0054.548] SQLCloseCursor () returned 0x74b4fffe [0054.548] SQLFreeHandle () returned 0x74b4fffe [0054.548] SQLAllocHandle () returned 0x74b4ffff [0054.548] SQLPrepareA () returned 0x74b4fffe [0054.548] SQLBindParameter () returned 0x74b4fffe [0054.548] SQLExecute () returned 0xfffe [0054.548] SQLCloseCursor () returned 0x74b4fffe [0054.548] SQLFreeHandle () returned 0x74b4fffe [0054.548] SQLAllocHandle () returned 0x74b4ffff [0054.548] SQLPrepareA () returned 0x74b4fffe [0054.548] SQLBindParameter () returned 0x74b4fffe [0054.548] SQLExecute () returned 0xfffe [0054.548] SQLCloseCursor () returned 0x74b4fffe [0054.548] SQLFreeHandle () returned 0x74b4fffe [0054.548] SQLAllocHandle () returned 0x74b4ffff [0054.549] SQLPrepareA () returned 0x74b4fffe [0054.549] SQLBindParameter () returned 0x74b4fffe [0054.549] SQLExecute () returned 0xfffe [0054.549] SQLCloseCursor () returned 0x74b4fffe [0054.549] SQLFreeHandle () returned 0x74b4fffe [0054.549] SQLAllocHandle () returned 0x74b4ffff [0054.549] SQLPrepareA () returned 0x74b4fffe [0054.549] SQLBindParameter () returned 0x74b4fffe [0054.549] SQLExecute () returned 0xfffe [0054.549] SQLCloseCursor () returned 0x74b4fffe [0054.549] SQLFreeHandle () returned 0x74b4fffe [0054.549] SQLAllocHandle () returned 0x74b4ffff [0054.549] SQLPrepareA () returned 0x74b4fffe [0054.549] SQLBindParameter () returned 0x74b4fffe [0054.549] SQLExecute () returned 0xfffe [0054.549] SQLCloseCursor () returned 0x74b4fffe [0054.549] SQLFreeHandle () returned 0x74b4fffe [0054.549] SQLAllocHandle () returned 0x74b4ffff [0054.549] SQLPrepareA () returned 0x74b4fffe [0054.549] SQLBindParameter () returned 0x74b4fffe [0054.549] SQLExecute () returned 0xfffe [0054.549] SQLCloseCursor () returned 0x74b4fffe [0054.549] SQLFreeHandle () returned 0x74b4fffe [0054.549] SQLAllocHandle () returned 0x74b4ffff [0054.549] SQLPrepareA () returned 0x74b4fffe [0054.549] SQLBindParameter () returned 0x74b4fffe [0054.549] SQLExecute () returned 0xfffe [0054.549] SQLCloseCursor () returned 0x74b4fffe [0054.549] SQLFreeHandle () returned 0x74b4fffe [0054.549] SQLAllocHandle () returned 0x74b4ffff [0054.549] SQLPrepareA () returned 0x74b4fffe [0054.549] SQLBindParameter () returned 0x74b4fffe [0054.549] SQLExecute () returned 0xfffe [0054.549] SQLCloseCursor () returned 0x74b4fffe [0054.549] SQLFreeHandle () returned 0x74b4fffe [0054.549] SQLAllocHandle () returned 0x74b4ffff [0054.550] SQLPrepareA () returned 0x74b4fffe [0054.550] SQLBindParameter () returned 0x74b4fffe [0054.550] SQLExecute () returned 0xfffe [0054.550] SQLCloseCursor () returned 0x74b4fffe [0054.550] SQLFreeHandle () returned 0x74b4fffe [0054.550] SQLAllocHandle () returned 0x74b4ffff [0054.550] SQLPrepareA () returned 0x74b4fffe [0054.550] SQLBindParameter () returned 0x74b4fffe [0054.550] SQLExecute () returned 0xfffe [0054.550] SQLCloseCursor () returned 0x74b4fffe [0054.550] SQLFreeHandle () returned 0x74b4fffe [0054.550] SQLAllocHandle () returned 0x74b4ffff [0054.550] SQLPrepareA () returned 0x74b4fffe [0054.550] SQLBindParameter () returned 0x74b4fffe [0054.550] SQLExecute () returned 0xfffe [0054.550] SQLCloseCursor () returned 0x74b4fffe [0054.550] SQLFreeHandle () returned 0x74b4fffe [0054.550] SQLAllocHandle () returned 0x74b4ffff [0054.550] SQLPrepareA () returned 0x74b4fffe [0054.550] SQLBindParameter () returned 0x74b4fffe [0054.550] SQLExecute () returned 0xfffe [0054.550] SQLCloseCursor () returned 0x74b4fffe [0054.550] SQLFreeHandle () returned 0x74b4fffe [0054.550] SQLAllocHandle () returned 0x74b4ffff [0054.550] SQLPrepareA () returned 0x74b4fffe [0054.550] SQLBindParameter () returned 0x74b4fffe [0054.550] SQLExecute () returned 0xfffe [0054.550] SQLCloseCursor () returned 0x74b4fffe [0054.550] SQLFreeHandle () returned 0x74b4fffe [0054.550] SQLAllocHandle () returned 0x74b4ffff [0054.550] SQLPrepareA () returned 0x74b4fffe [0054.550] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.551] SQLAllocHandle () returned 0x74b4ffff [0054.551] SQLPrepareA () returned 0x74b4fffe [0054.551] SQLBindParameter () returned 0x74b4fffe [0054.551] SQLExecute () returned 0xfffe [0054.551] SQLCloseCursor () returned 0x74b4fffe [0054.551] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.552] SQLCloseCursor () returned 0x74b4fffe [0054.552] SQLFreeHandle () returned 0x74b4fffe [0054.552] SQLAllocHandle () returned 0x74b4ffff [0054.552] SQLPrepareA () returned 0x74b4fffe [0054.552] SQLBindParameter () returned 0x74b4fffe [0054.552] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.553] SQLPrepareA () returned 0x74b4fffe [0054.553] SQLBindParameter () returned 0x74b4fffe [0054.553] SQLExecute () returned 0xfffe [0054.553] SQLCloseCursor () returned 0x74b4fffe [0054.553] SQLFreeHandle () returned 0x74b4fffe [0054.553] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.554] SQLCloseCursor () returned 0x74b4fffe [0054.554] SQLFreeHandle () returned 0x74b4fffe [0054.554] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.554] SQLCloseCursor () returned 0x74b4fffe [0054.554] SQLFreeHandle () returned 0x74b4fffe [0054.554] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.554] SQLCloseCursor () returned 0x74b4fffe [0054.554] SQLFreeHandle () returned 0x74b4fffe [0054.554] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.554] SQLCloseCursor () returned 0x74b4fffe [0054.554] SQLFreeHandle () returned 0x74b4fffe [0054.554] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.554] SQLCloseCursor () returned 0x74b4fffe [0054.554] SQLFreeHandle () returned 0x74b4fffe [0054.554] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.554] SQLCloseCursor () returned 0x74b4fffe [0054.554] SQLFreeHandle () returned 0x74b4fffe [0054.554] SQLAllocHandle () returned 0x74b4ffff [0054.554] SQLPrepareA () returned 0x74b4fffe [0054.554] SQLBindParameter () returned 0x74b4fffe [0054.554] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.555] SQLBindParameter () returned 0x74b4fffe [0054.555] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.555] SQLBindParameter () returned 0x74b4fffe [0054.555] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.555] SQLBindParameter () returned 0x74b4fffe [0054.555] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.555] SQLBindParameter () returned 0x74b4fffe [0054.555] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.555] SQLBindParameter () returned 0x74b4fffe [0054.555] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.555] SQLBindParameter () returned 0x74b4fffe [0054.555] SQLExecute () returned 0xfffe [0054.555] SQLCloseCursor () returned 0x74b4fffe [0054.555] SQLFreeHandle () returned 0x74b4fffe [0054.555] SQLAllocHandle () returned 0x74b4ffff [0054.555] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.556] SQLAllocHandle () returned 0x74b4ffff [0054.556] SQLPrepareA () returned 0x74b4fffe [0054.556] SQLBindParameter () returned 0x74b4fffe [0054.556] SQLExecute () returned 0xfffe [0054.556] SQLCloseCursor () returned 0x74b4fffe [0054.556] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.557] SQLAllocHandle () returned 0x74b4ffff [0054.557] SQLPrepareA () returned 0x74b4fffe [0054.557] SQLBindParameter () returned 0x74b4fffe [0054.557] SQLExecute () returned 0xfffe [0054.557] SQLCloseCursor () returned 0x74b4fffe [0054.557] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.558] SQLCloseCursor () returned 0x74b4fffe [0054.558] SQLFreeHandle () returned 0x74b4fffe [0054.558] SQLAllocHandle () returned 0x74b4ffff [0054.558] SQLPrepareA () returned 0x74b4fffe [0054.558] SQLBindParameter () returned 0x74b4fffe [0054.558] SQLExecute () returned 0xfffe [0054.559] SQLCloseCursor () returned 0x74b4fffe [0054.559] SQLFreeHandle () returned 0x74b4fffe [0054.559] SQLAllocHandle () returned 0x74b4ffff [0054.559] SQLPrepareA () returned 0x74b4fffe [0054.559] SQLBindParameter () returned 0x74b4fffe [0054.559] SQLExecute () returned 0xfffe [0054.559] SQLCloseCursor () returned 0x74b4fffe [0054.559] SQLFreeHandle () returned 0x74b4fffe [0054.559] SQLAllocHandle () returned 0x74b4ffff [0054.559] SQLPrepareA () returned 0x74b4fffe [0054.559] SQLBindParameter () returned 0x74b4fffe [0054.559] SQLExecute () returned 0xfffe [0054.559] SQLCloseCursor () returned 0x74b4fffe [0054.559] SQLFreeHandle () returned 0x74b4fffe [0054.559] SQLAllocHandle () returned 0x74b4ffff [0054.559] SQLPrepareA () returned 0x74b4fffe [0054.559] SQLBindParameter () returned 0x74b4fffe [0054.559] SQLExecute () returned 0xfffe [0054.559] SQLCloseCursor () returned 0x74b4fffe [0054.559] SQLFreeHandle () returned 0x74b4fffe [0054.559] SQLAllocHandle () returned 0x74b4ffff [0054.559] SQLPrepareA () returned 0x74b4fffe [0054.559] SQLBindParameter () returned 0x74b4fffe [0054.559] SQLExecute () returned 0xfffe [0054.559] SQLCloseCursor () returned 0x74b4fffe [0054.559] SQLFreeHandle () returned 0x74b4fffe [0054.559] SQLAllocHandle () returned 0x74b4ffff [0054.559] SQLPrepareA () returned 0x74b4fffe [0054.559] SQLBindParameter () returned 0x74b4fffe [0054.559] SQLExecute () returned 0xfffe [0054.559] SQLCloseCursor () returned 0x74b4fffe [0054.559] SQLFreeHandle () returned 0x74b4fffe [0054.559] SQLAllocHandle () returned 0x74b4ffff [0054.559] SQLPrepareA () returned 0x74b4fffe [0054.559] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.560] SQLFreeHandle () returned 0x74b4fffe [0054.560] SQLAllocHandle () returned 0x74b4ffff [0054.560] SQLPrepareA () returned 0x74b4fffe [0054.560] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.560] SQLFreeHandle () returned 0x74b4fffe [0054.560] SQLAllocHandle () returned 0x74b4ffff [0054.560] SQLPrepareA () returned 0x74b4fffe [0054.560] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.560] SQLFreeHandle () returned 0x74b4fffe [0054.560] SQLAllocHandle () returned 0x74b4ffff [0054.560] SQLPrepareA () returned 0x74b4fffe [0054.560] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.560] SQLFreeHandle () returned 0x74b4fffe [0054.560] SQLAllocHandle () returned 0x74b4ffff [0054.560] SQLPrepareA () returned 0x74b4fffe [0054.560] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.560] SQLFreeHandle () returned 0x74b4fffe [0054.560] SQLAllocHandle () returned 0x74b4ffff [0054.560] SQLPrepareA () returned 0x74b4fffe [0054.560] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.560] SQLFreeHandle () returned 0x74b4fffe [0054.560] SQLAllocHandle () returned 0x74b4ffff [0054.560] SQLPrepareA () returned 0x74b4fffe [0054.560] SQLBindParameter () returned 0x74b4fffe [0054.560] SQLExecute () returned 0xfffe [0054.560] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.561] SQLFreeHandle () returned 0x74b4fffe [0054.561] SQLAllocHandle () returned 0x74b4ffff [0054.561] SQLPrepareA () returned 0x74b4fffe [0054.561] SQLBindParameter () returned 0x74b4fffe [0054.561] SQLExecute () returned 0xfffe [0054.561] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.562] SQLFreeHandle () returned 0x74b4fffe [0054.562] SQLAllocHandle () returned 0x74b4ffff [0054.562] SQLPrepareA () returned 0x74b4fffe [0054.562] SQLBindParameter () returned 0x74b4fffe [0054.562] SQLExecute () returned 0xfffe [0054.562] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.563] SQLExecute () returned 0xfffe [0054.563] SQLCloseCursor () returned 0x74b4fffe [0054.563] SQLFreeHandle () returned 0x74b4fffe [0054.563] SQLAllocHandle () returned 0x74b4ffff [0054.563] SQLPrepareA () returned 0x74b4fffe [0054.563] SQLBindParameter () returned 0x74b4fffe [0054.564] SQLExecute () returned 0xfffe [0054.564] SQLCloseCursor () returned 0x74b4fffe [0054.564] SQLFreeHandle () returned 0x74b4fffe [0054.564] SQLAllocHandle () returned 0x74b4ffff [0054.564] SQLPrepareA () returned 0x74b4fffe [0054.564] SQLBindParameter () returned 0x74b4fffe [0054.564] SQLExecute () returned 0xfffe [0054.564] SQLCloseCursor () returned 0x74b4fffe [0054.564] SQLFreeHandle () returned 0x74b4fffe [0054.564] SQLAllocHandle () returned 0x74b4ffff [0054.564] SQLPrepareA () returned 0x74b4fffe [0054.564] SQLBindParameter () returned 0x74b4fffe [0054.564] SQLExecute () returned 0xfffe [0054.564] SQLCloseCursor () returned 0x74b4fffe [0054.564] SQLFreeHandle () returned 0x74b4fffe [0054.564] SQLAllocHandle () returned 0x74b4ffff [0054.564] SQLPrepareA () returned 0x74b4fffe [0054.564] SQLBindParameter () returned 0x74b4fffe [0054.564] SQLExecute () returned 0xfffe [0054.564] SQLCloseCursor () returned 0x74b4fffe [0054.564] SQLFreeHandle () returned 0x74b4fffe [0054.564] SQLAllocHandle () returned 0x74b4ffff [0054.564] SQLPrepareA () returned 0x74b4fffe [0054.564] SQLBindParameter () returned 0x74b4fffe [0054.564] SQLExecute () returned 0xfffe [0054.564] SQLCloseCursor () returned 0x74b4fffe [0054.564] SQLFreeHandle () returned 0x74b4fffe [0054.564] SQLAllocHandle () returned 0x74b4ffff [0054.565] SQLPrepareA () returned 0x74b4fffe [0054.565] SQLBindParameter () returned 0x74b4fffe [0054.565] SQLExecute () returned 0xfffe [0054.565] SQLCloseCursor () returned 0x74b4fffe [0054.565] SQLFreeHandle () returned 0x74b4fffe [0054.565] SQLAllocHandle () returned 0x74b4ffff [0054.565] SQLPrepareA () returned 0x74b4fffe [0054.565] SQLBindParameter () returned 0x74b4fffe [0054.565] SQLExecute () returned 0xfffe [0054.565] SQLCloseCursor () returned 0x74b4fffe [0054.565] SQLFreeHandle () returned 0x74b4fffe [0054.565] SQLAllocHandle () returned 0x74b4ffff [0054.565] SQLPrepareA () returned 0x74b4fffe [0054.565] SQLBindParameter () returned 0x74b4fffe [0054.565] SQLExecute () returned 0xfffe [0054.565] SQLCloseCursor () returned 0x74b4fffe [0054.565] SQLFreeHandle () returned 0x74b4fffe [0054.565] SQLAllocHandle () returned 0x74b4ffff [0054.565] SQLPrepareA () returned 0x74b4fffe [0054.565] SQLBindParameter () returned 0x74b4fffe [0054.565] SQLExecute () returned 0xfffe [0054.565] SQLCloseCursor () returned 0x74b4fffe [0054.565] SQLFreeHandle () returned 0x74b4fffe [0054.565] SQLAllocHandle () returned 0x74b4ffff [0054.565] SQLPrepareA () returned 0x74b4fffe [0054.565] SQLBindParameter () returned 0x74b4fffe [0054.565] SQLExecute () returned 0xfffe [0054.565] SQLCloseCursor () returned 0x74b4fffe [0054.565] SQLFreeHandle () returned 0x74b4fffe [0054.565] SQLAllocHandle () returned 0x74b4ffff [0054.565] SQLPrepareA () returned 0x74b4fffe [0054.565] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.566] SQLExecute () returned 0xfffe [0054.566] SQLCloseCursor () returned 0x74b4fffe [0054.566] SQLFreeHandle () returned 0x74b4fffe [0054.566] SQLAllocHandle () returned 0x74b4ffff [0054.566] SQLPrepareA () returned 0x74b4fffe [0054.566] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.567] SQLFreeHandle () returned 0x74b4fffe [0054.567] SQLAllocHandle () returned 0x74b4ffff [0054.567] SQLPrepareA () returned 0x74b4fffe [0054.567] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.567] SQLFreeHandle () returned 0x74b4fffe [0054.567] SQLAllocHandle () returned 0x74b4ffff [0054.567] SQLPrepareA () returned 0x74b4fffe [0054.567] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.567] SQLFreeHandle () returned 0x74b4fffe [0054.567] SQLAllocHandle () returned 0x74b4ffff [0054.567] SQLPrepareA () returned 0x74b4fffe [0054.567] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.567] SQLFreeHandle () returned 0x74b4fffe [0054.567] SQLAllocHandle () returned 0x74b4ffff [0054.567] SQLPrepareA () returned 0x74b4fffe [0054.567] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.567] SQLFreeHandle () returned 0x74b4fffe [0054.567] SQLAllocHandle () returned 0x74b4ffff [0054.567] SQLPrepareA () returned 0x74b4fffe [0054.567] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.567] SQLFreeHandle () returned 0x74b4fffe [0054.567] SQLAllocHandle () returned 0x74b4ffff [0054.567] SQLPrepareA () returned 0x74b4fffe [0054.567] SQLBindParameter () returned 0x74b4fffe [0054.567] SQLExecute () returned 0xfffe [0054.567] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.568] SQLBindParameter () returned 0x74b4fffe [0054.568] SQLExecute () returned 0xfffe [0054.568] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.568] SQLBindParameter () returned 0x74b4fffe [0054.568] SQLExecute () returned 0xfffe [0054.568] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.568] SQLBindParameter () returned 0x74b4fffe [0054.568] SQLExecute () returned 0xfffe [0054.568] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.568] SQLBindParameter () returned 0x74b4fffe [0054.568] SQLExecute () returned 0xfffe [0054.568] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.568] SQLBindParameter () returned 0x74b4fffe [0054.568] SQLExecute () returned 0xfffe [0054.568] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.568] SQLBindParameter () returned 0x74b4fffe [0054.568] SQLExecute () returned 0xfffe [0054.568] SQLCloseCursor () returned 0x74b4fffe [0054.568] SQLFreeHandle () returned 0x74b4fffe [0054.568] SQLAllocHandle () returned 0x74b4ffff [0054.568] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.569] SQLExecute () returned 0xfffe [0054.569] SQLCloseCursor () returned 0x74b4fffe [0054.569] SQLFreeHandle () returned 0x74b4fffe [0054.569] SQLAllocHandle () returned 0x74b4ffff [0054.569] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.569] SQLExecute () returned 0xfffe [0054.569] SQLCloseCursor () returned 0x74b4fffe [0054.569] SQLFreeHandle () returned 0x74b4fffe [0054.569] SQLAllocHandle () returned 0x74b4ffff [0054.569] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.569] SQLExecute () returned 0xfffe [0054.569] SQLCloseCursor () returned 0x74b4fffe [0054.569] SQLFreeHandle () returned 0x74b4fffe [0054.569] SQLAllocHandle () returned 0x74b4ffff [0054.569] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.569] SQLExecute () returned 0xfffe [0054.569] SQLCloseCursor () returned 0x74b4fffe [0054.569] SQLFreeHandle () returned 0x74b4fffe [0054.569] SQLAllocHandle () returned 0x74b4ffff [0054.569] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.569] SQLExecute () returned 0xfffe [0054.569] SQLCloseCursor () returned 0x74b4fffe [0054.569] SQLFreeHandle () returned 0x74b4fffe [0054.569] SQLAllocHandle () returned 0x74b4ffff [0054.569] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.569] SQLExecute () returned 0xfffe [0054.569] SQLCloseCursor () returned 0x74b4fffe [0054.569] SQLFreeHandle () returned 0x74b4fffe [0054.569] SQLAllocHandle () returned 0x74b4ffff [0054.569] SQLPrepareA () returned 0x74b4fffe [0054.569] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.570] SQLFreeHandle () returned 0x74b4fffe [0054.570] SQLAllocHandle () returned 0x74b4ffff [0054.570] SQLPrepareA () returned 0x74b4fffe [0054.570] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.570] SQLFreeHandle () returned 0x74b4fffe [0054.570] SQLAllocHandle () returned 0x74b4ffff [0054.570] SQLPrepareA () returned 0x74b4fffe [0054.570] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.570] SQLFreeHandle () returned 0x74b4fffe [0054.570] SQLAllocHandle () returned 0x74b4ffff [0054.570] SQLPrepareA () returned 0x74b4fffe [0054.570] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.570] SQLFreeHandle () returned 0x74b4fffe [0054.570] SQLAllocHandle () returned 0x74b4ffff [0054.570] SQLPrepareA () returned 0x74b4fffe [0054.570] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.570] SQLFreeHandle () returned 0x74b4fffe [0054.570] SQLAllocHandle () returned 0x74b4ffff [0054.570] SQLPrepareA () returned 0x74b4fffe [0054.570] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.570] SQLFreeHandle () returned 0x74b4fffe [0054.570] SQLAllocHandle () returned 0x74b4ffff [0054.570] SQLPrepareA () returned 0x74b4fffe [0054.570] SQLBindParameter () returned 0x74b4fffe [0054.570] SQLExecute () returned 0xfffe [0054.570] SQLCloseCursor () returned 0x74b4fffe [0054.571] SQLFreeHandle () returned 0x74b4fffe [0054.571] SQLAllocHandle () returned 0x74b4ffff [0054.571] SQLPrepareA () returned 0x74b4fffe [0054.571] SQLBindParameter () returned 0x74b4fffe [0054.571] SQLExecute () returned 0xfffe [0054.571] SQLCloseCursor () returned 0x74b4fffe [0054.571] SQLFreeHandle () returned 0x74b4fffe [0054.571] SQLAllocHandle () returned 0x74b4ffff [0054.571] SQLPrepareA () returned 0x74b4fffe [0054.571] SQLBindParameter () returned 0x74b4fffe [0054.571] SQLExecute () returned 0xfffe [0054.571] SQLCloseCursor () returned 0x74b4fffe [0054.571] SQLFreeHandle () returned 0x74b4fffe [0054.571] SQLAllocHandle () returned 0x74b4ffff [0054.571] SQLPrepareA () returned 0x74b4fffe [0054.571] SQLBindParameter () returned 0x74b4fffe [0054.571] SQLExecute () returned 0xfffe [0054.571] SQLCloseCursor () returned 0x74b4fffe [0054.571] SQLFreeHandle () returned 0x74b4fffe [0054.571] SQLAllocHandle () returned 0x74b4ffff [0054.571] SQLPrepareA () returned 0x74b4fffe [0054.571] SQLBindParameter () returned 0x74b4fffe [0054.571] SQLExecute () returned 0xfffe [0054.571] SQLCloseCursor () returned 0x74b4fffe [0054.571] SQLFreeHandle () returned 0x74b4fffe [0054.571] SQLAllocHandle () returned 0x74b4ffff [0054.571] SQLPrepareA () returned 0x74b4fffe [0054.571] SQLBindParameter () returned 0x74b4fffe [0054.571] SQLExecute () returned 0xfffe [0054.571] SQLCloseCursor () returned 0x74b4fffe [0054.571] SQLFreeHandle () returned 0x74b4fffe [0054.571] SQLAllocHandle () returned 0x74b4ffff [0054.571] SQLPrepareA () returned 0x74b4fffe [0054.571] SQLBindParameter () returned 0x74b4fffe [0054.571] SQLExecute () returned 0xfffe [0054.571] SQLCloseCursor () returned 0x74b4fffe [0054.572] SQLFreeHandle () returned 0x74b4fffe [0054.572] SQLAllocHandle () returned 0x74b4ffff [0054.572] SQLPrepareA () returned 0x74b4fffe [0054.572] SQLBindParameter () returned 0x74b4fffe [0054.572] SQLExecute () returned 0xfffe [0054.572] SQLCloseCursor () returned 0x74b4fffe [0054.573] SQLFreeHandle () returned 0x74b4fffe [0054.573] SQLAllocHandle () returned 0x74b4ffff [0054.573] SQLPrepareA () returned 0x74b4fffe [0054.573] SQLBindParameter () returned 0x74b4fffe [0054.573] SQLExecute () returned 0xfffe [0054.573] SQLCloseCursor () returned 0x74b4fffe [0054.573] SQLFreeHandle () returned 0x74b4fffe [0054.573] SQLAllocHandle () returned 0x74b4ffff [0054.573] SQLPrepareA () returned 0x74b4fffe [0054.573] SQLBindParameter () returned 0x74b4fffe [0054.573] SQLExecute () returned 0xfffe [0054.573] SQLCloseCursor () returned 0x74b4fffe [0054.573] SQLFreeHandle () returned 0x74b4fffe [0054.573] SQLAllocHandle () returned 0x74b4ffff [0054.573] SQLPrepareA () returned 0x74b4fffe [0054.573] SQLBindParameter () returned 0x74b4fffe [0054.573] SQLExecute () returned 0xfffe [0054.573] SQLCloseCursor () returned 0x74b4fffe [0054.573] SQLFreeHandle () returned 0x74b4fffe [0054.573] SQLAllocHandle () returned 0x74b4ffff [0054.573] SQLPrepareA () returned 0x74b4fffe [0054.573] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.574] SQLAllocHandle () returned 0x74b4ffff [0054.574] SQLPrepareA () returned 0x74b4fffe [0054.574] SQLBindParameter () returned 0x74b4fffe [0054.574] SQLExecute () returned 0xfffe [0054.574] SQLCloseCursor () returned 0x74b4fffe [0054.574] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.575] SQLPrepareA () returned 0x74b4fffe [0054.575] SQLBindParameter () returned 0x74b4fffe [0054.575] SQLExecute () returned 0xfffe [0054.575] SQLCloseCursor () returned 0x74b4fffe [0054.575] SQLFreeHandle () returned 0x74b4fffe [0054.575] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.576] SQLFreeHandle () returned 0x74b4fffe [0054.576] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.576] SQLFreeHandle () returned 0x74b4fffe [0054.576] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.576] SQLFreeHandle () returned 0x74b4fffe [0054.576] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.576] SQLFreeHandle () returned 0x74b4fffe [0054.576] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.576] SQLFreeHandle () returned 0x74b4fffe [0054.576] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.576] SQLFreeHandle () returned 0x74b4fffe [0054.576] SQLAllocHandle () returned 0x74b4ffff [0054.576] SQLPrepareA () returned 0x74b4fffe [0054.576] SQLBindParameter () returned 0x74b4fffe [0054.576] SQLExecute () returned 0xfffe [0054.576] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.577] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.577] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.577] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.577] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.577] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.577] SQLCloseCursor () returned 0x74b4fffe [0054.577] SQLFreeHandle () returned 0x74b4fffe [0054.577] SQLAllocHandle () returned 0x74b4ffff [0054.577] SQLPrepareA () returned 0x74b4fffe [0054.577] SQLBindParameter () returned 0x74b4fffe [0054.577] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.578] SQLPrepareA () returned 0x74b4fffe [0054.578] SQLBindParameter () returned 0x74b4fffe [0054.578] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.578] SQLPrepareA () returned 0x74b4fffe [0054.578] SQLBindParameter () returned 0x74b4fffe [0054.578] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.578] SQLPrepareA () returned 0x74b4fffe [0054.578] SQLBindParameter () returned 0x74b4fffe [0054.578] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.578] SQLPrepareA () returned 0x74b4fffe [0054.578] SQLBindParameter () returned 0x74b4fffe [0054.578] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.578] SQLPrepareA () returned 0x74b4fffe [0054.578] SQLBindParameter () returned 0x74b4fffe [0054.578] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.578] SQLPrepareA () returned 0x74b4fffe [0054.578] SQLBindParameter () returned 0x74b4fffe [0054.578] SQLExecute () returned 0xfffe [0054.578] SQLCloseCursor () returned 0x74b4fffe [0054.578] SQLFreeHandle () returned 0x74b4fffe [0054.578] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.579] SQLBindParameter () returned 0x74b4fffe [0054.579] SQLExecute () returned 0xfffe [0054.579] SQLCloseCursor () returned 0x74b4fffe [0054.579] SQLFreeHandle () returned 0x74b4fffe [0054.579] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.579] SQLBindParameter () returned 0x74b4fffe [0054.579] SQLExecute () returned 0xfffe [0054.579] SQLCloseCursor () returned 0x74b4fffe [0054.579] SQLFreeHandle () returned 0x74b4fffe [0054.579] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.579] SQLBindParameter () returned 0x74b4fffe [0054.579] SQLExecute () returned 0xfffe [0054.579] SQLCloseCursor () returned 0x74b4fffe [0054.579] SQLFreeHandle () returned 0x74b4fffe [0054.579] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.579] SQLBindParameter () returned 0x74b4fffe [0054.579] SQLExecute () returned 0xfffe [0054.579] SQLCloseCursor () returned 0x74b4fffe [0054.579] SQLFreeHandle () returned 0x74b4fffe [0054.579] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.579] SQLBindParameter () returned 0x74b4fffe [0054.579] SQLExecute () returned 0xfffe [0054.579] SQLCloseCursor () returned 0x74b4fffe [0054.579] SQLFreeHandle () returned 0x74b4fffe [0054.579] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.579] SQLBindParameter () returned 0x74b4fffe [0054.579] SQLExecute () returned 0xfffe [0054.579] SQLCloseCursor () returned 0x74b4fffe [0054.579] SQLFreeHandle () returned 0x74b4fffe [0054.579] SQLAllocHandle () returned 0x74b4ffff [0054.579] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.580] SQLAllocHandle () returned 0x74b4ffff [0054.580] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.580] SQLAllocHandle () returned 0x74b4ffff [0054.580] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.580] SQLAllocHandle () returned 0x74b4ffff [0054.580] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.580] SQLAllocHandle () returned 0x74b4ffff [0054.580] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.580] SQLAllocHandle () returned 0x74b4ffff [0054.580] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.580] SQLAllocHandle () returned 0x74b4ffff [0054.580] SQLPrepareA () returned 0x74b4fffe [0054.580] SQLBindParameter () returned 0x74b4fffe [0054.580] SQLExecute () returned 0xfffe [0054.580] SQLCloseCursor () returned 0x74b4fffe [0054.580] SQLFreeHandle () returned 0x74b4fffe [0054.581] SQLAllocHandle () returned 0x74b4ffff [0054.581] SQLPrepareA () returned 0x74b4fffe [0054.581] SQLBindParameter () returned 0x74b4fffe [0054.585] SQLExecute () returned 0xfffe [0054.585] SQLCloseCursor () returned 0x74b4fffe [0054.585] SQLFreeHandle () returned 0x74b4fffe [0054.585] SQLAllocHandle () returned 0x74b4ffff [0054.585] SQLPrepareA () returned 0x74b4fffe [0054.585] SQLBindParameter () returned 0x74b4fffe [0054.585] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.586] SQLFreeHandle () returned 0x74b4fffe [0054.586] SQLAllocHandle () returned 0x74b4ffff [0054.586] SQLPrepareA () returned 0x74b4fffe [0054.586] SQLBindParameter () returned 0x74b4fffe [0054.586] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.586] SQLFreeHandle () returned 0x74b4fffe [0054.586] SQLAllocHandle () returned 0x74b4ffff [0054.586] SQLPrepareA () returned 0x74b4fffe [0054.586] SQLBindParameter () returned 0x74b4fffe [0054.586] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.586] SQLFreeHandle () returned 0x74b4fffe [0054.586] SQLAllocHandle () returned 0x74b4ffff [0054.586] SQLPrepareA () returned 0x74b4fffe [0054.586] SQLBindParameter () returned 0x74b4fffe [0054.586] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.586] SQLFreeHandle () returned 0x74b4fffe [0054.586] SQLAllocHandle () returned 0x74b4ffff [0054.586] SQLPrepareA () returned 0x74b4fffe [0054.586] SQLBindParameter () returned 0x74b4fffe [0054.586] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.586] SQLFreeHandle () returned 0x74b4fffe [0054.586] SQLAllocHandle () returned 0x74b4ffff [0054.586] SQLPrepareA () returned 0x74b4fffe [0054.586] SQLBindParameter () returned 0x74b4fffe [0054.586] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.586] SQLFreeHandle () returned 0x74b4fffe [0054.586] SQLAllocHandle () returned 0x74b4ffff [0054.586] SQLPrepareA () returned 0x74b4fffe [0054.586] SQLBindParameter () returned 0x74b4fffe [0054.586] SQLExecute () returned 0xfffe [0054.586] SQLCloseCursor () returned 0x74b4fffe [0054.587] SQLFreeHandle () returned 0x74b4fffe [0054.587] SQLAllocHandle () returned 0x74b4ffff [0054.587] SQLPrepareA () returned 0x74b4fffe [0054.587] SQLBindParameter () returned 0x74b4fffe [0054.587] SQLExecute () returned 0xfffe [0054.587] SQLCloseCursor () returned 0x74b4fffe [0054.587] SQLFreeHandle () returned 0x74b4fffe [0054.587] SQLAllocHandle () returned 0x74b4ffff [0054.587] SQLPrepareA () returned 0x74b4fffe [0054.587] SQLBindParameter () returned 0x74b4fffe [0054.587] SQLExecute () returned 0xfffe [0054.587] SQLCloseCursor () returned 0x74b4fffe [0054.587] SQLFreeHandle () returned 0x74b4fffe [0054.587] SQLAllocHandle () returned 0x74b4ffff [0054.587] SQLPrepareA () returned 0x74b4fffe [0054.587] SQLBindParameter () returned 0x74b4fffe [0054.587] SQLExecute () returned 0xfffe [0054.587] SQLCloseCursor () returned 0x74b4fffe [0054.587] SQLFreeHandle () returned 0x74b4fffe [0054.587] SQLAllocHandle () returned 0x74b4ffff [0054.587] SQLPrepareA () returned 0x74b4fffe [0054.587] SQLBindParameter () returned 0x74b4fffe [0054.587] SQLExecute () returned 0xfffe [0054.587] SQLCloseCursor () returned 0x74b4fffe [0054.587] SQLFreeHandle () returned 0x74b4fffe [0054.587] SQLAllocHandle () returned 0x74b4ffff [0054.587] SQLPrepareA () returned 0x74b4fffe [0054.587] SQLBindParameter () returned 0x74b4fffe [0054.587] SQLExecute () returned 0xfffe [0054.587] SQLCloseCursor () returned 0x74b4fffe [0054.587] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.588] SQLAllocHandle () returned 0x74b4ffff [0054.588] SQLPrepareA () returned 0x74b4fffe [0054.588] SQLBindParameter () returned 0x74b4fffe [0054.588] SQLExecute () returned 0xfffe [0054.588] SQLCloseCursor () returned 0x74b4fffe [0054.588] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.589] SQLAllocHandle () returned 0x74b4ffff [0054.589] SQLPrepareA () returned 0x74b4fffe [0054.589] SQLBindParameter () returned 0x74b4fffe [0054.589] SQLExecute () returned 0xfffe [0054.589] SQLCloseCursor () returned 0x74b4fffe [0054.589] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.590] SQLBindParameter () returned 0x74b4fffe [0054.590] SQLExecute () returned 0xfffe [0054.590] SQLCloseCursor () returned 0x74b4fffe [0054.590] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.590] SQLBindParameter () returned 0x74b4fffe [0054.590] SQLExecute () returned 0xfffe [0054.590] SQLCloseCursor () returned 0x74b4fffe [0054.590] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.590] SQLBindParameter () returned 0x74b4fffe [0054.590] SQLExecute () returned 0xfffe [0054.590] SQLCloseCursor () returned 0x74b4fffe [0054.590] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.590] SQLBindParameter () returned 0x74b4fffe [0054.590] SQLExecute () returned 0xfffe [0054.590] SQLCloseCursor () returned 0x74b4fffe [0054.590] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.590] SQLBindParameter () returned 0x74b4fffe [0054.590] SQLExecute () returned 0xfffe [0054.590] SQLCloseCursor () returned 0x74b4fffe [0054.590] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.590] SQLBindParameter () returned 0x74b4fffe [0054.590] SQLExecute () returned 0xfffe [0054.590] SQLCloseCursor () returned 0x74b4fffe [0054.590] SQLFreeHandle () returned 0x74b4fffe [0054.590] SQLAllocHandle () returned 0x74b4ffff [0054.590] SQLPrepareA () returned 0x74b4fffe [0054.591] SQLBindParameter () returned 0x74b4fffe [0054.591] SQLExecute () returned 0xfffe [0054.591] SQLCloseCursor () returned 0x74b4fffe [0054.591] SQLFreeHandle () returned 0x74b4fffe [0054.665] SQLDisconnect () returned 0x74b4ffff [0054.665] SQLFreeHandle () returned 0x74b40000 [0054.665] SQLFreeHandle () returned 0x0 [0054.665] SQLGetDiagRecW () returned 0x74b4fffe [0054.666] HideCaret (hWnd=0x0) returned 0 [0054.666] DeviceIoControl (in: hDevice=0x0, dwIoControlCode=0x74080, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x29f9b40, nOutBufferSize=0x4, lpBytesReturned=0x29f9c48, lpOverlapped=0x0 | out: lpOutBuffer=0x29f9b40, lpBytesReturned=0x29f9c48, lpOverlapped=0x0) returned 0 [0054.666] ImmAssociateContext () returned 0x0 [0054.667] GetModuleHandleA (lpModuleName="ntdll") returned 0x77ca0000 [0054.667] GetModuleHandleA (lpModuleName="advapi32") returned 0x76a10000 [0054.686] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.729] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.734] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.760] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.764] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.789] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.794] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.819] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.824] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.848] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.853] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.905] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.909] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.932] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.936] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.960] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.965] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0054.989] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a50000 [0055.038] VirtualFree (lpAddress=0x5a50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.045] GetModuleHandleA (lpModuleName="ntdll") returned 0x77ca0000 [0055.045] GetModuleHandleA (lpModuleName="advapi32") returned 0x76a10000 [0055.063] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0055.075] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.147] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.152] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.214] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.219] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.246] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.251] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.276] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.281] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.342] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.361] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.387] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.391] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.419] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.423] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.490] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.496] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.533] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.538] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.563] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.567] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.592] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.597] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.630] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.636] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.662] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.667] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.692] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.697] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.761] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.767] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.793] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.799] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.826] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.831] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.891] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.897] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.923] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.928] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.954] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.959] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0055.983] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.988] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0056.059] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.065] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0056.124] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.129] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0056.152] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.157] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0056.180] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.217] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0056.244] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.249] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b50000 [0056.278] VirtualFree (lpAddress=0x5b50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.288] GetSystemTime (in: lpSystemTime=0x29f98cc | out: lpSystemTime=0x29f98cc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x4, wDay=0x1, wHour=0x9, wMinute=0x39, wSecond=0x25, wMilliseconds=0x86)) [0056.288] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x40c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x40d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x40e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x40f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x410000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.288] VirtualProtect (in: lpAddress=0x411000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x412000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x413000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x414000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x415000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x416000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x417000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x418000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x419000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x41a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x41b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x41c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x41d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x41e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x41f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x420000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x421000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x422000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x423000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x424000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x425000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x426000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x427000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.289] VirtualProtect (in: lpAddress=0x428000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x429000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x42a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x42b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x42c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x42d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x42e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x42f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x430000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x431000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x432000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x433000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x434000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x435000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x436000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x437000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x438000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x439000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x43a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x43b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x43c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x43d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.290] VirtualProtect (in: lpAddress=0x43e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x43f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x440000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x441000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x442000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x443000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x444000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x445000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x446000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x447000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x448000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x449000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x44a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x20) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x44b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x44c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x44d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x44e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x44f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x450000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x451000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x452000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x453000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.291] VirtualProtect (in: lpAddress=0x454000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x455000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x456000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x457000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x458000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x459000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x45a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x45b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x45c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x45d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x45e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x45f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x460000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x461000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x4) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x462000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x4) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x463000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x4) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x464000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x4) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x465000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x466000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x467000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x468000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x469000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.292] VirtualProtect (in: lpAddress=0x46a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.293] VirtualProtect (in: lpAddress=0x46b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.293] VirtualProtect (in: lpAddress=0x46c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.293] VirtualProtect (in: lpAddress=0x46d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.293] VirtualProtect (in: lpAddress=0x46e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.293] VirtualProtect (in: lpAddress=0x46f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.293] VirtualProtect (in: lpAddress=0x470000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x29f989c | out: lpflOldProtect=0x29f989c*=0x2) returned 1 [0056.475] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77ca0000 [0056.488] GetProcAddress (hModule=0x77ca0000, lpProcName="memset") returned 0x77d0ee50 [0056.491] GetProcAddress (hModule=0x77ca0000, lpProcName="strstr") returned 0x77d10010 [0056.491] GetProcAddress (hModule=0x77ca0000, lpProcName="mbstowcs") returned 0x77d0e610 [0056.491] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlNtStatusToDosError") returned 0x77cf3010 [0056.492] GetProcAddress (hModule=0x77ca0000, lpProcName="memcpy") returned 0x77d0e7b0 [0056.492] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlGetVersion") returned 0x77cffcd0 [0056.492] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlUnwind") returned 0x77cfaca0 [0056.492] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwQueryInformationProcess") returned 0x77d08d50 [0056.493] GetProcAddress (hModule=0x77ca0000, lpProcName="NtQuerySystemInformation") returned 0x77d08f40 [0056.493] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwOpenProcessToken") returned 0x77d09d20 [0056.494] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwQueryInformationToken") returned 0x77d08df0 [0056.494] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwClose") returned 0x77d08cb0 [0056.494] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwOpenProcess") returned 0x77d08e40 [0056.494] GetProcAddress (hModule=0x77ca0000, lpProcName="NtUnmapViewOfSection") returned 0x77d08e80 [0056.495] GetProcAddress (hModule=0x77ca0000, lpProcName="NtMapViewOfSection") returned 0x77d08e60 [0056.495] GetProcAddress (hModule=0x77ca0000, lpProcName="NtCreateSection") returned 0x77d09080 [0056.495] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlFreeUnicodeString") returned 0x77cdb940 [0056.496] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlUpcaseUnicodeString") returned 0x77cee040 [0056.496] GetProcAddress (hModule=0x77ca0000, lpProcName="_aulldiv") returned 0x77d0c680 [0056.496] GetProcAddress (hModule=0x77ca0000, lpProcName="NtQueryVirtualMemory") returned 0x77d08e10 [0056.497] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x77290000 [0056.497] GetProcAddress (hModule=0x77290000, lpProcName="StrStrIA") returned 0x772acd10 [0056.498] GetProcAddress (hModule=0x77290000, lpProcName="StrChrW") returned 0x772a6a00 [0056.498] GetProcAddress (hModule=0x77290000, lpProcName="PathFindFileNameW") returned 0x772a80d0 [0056.498] GetProcAddress (hModule=0x77290000, lpProcName="PathCombineW") returned 0x772acd50 [0056.499] GetProcAddress (hModule=0x77290000, lpProcName="PathFindExtensionA") returned 0x772b1db0 [0056.499] GetProcAddress (hModule=0x77290000, lpProcName="StrChrA") returned 0x772b26c0 [0056.499] GetProcAddress (hModule=0x77290000, lpProcName="StrTrimW") returned 0x772a83a0 [0056.500] GetProcAddress (hModule=0x77290000, lpProcName="PathFindExtensionW") returned 0x772a7c40 [0056.500] GetProcAddress (hModule=0x77290000, lpProcName="StrRChrA") returned 0x772b2900 [0056.500] LoadLibraryA (lpLibFileName="SETUPAPI.dll") returned 0x76a90000 [0057.110] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiGetDeviceRegistryPropertyA") returned 0x76ae19a0 [0057.112] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiGetClassDevsA") returned 0x76ab8d10 [0057.112] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiEnumDeviceInfo") returned 0x76aa5620 [0057.112] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiDestroyDeviceInfoList") returned 0x76aa5340 [0057.112] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75260000 [0057.113] GetProcAddress (hModule=0x75260000, lpProcName="HeapFree") returned 0x752725e0 [0057.113] GetProcAddress (hModule=0x75260000, lpProcName="GetComputerNameA") returned 0x7527f4b0 [0057.113] GetProcAddress (hModule=0x75260000, lpProcName="ExitProcess") returned 0x752874f0 [0057.116] GetProcAddress (hModule=0x75260000, lpProcName="GetModuleHandleA") returned 0x75279640 [0057.116] GetProcAddress (hModule=0x75260000, lpProcName="GetCommandLineW") returned 0x7527a4b0 [0057.118] GetProcAddress (hModule=0x75260000, lpProcName="ExitThread") returned 0x77d02570 [0057.119] GetProcAddress (hModule=0x75260000, lpProcName="CloseHandle") returned 0x75285f20 [0057.119] GetProcAddress (hModule=0x75260000, lpProcName="CreateThread") returned 0x75279700 [0057.119] GetProcAddress (hModule=0x75260000, lpProcName="HeapDestroy") returned 0x7527d940 [0057.119] GetProcAddress (hModule=0x75260000, lpProcName="HeapCreate") returned 0x75279950 [0057.120] GetProcAddress (hModule=0x75260000, lpProcName="SetEvent") returned 0x752860c0 [0057.120] GetProcAddress (hModule=0x75260000, lpProcName="lstrcpyW") returned 0x7529d410 [0057.120] GetProcAddress (hModule=0x75260000, lpProcName="SetFileAttributesW") returned 0x75286510 [0057.120] GetProcAddress (hModule=0x75260000, lpProcName="lstrlenW") returned 0x75272d80 [0057.121] GetProcAddress (hModule=0x75260000, lpProcName="lstrcpyA") returned 0x7527e320 [0057.121] GetProcAddress (hModule=0x75260000, lpProcName="SwitchToThread") returned 0x75279f30 [0057.121] GetProcAddress (hModule=0x75260000, lpProcName="SetEndOfFile") returned 0x752864f0 [0057.122] GetProcAddress (hModule=0x75260000, lpProcName="CreateEventA") returned 0x75285f70 [0057.122] GetProcAddress (hModule=0x75260000, lpProcName="FlushFileBuffers") returned 0x752862a0 [0057.122] GetProcAddress (hModule=0x75260000, lpProcName="GetTempPathA") returned 0x75286410 [0057.122] GetProcAddress (hModule=0x75260000, lpProcName="GetLastError") returned 0x75272db0 [0057.123] GetProcAddress (hModule=0x75260000, lpProcName="FindNextFileA") returned 0x75286270 [0057.123] GetProcAddress (hModule=0x75260000, lpProcName="HeapAlloc") returned 0x77cdda90 [0057.123] GetProcAddress (hModule=0x75260000, lpProcName="lstrcmpiW") returned 0x75277540 [0057.123] GetProcAddress (hModule=0x75260000, lpProcName="GetProcAddress") returned 0x75277940 [0057.124] GetProcAddress (hModule=0x75260000, lpProcName="SetWaitableTimer") returned 0x752860d0 [0057.124] GetProcAddress (hModule=0x75260000, lpProcName="GetTickCount") returned 0x752857f0 [0057.124] GetProcAddress (hModule=0x75260000, lpProcName="lstrcatW") returned 0x7529d320 [0057.124] GetProcAddress (hModule=0x75260000, lpProcName="FindClose") returned 0x752861d0 [0057.125] GetProcAddress (hModule=0x75260000, lpProcName="CreateFileA") returned 0x75286170 [0057.125] GetProcAddress (hModule=0x75260000, lpProcName="CompareFileTime") returned 0x75286130 [0057.125] GetProcAddress (hModule=0x75260000, lpProcName="ResetEvent") returned 0x752860b0 [0057.126] GetProcAddress (hModule=0x75260000, lpProcName="WriteFile") returned 0x75286590 [0057.126] GetProcAddress (hModule=0x75260000, lpProcName="GetFileTime") returned 0x75286380 [0057.126] GetProcAddress (hModule=0x75260000, lpProcName="CreateProcessA") returned 0x752a0960 [0057.127] GetProcAddress (hModule=0x75260000, lpProcName="CreateDirectoryW") returned 0x75286150 [0057.127] GetProcAddress (hModule=0x75260000, lpProcName="DeleteFileW") returned 0x752861b0 [0057.127] GetProcAddress (hModule=0x75260000, lpProcName="CreateFileW") returned 0x75286180 [0057.128] GetProcAddress (hModule=0x75260000, lpProcName="CreateWaitableTimerA") returned 0x7527db30 [0057.128] GetProcAddress (hModule=0x75260000, lpProcName="ResumeThread") returned 0x7527a280 [0057.128] GetProcAddress (hModule=0x75260000, lpProcName="SuspendThread") returned 0x7527ed00 [0057.128] GetProcAddress (hModule=0x75260000, lpProcName="lstrcmpA") returned 0x7527c1f0 [0057.129] GetProcAddress (hModule=0x75260000, lpProcName="lstrcpynA") returned 0x7527f7b0 [0057.129] GetProcAddress (hModule=0x75260000, lpProcName="LocalFree") returned 0x752787c0 [0057.129] GetProcAddress (hModule=0x75260000, lpProcName="ExpandEnvironmentStringsA") returned 0x752a0da0 [0057.130] GetProcAddress (hModule=0x75260000, lpProcName="Sleep") returned 0x752777b0 [0057.130] GetProcAddress (hModule=0x75260000, lpProcName="lstrlenA") returned 0x75283a30 [0057.130] GetProcAddress (hModule=0x75260000, lpProcName="lstrcatA") returned 0x7527efc0 [0057.130] GetProcAddress (hModule=0x75260000, lpProcName="WaitForSingleObject") returned 0x75286110 [0057.131] GetProcAddress (hModule=0x75260000, lpProcName="ReadFile") returned 0x752864a0 [0057.131] GetProcAddress (hModule=0x75260000, lpProcName="ExpandEnvironmentStringsW") returned 0x7527c8c0 [0057.131] GetProcAddress (hModule=0x75260000, lpProcName="CreateDirectoryA") returned 0x75286140 [0057.132] GetProcAddress (hModule=0x75260000, lpProcName="VirtualProtectEx") returned 0x752a2a00 [0057.132] GetProcAddress (hModule=0x75260000, lpProcName="FindFirstFileA") returned 0x75286210 [0057.132] GetProcAddress (hModule=0x75260000, lpProcName="GetModuleFileNameA") returned 0x7527a040 [0057.132] GetProcAddress (hModule=0x75260000, lpProcName="GetModuleFileNameW") returned 0x75279560 [0057.133] GetProcAddress (hModule=0x75260000, lpProcName="GetFileSize") returned 0x75286360 [0057.133] GetProcAddress (hModule=0x75260000, lpProcName="OpenProcess") returned 0x752792b0 [0057.133] GetProcAddress (hModule=0x75260000, lpProcName="CreateRemoteThread") returned 0x752a0a00 [0057.133] GetProcAddress (hModule=0x75260000, lpProcName="VirtualAlloc") returned 0x75278b70 [0057.134] GetProcAddress (hModule=0x75260000, lpProcName="lstrcmpiA") returned 0x75277610 [0057.134] GetProcAddress (hModule=0x75260000, lpProcName="VirtualFree") returned 0x75278c70 [0057.134] GetProcAddress (hModule=0x75260000, lpProcName="SetLastError") returned 0x75272af0 [0057.135] GetProcAddress (hModule=0x75260000, lpProcName="GetCurrentProcessId") returned 0x75271d90 [0057.135] GetProcAddress (hModule=0x75260000, lpProcName="GetVersion") returned 0x7527a300 [0057.135] GetProcAddress (hModule=0x75260000, lpProcName="GetLongPathNameW") returned 0x752747c0 [0057.135] GetProcAddress (hModule=0x75260000, lpProcName="SetFilePointer") returned 0x75286530 [0057.136] GetProcAddress (hModule=0x75260000, lpProcName="GetTempFileNameA") returned 0x752863f0 [0057.136] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77150000 [0057.136] GetProcAddress (hModule=0x77150000, lpProcName="wsprintfA") returned 0x7717ea00 [0057.137] GetProcAddress (hModule=0x77150000, lpProcName="CharUpperA") returned 0x771831c0 [0057.137] GetProcAddress (hModule=0x77150000, lpProcName="FindWindowA") returned 0x77180980 [0057.137] GetProcAddress (hModule=0x77150000, lpProcName="wsprintfW") returned 0x7717ddf0 [0057.138] GetProcAddress (hModule=0x77150000, lpProcName="MessageBoxA") returned 0x771ccf50 [0057.138] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x76a10000 [0057.138] GetProcAddress (hModule=0x76a10000, lpProcName="RegQueryValueExW") returned 0x76a2ed60 [0057.139] GetProcAddress (hModule=0x76a10000, lpProcName="RegEnumKeyExA") returned 0x76a32520 [0057.139] GetProcAddress (hModule=0x76a10000, lpProcName="RegOpenKeyW") returned 0x76a2f590 [0057.139] GetProcAddress (hModule=0x76a10000, lpProcName="RegDeleteValueW") returned 0x76a30ca0 [0057.139] GetProcAddress (hModule=0x76a10000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x76a5bda0 [0057.140] GetProcAddress (hModule=0x76a10000, lpProcName="RegSetValueExW") returned 0x76a2f0a0 [0057.140] GetProcAddress (hModule=0x76a10000, lpProcName="GetSidSubAuthorityCount") returned 0x76a30f50 [0057.140] GetProcAddress (hModule=0x76a10000, lpProcName="GetSidSubAuthority") returned 0x76a30ea0 [0057.141] GetProcAddress (hModule=0x76a10000, lpProcName="OpenProcessToken") returned 0x76a2ee90 [0057.141] GetProcAddress (hModule=0x76a10000, lpProcName="RegOpenKeyA") returned 0x76a331a0 [0057.141] GetProcAddress (hModule=0x76a10000, lpProcName="RegSetValueExA") returned 0x76a30750 [0057.141] GetProcAddress (hModule=0x76a10000, lpProcName="RegCreateKeyA") returned 0x76a33150 [0057.142] GetProcAddress (hModule=0x76a10000, lpProcName="GetTokenInformation") returned 0x76a2ed40 [0057.142] GetProcAddress (hModule=0x76a10000, lpProcName="RegCloseKey") returned 0x76a2efa0 [0057.142] GetProcAddress (hModule=0x76a10000, lpProcName="RegQueryValueExA") returned 0x76a2ee40 [0057.143] GetProcAddress (hModule=0x76a10000, lpProcName="RegOpenKeyExA") returned 0x76a2f000 [0057.143] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75430000 [0057.143] GetProcAddress (hModule=0x75430000, lpProcName="ShellExecuteW") returned 0x755c4370 [0057.143] GetProcAddress (hModule=0x75430000, lpProcName="ShellExecuteExW") returned 0x755c4cb0 [0057.144] GetProcAddress (hModule=0x75430000, lpProcName=0x5c) returned 0x756a7560 [0057.144] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x768b0000 [0057.144] GetProcAddress (hModule=0x768b0000, lpProcName="CoUninitialize") returned 0x76eadca0 [0057.145] GetProcAddress (hModule=0x768b0000, lpProcName="CoInitializeEx") returned 0x76eacd50 [0057.145] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x29f98b4 | out: lpflOldProtect=0x29f98b4*=0x40) returned 1 [0057.145] VirtualProtect (in: lpAddress=0x401000, dwSize=0x4958, flNewProtect=0x20, lpflOldProtect=0x29f98b4 | out: lpflOldProtect=0x29f98b4*=0x40) returned 1 [0057.145] VirtualProtect (in: lpAddress=0x406000, dwSize=0xf48, flNewProtect=0x2, lpflOldProtect=0x29f98b4 | out: lpflOldProtect=0x29f98b4*=0x40) returned 1 [0057.145] VirtualProtect (in: lpAddress=0x407000, dwSize=0x52c, flNewProtect=0x4, lpflOldProtect=0x29f98b4 | out: lpflOldProtect=0x29f98b4*=0x40) returned 1 [0057.145] VirtualProtect (in: lpAddress=0x408000, dwSize=0x63e, flNewProtect=0x4, lpflOldProtect=0x29f98b4 | out: lpflOldProtect=0x29f98b4*=0x40) returned 1 [0057.145] VirtualProtect (in: lpAddress=0x409000, dwSize=0x68000, flNewProtect=0x2, lpflOldProtect=0x29f98b4 | out: lpflOldProtect=0x29f98b4*=0x40) returned 1 [0057.148] RtlExitUserThread (Status=0x0) Thread: id = 5 os_tid = 0xe90 Thread: id = 6 os_tid = 0xea8 Thread: id = 7 os_tid = 0xeb0 Thread: id = 8 os_tid = 0xf48 [0057.203] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0057.203] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe\" " [0057.203] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0057.203] GetComputerNameA (in: lpBuffer=0x5e9fcc4, nSize=0x5e9fd50 | out: lpBuffer="LHNIWSJ", nSize=0x5e9fd50) returned 1 [0057.203] lstrlenA (lpString="LHNIWSJ") returned 7 [0057.203] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x5e9fd48 | out: phkResult=0x5e9fd48*=0xb0) returned 0x0 [0057.203] RegQueryValueExA (in: hKey=0xb0, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0x5e9fd44, lpcbData=0x5e9fd50*=0x4 | out: lpType=0x0, lpData=0x5e9fd44*=0x41, lpcbData=0x5e9fd50*=0x4) returned 0x0 [0057.204] RegCloseKey (hKey=0xb0) returned 0x0 [0057.204] wsprintfA (in: param_1=0x5e9fea8, param_2="%8X" | out: param_1="98F9CE91") returned 8 [0057.204] GetTempPathA (in: nBufferLength=0x100, lpBuffer=0x5e9fda8 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0057.204] lstrcatA (in: lpString1="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\", lpString2="98F9CE91" | out: lpString1="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91" [0057.204] lstrlenA (lpString="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 45 [0057.204] mbstowcs (in: _Dest=0x63185a8, _Source="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", _MaxCount=0x2e | out: _Dest="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 0x2d [0057.204] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x2e [0057.204] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", lpDst=0x6318610, nSize=0x2e | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 0x2e [0057.204] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\98f9ce91"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.204] GetLastError () returned 0x2 [0057.222] wsprintfA (in: param_1=0x5e9feb4, param_2="%c%c%c%c" | out: param_1="Inte") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9feb8, param_2="%c%c%c%c" | out: param_1="l (R") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9febc, param_2="%c%c%c%c" | out: param_1=") Co") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fec0, param_2="%c%c%c%c" | out: param_1="re(T") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fec4, param_2="%c%c%c%c" | out: param_1="M) i") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fec8, param_2="%c%c%c%c" | out: param_1="5-75") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fecc, param_2="%c%c%c%c" | out: param_1="00 C") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fed0, param_2="%c%c%c%c" | out: param_1="PU @") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fed4, param_2="%c%c%c%c" | out: param_1=" 3.4") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fed8, param_2="%c%c%c%c" | out: param_1="0GHz") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fedc, param_2="%c%c%c%c" | out: param_1="") returned 4 [0057.222] wsprintfA (in: param_1=0x5e9fee0, param_2="%c%c%c%c" | out: param_1="") returned 4 [0057.223] strstr (_Str="INTEL (R) CORE(TM) I5-7500 CPU @ 3.40GHZ", _SubStr="XEON") returned 0x0 [0057.225] SetupDiGetClassDevsA (ClassGuid=0x5e9fe90*(Data1=0x4d36e967, Data2=0xe325, Data3=0x11ce, Data4=([0]=0xbf, [1]=0xc1, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0xe1, [6]=0x3, [7]=0x18)), Enumerator=0x0, hwndParent=0x0, Flags=0x2) returned 0x6f1cc0 [0057.229] SetupDiEnumDeviceInfo (in: DeviceInfoSet=0x6f1cc0, MemberIndex=0x0, DeviceInfoData=0x5e9fea0 | out: DeviceInfoData=0x5e9fea0) returned 1 [0057.229] SetupDiGetDeviceRegistryPropertyA (in: DeviceInfoSet=0x6f1cc0, DeviceInfoData=0x5e9fea0, Property=0xc, PropertyRegDataType=0x5e9fec8, PropertyBuffer=0x0, PropertyBufferSize=0x0, RequiredSize=0x5e9feec | out: PropertyRegDataType=0x5e9fec8, PropertyBuffer=0x0, RequiredSize=0x5e9feec) returned 0 [0057.232] SetupDiGetDeviceRegistryPropertyA (in: DeviceInfoSet=0x6f1cc0, DeviceInfoData=0x5e9fea0, Property=0xc, PropertyRegDataType=0x5e9fec8, PropertyBuffer=0x6318618, PropertyBufferSize=0xb, RequiredSize=0x5e9feec | out: PropertyRegDataType=0x5e9fec8, PropertyBuffer=0x6318618, RequiredSize=0x5e9feec) returned 1 [0057.233] StrStrIA (lpFirst="WD5000AVDS", lpSrch="vbox") returned 0x0 [0057.233] StrStrIA (lpFirst="WD5000AVDS", lpSrch="qemu") returned 0x0 [0057.233] StrStrIA (lpFirst="WD5000AVDS", lpSrch="vmware") returned 0x0 [0057.233] StrStrIA (lpFirst="WD5000AVDS", lpSrch="virtual hd") returned 0x0 [0057.233] SetupDiDestroyDeviceInfoList (DeviceInfoSet=0x6f1cc0) returned 1 [0058.826] GetTickCount () returned 0x21e4c [0058.826] Sleep (dwMilliseconds=0x1f4) [0059.339] Sleep (dwMilliseconds=0x1f4) [0059.842] Sleep (dwMilliseconds=0x1f4) [0060.342] Sleep (dwMilliseconds=0x1f4) [0060.843] Sleep (dwMilliseconds=0x1f4) [0061.346] Sleep (dwMilliseconds=0x1f4) [0061.856] Sleep (dwMilliseconds=0x1f4) [0062.360] Sleep (dwMilliseconds=0x1f4) [0062.861] Sleep (dwMilliseconds=0x1f4) [0063.363] Sleep (dwMilliseconds=0x1f4) [0063.864] SwitchToThread () returned 1 [0063.865] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.865] SwitchToThread () returned 1 [0063.866] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.866] SwitchToThread () returned 1 [0063.866] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.867] SwitchToThread () returned 1 [0063.921] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.921] SwitchToThread () returned 1 [0063.923] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.923] SwitchToThread () returned 1 [0063.924] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.924] SwitchToThread () returned 1 [0063.926] lstrcpynA (in: lpString1=0x5e9fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0063.926] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0063.926] GetVersion () returned 0x23f00206 [0063.926] GetCurrentProcessId () returned 0xe28 [0063.926] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb0 [0063.926] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x63185a8, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe")) returned 0x29 [0063.926] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe", lpszLongPath=0x0, cchBuffer=0x0 | out: lpszLongPath=0x0) returned 0x2a [0063.927] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe", lpszLongPath=0x63187b8, cchBuffer=0x2a | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe") returned 0x29 [0063.928] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0063.928] GetProcAddress (hModule=0x75260000, lpProcName="IsWow64Process") returned 0x752796e0 [0063.928] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x5e9fee8 | out: Wow64Process=0x5e9fee8) returned 1 [0063.929] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77150000 [0063.929] GetProcAddress (hModule=0x77150000, lpProcName="GetWindowThreadProcessId") returned 0x7716ba70 [0063.929] FindWindowA (lpClassName="ProgMan", lpWindowName=0x0) returned 0x100c8 [0063.929] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0x5e9feec | out: lpdwProcessId=0x5e9feec) returned 0x55c [0063.929] NtOpenProcess (in: ProcessHandle=0x5e9fee0, DesiredAccess=0x400, ObjectAttributes=0x5e9fec0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x5e9fed8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x5e9fee0*=0x290) returned 0x0 [0063.929] NtOpenProcessToken (in: ProcessHandle=0x290, DesiredAccess=0x8, TokenHandle=0x5e9fee4 | out: TokenHandle=0x5e9fee4*=0x350) returned 0x0 [0063.929] NtQueryInformationToken (in: TokenHandle=0x350, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5e9fef0 | out: TokenInformation=0x0, ReturnLength=0x5e9fef0) returned 0xc0000023 [0063.929] NtQueryInformationToken (in: TokenHandle=0x350, TokenInformationClass=0x1, TokenInformation=0x63185a8, TokenInformationLength=0x24, ReturnLength=0x5e9fef0 | out: TokenInformation=0x63185a8, ReturnLength=0x5e9fef0) returned 0x0 [0063.929] NtClose (Handle=0x350) returned 0x0 [0063.930] NtClose (Handle=0x290) returned 0x0 [0063.930] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0063.930] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x63186d0, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0063.930] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0063.931] GetFileTime (in: hFile=0x290, lpCreationTime=0x5e9feac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5e9feac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0063.931] CloseHandle (hObject=0x290) returned 1 [0063.931] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0063.931] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0063.931] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 0x720ec0 [0063.931] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.931] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.931] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.931] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.931] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.931] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.931] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.931] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.931] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.931] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.931] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.931] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.932] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.932] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.933] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.933] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.934] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.934] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.935] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.935] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.936] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.936] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.937] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.937] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] StrChrA (lpStart="cabinet.dll", wMatch=0x2e) returned=".dll" [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.938] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.938] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.939] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.939] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.939] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.939] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.939] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.939] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.939] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.939] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.939] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.940] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.940] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.941] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.941] StrChrA (lpStart="Clipc.dll", wMatch=0x2e) returned=".dll" [0063.942] FindNextFileA (in: hFindFile=0x720ec0, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.942] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.942] FindClose (in: hFindFile=0x720ec0 | out: hFindFile=0x720ec0) returned 1 [0063.942] lstrlenA (lpString="cabilipc") returned 8 [0063.942] mbstowcs (in: _Dest=0x63186d0, _Source="cabilipc", _MaxCount=0xe | out: _Dest="cabilipc") returned 0x8 [0063.942] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0063.942] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x6318710, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0063.942] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0063.942] GetFileTime (in: hFile=0x290, lpCreationTime=0x5e9feac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5e9feac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0063.942] CloseHandle (hObject=0x290) returned 1 [0063.943] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0063.943] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0063.943] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 0x720b00 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.943] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.943] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.944] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.945] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.945] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.946] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.946] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.947] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.947] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.948] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.948] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.949] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.949] StrChrA (lpStart="autoplay.dll", wMatch=0x2e) returned=".dll" [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.950] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.950] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.951] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.951] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.952] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.952] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.953] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.953] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] StrChrA (lpStart="clb.dll", wMatch=0x2e) returned=".dll" [0063.954] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.954] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.954] FindClose (in: hFindFile=0x720b00 | out: hFindFile=0x720b00) returned 1 [0063.954] lstrlenA (lpString="autoclb") returned 7 [0063.955] mbstowcs (in: _Dest=0x6318710, _Source="autoclb", _MaxCount=0xe | out: _Dest="autoclb") returned 0x7 [0063.955] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0063.955] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x6318750, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0063.955] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0063.955] GetFileTime (in: hFile=0x290, lpCreationTime=0x5e9feac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5e9feac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0063.955] CloseHandle (hObject=0x290) returned 1 [0063.955] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0063.955] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0063.955] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 0x720b00 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.956] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.956] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] StrChrA (lpStart="adsldpc.dll", wMatch=0x2e) returned=".dll" [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.957] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.957] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.958] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.958] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.959] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.959] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0063.960] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0063.960] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.259] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.259] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.260] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.260] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.261] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.261] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.262] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.262] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.263] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.263] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned 1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.264] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.264] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.265] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.265] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.266] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.266] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.267] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.267] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] StrChrA (lpStart="ddraw.dll", wMatch=0x2e) returned=".dll" [0160.268] FindNextFileA (in: hFindFile=0x720b00, lpFindFileData=0x5e9fd58 | out: lpFindFileData=0x5e9fd58) returned 1 [0160.268] CompareFileTime (lpFileTime1=0x5e9fd6c, lpFileTime2=0x5e9feac) returned -1 [0160.268] FindClose (in: hFindFile=0x720b00 | out: hFindFile=0x720b00) returned 1 [0160.268] lstrlenA (lpString="adsldraw") returned 8 [0160.268] mbstowcs (in: _Dest=0x6318750, _Source="adsldraw", _MaxCount=0xe | out: _Dest="adsldraw") returned 0x8 [0160.268] lstrcatW (in: lpString1="autoclb", lpString2=".exe" | out: lpString1="autoclb.exe") returned="autoclb.exe" [0160.268] wsprintfA (in: param_1=0x6318778, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0160.268] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0160.268] lstrcpyA (in: lpString1=0x6318a38, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0160.268] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0160.269] wsprintfA (in: param_1=0x6318778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0160.269] lstrlenA (lpString="Local\\") returned 6 [0160.269] lstrcpyA (in: lpString1=0x6318a90, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0160.269] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0160.269] wsprintfA (in: param_1=0x6318778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0160.269] lstrcatA (in: lpString1="", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0160.269] wsprintfA (in: param_1=0x6318778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0160.269] lstrlenA (lpString="Local\\") returned 6 [0160.269] lstrcpyA (in: lpString1=0x6318af8, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0160.269] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0160.269] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0160.269] lstrlenA (lpString="A_SHAFinal") returned 10 [0160.269] lstrlenA (lpString="A_SHAInit") returned 9 [0160.269] lstrlenA (lpString="A_SHAUpdate") returned 11 [0160.269] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0160.269] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0160.269] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0160.270] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0160.270] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0160.270] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0160.270] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0160.270] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0160.270] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0160.270] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0160.270] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0160.270] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0160.270] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0160.270] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0160.270] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0160.270] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0160.270] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0160.270] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0160.270] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0160.270] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0160.270] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0160.270] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0160.270] lstrlenA (lpString="CsrClientCallServer") returned 19 [0160.270] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0160.270] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0160.270] lstrlenA (lpString="CsrGetProcessId") returned 15 [0160.270] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0160.270] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0160.270] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0160.270] lstrlenA (lpString="DbgBreakPoint") returned 13 [0160.270] lstrlenA (lpString="DbgPrint") returned 8 [0160.270] lstrlenA (lpString="DbgPrintEx") returned 10 [0160.270] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0160.270] lstrlenA (lpString="DbgPrompt") returned 9 [0160.270] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0160.270] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0160.270] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0160.270] lstrlenA (lpString="DbgUiContinue") returned 13 [0160.270] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0160.270] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0160.270] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0160.270] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0160.271] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0160.271] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0160.271] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0160.271] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0160.271] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0160.271] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0160.271] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0160.271] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0160.271] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0160.271] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0160.271] lstrlenA (lpString="EtwEventEnabled") returned 15 [0160.271] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0160.271] lstrlenA (lpString="EtwEventRegister") returned 16 [0160.271] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0160.271] lstrlenA (lpString="EtwEventUnregister") returned 18 [0160.271] lstrlenA (lpString="EtwEventWrite") returned 13 [0160.271] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0160.271] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0160.271] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0160.271] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0160.271] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0160.271] lstrlenA (lpString="EtwEventWriteString") returned 19 [0160.271] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0160.271] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0160.271] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0160.271] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0160.271] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0160.271] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0160.271] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0160.271] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0160.271] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0160.271] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0160.271] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0160.271] lstrlenA (lpString="EtwReplyNotification") returned 20 [0160.271] lstrlenA (lpString="EtwSendNotification") returned 19 [0160.271] lstrlenA (lpString="EtwSetMark") returned 10 [0160.271] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0160.271] lstrlenA (lpString="EtwTraceMessage") returned 15 [0160.271] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0160.271] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0160.271] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0160.271] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0160.272] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0160.272] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0160.272] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0160.272] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0160.272] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0160.272] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0160.272] lstrlenA (lpString="KiFastSystemCall") returned 16 [0160.272] lstrlenA (lpString="KiFastSystemCallRet") returned 19 [0160.272] lstrlenA (lpString="KiIntSystemCall") returned 15 [0160.272] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0160.272] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0160.272] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0160.272] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0160.272] lstrlenA (lpString="LdrAccessResource") returned 17 [0160.272] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0160.272] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0160.272] lstrlenA (lpString="LdrAddRefDll") returned 12 [0160.272] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0160.272] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0160.272] lstrlenA (lpString="LdrEnumResources") returned 16 [0160.272] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0160.272] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0160.272] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0160.272] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0160.272] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0160.272] lstrlenA (lpString="LdrFindResource_U") returned 17 [0160.272] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0160.272] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0160.272] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0160.272] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0160.272] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0160.272] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0160.272] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0160.272] lstrlenA (lpString="LdrGetDllPath") returned 13 [0160.272] lstrlenA (lpString="LdrGetFailureData") returned 17 [0160.272] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0160.272] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0160.273] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0160.273] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0160.273] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0160.273] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0160.273] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0160.273] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0160.273] lstrlenA (lpString="LdrLoadDll") returned 10 [0160.273] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0160.273] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0160.273] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0160.273] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0160.273] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0160.273] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0160.273] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0160.273] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0160.273] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0160.273] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0160.273] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0160.273] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0160.273] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0160.273] lstrlenA (lpString="LdrResFindResource") returned 18 [0160.273] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0160.273] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0160.273] lstrlenA (lpString="LdrResRelease") returned 13 [0160.273] lstrlenA (lpString="LdrResSearchResource") returned 20 [0160.273] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0160.273] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0160.273] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0160.273] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0160.273] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0160.273] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0160.273] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0160.273] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0160.273] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0160.273] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0160.273] lstrlenA (lpString="LdrShutdownThread") returned 17 [0160.273] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0160.273] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0160.273] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0160.273] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0160.273] lstrlenA (lpString="LdrUnloadDll") returned 12 [0160.273] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0160.273] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0160.274] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0160.274] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0160.274] lstrlenA (lpString="LdrWx86FormatVirtualImage") returned 25 [0160.274] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0160.274] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0160.274] lstrlenA (lpString="MD4Final") returned 8 [0160.274] lstrlenA (lpString="MD4Init") returned 7 [0160.274] lstrlenA (lpString="MD4Update") returned 9 [0160.274] lstrlenA (lpString="MD5Final") returned 8 [0160.274] lstrlenA (lpString="MD5Init") returned 7 [0160.274] lstrlenA (lpString="MD5Update") returned 9 [0160.274] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0160.274] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0160.274] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0160.274] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0160.274] lstrlenA (lpString="NtAccessCheck") returned 13 [0160.274] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0160.274] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0160.274] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0160.274] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0160.274] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0160.274] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0160.274] lstrlenA (lpString="NtAddAtom") returned 9 [0160.274] lstrlenA (lpString="NtAddAtomEx") returned 11 [0160.274] lstrlenA (lpString="NtAddBootEntry") returned 14 [0160.274] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0160.274] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0160.274] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0160.274] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0160.274] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0160.274] lstrlenA (lpString="NtAlertThread") returned 13 [0160.274] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0160.274] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0160.274] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0160.275] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0160.275] lstrlenA (lpString="NtAllocateUuids") returned 15 [0160.275] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0160.275] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0160.275] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0160.275] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0160.275] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0160.275] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0160.275] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0160.275] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0160.275] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0160.275] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0160.275] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0160.275] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0160.275] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0160.275] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0160.275] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0160.275] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0160.275] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0160.275] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0160.275] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0160.275] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0160.275] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0160.275] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0160.275] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0160.275] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0160.275] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0160.275] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0160.275] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0160.275] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0160.275] lstrlenA (lpString="NtCallbackReturn") returned 16 [0160.275] lstrlenA (lpString="NtCancelIoFile") returned 14 [0160.275] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0160.275] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0160.275] lstrlenA (lpString="NtCancelTimer") returned 13 [0160.275] lstrlenA (lpString="NtCancelTimer2") returned 14 [0160.275] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0160.275] lstrlenA (lpString="NtClearEvent") returned 12 [0160.275] lstrlenA (lpString="NtClose") returned 7 [0160.275] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0160.275] lstrlenA (lpString="NtCommitComplete") returned 16 [0160.275] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0160.275] lstrlenA (lpString="NtCommitTransaction") returned 19 [0160.276] lstrlenA (lpString="NtCompactKeys") returned 13 [0160.276] lstrlenA (lpString="NtCompareObjects") returned 16 [0160.276] lstrlenA (lpString="NtCompareTokens") returned 15 [0160.276] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0160.276] lstrlenA (lpString="NtCompressKey") returned 13 [0160.282] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe") returned 41 [0160.282] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0xf013f, phkResult=0x5e9fee4 | out: phkResult=0x5e9fee4*=0x290) returned 0x0 [0160.282] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe") returned 41 [0160.282] RegQueryValueExW (in: hKey=0x290, lpValueName="cabilipc", lpReserved=0x0, lpType=0x5e9fedc, lpData=0x6318b90, lpcbData=0x5e9fee8*=0x54 | out: lpType=0x5e9fedc*=0x0, lpData=0x6318b90*=0xa0, lpcbData=0x5e9fee8*=0x54) returned 0x2 [0160.283] RegCloseKey (hKey=0x290) returned 0x0 [0160.283] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x5e9fee4 | out: TokenHandle=0x5e9fee4*=0x290) returned 1 [0160.283] GetTokenInformation (in: TokenHandle=0x290, TokenInformationClass=0x14, TokenInformation=0x5e9fee0, TokenInformationLength=0x4, ReturnLength=0x5e9fee8 | out: TokenInformation=0x5e9fee0, ReturnLength=0x5e9fee8) returned 1 [0160.283] GetTokenInformation (in: TokenHandle=0x290, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5e9fee8 | out: TokenInformation=0x0, ReturnLength=0x5e9fee8) returned 0 [0160.283] GetTokenInformation (in: TokenHandle=0x290, TokenInformationClass=0x19, TokenInformation=0x6318ac8, TokenInformationLength=0x14, ReturnLength=0x5e9fee8 | out: TokenInformation=0x6318ac8, ReturnLength=0x5e9fee8) returned 1 [0160.283] GetSidSubAuthorityCount (pSid=0x6318ad0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x6318ad1 [0160.283] GetSidSubAuthority (pSid=0x6318ad0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x6318ad8 [0160.284] CloseHandle (hObject=0x290) returned 1 [0160.284] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0160.480] CreateEventA (lpEventAttributes=0x5e9ff1c, bManualReset=1, bInitialState=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x3c0 [0160.480] GetLastError () returned 0x0 [0160.480] CloseHandle (hObject=0x3c0) returned 1 [0160.480] RegOpenKeyExA (in: hKey=0x80000003, lpSubKey=0x0, ulOptions=0x0, samDesired=0x20119, phkResult=0x5e9fed0 | out: phkResult=0x5e9fed0*=0x3c0) returned 0x0 [0160.480] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x0, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".DEFAULT", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.480] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0x0) returned 0x102 [0160.480] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x1, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-19", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.480] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0x0) returned 0x102 [0160.480] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x2, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-20", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.481] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0x0) returned 0x102 [0160.481] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x3, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-21-1462094071-1423818996-289466292-1000", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.481] StrChrA (lpStart="S-1-5-21-1462094071-1423818996-289466292-1000", wMatch=0x5f) returned 0x0 [0160.481] lstrcpyA (in: lpString1=0x5e9fd54, lpString2="S-1-5-21-1462094071-1423818996-289466292-1000" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000") returned="S-1-5-21-1462094071-1423818996-289466292-1000" [0160.481] lstrcatA (in: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000", lpString2="\\Software\\Microsoft\\Windows\\CurrentVersion" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion") returned="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion" [0160.481] lstrcatA (in: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion", lpString2="\\Explorer\\Shell Folders" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders") returned="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders" [0160.481] RegOpenKeyA (in: hKey=0x3c0, lpSubKey="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", phkResult=0x5e9fe90 | out: phkResult=0x5e9fe90*=0x3c4) returned 0x0 [0160.481] RegQueryValueExW (in: hKey=0x3c4, lpValueName="AppData", lpReserved=0x0, lpType=0x5e9fe8c, lpData=0x0, lpcbData=0x5e9fe98*=0xfffffffe | out: lpType=0x5e9fe8c*=0x1, lpData=0x0, lpcbData=0x5e9fe98*=0x4c) returned 0x0 [0160.481] lstrlenW (lpString="autoclb.exe") returned 11 [0160.481] RegQueryValueExW (in: hKey=0x3c4, lpValueName="AppData", lpReserved=0x0, lpType=0x5e9fe8c, lpData=0x6318c40, lpcbData=0x5e9fe98*=0x4c | out: lpType=0x5e9fe8c*=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", lpcbData=0x5e9fe98*=0x4c) returned 0x0 [0160.481] PathCombineW (in: pszDest=0x6318c40, pszDir="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", pszFile="adsldraw" | out: pszDest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw" [0160.481] CreateDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw"), lpSecurityAttributes=0x0) returned 1 [0160.515] PathCombineW (in: pszDest=0x6318c40, pszDir="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw", pszFile="autoclb.exe" | out: pszDest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" [0160.516] lstrcmpiW (lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe") returned -1 [0160.516] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0160.516] lstrcpyA (in: lpString1=0x5e9fdab, lpString2="\\Run" | out: lpString1="\\Run") returned="\\Run" [0160.516] RegOpenKeyExA (in: hKey=0x3c0, lpSubKey="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0xf013f, phkResult=0x5e9fea0 | out: phkResult=0x5e9fea0*=0x508) returned 0x0 [0160.516] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0160.516] RegSetValueExW (in: hKey=0x508, lpValueName="cabilipc", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", cbData=0x76 | out: lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0x0 [0160.516] RegCloseKey (hKey=0x508) returned 0x0 [0160.516] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\nstpeer.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x508 [0160.516] GetFileSize (in: hFile=0x508, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11b000 [0160.520] ReadFile (in: hFile=0x508, lpBuffer=0x54a8020, nNumberOfBytesToRead=0x11b000, lpNumberOfBytesRead=0x5e9fd18, lpOverlapped=0x0 | out: lpBuffer=0x54a8020*, lpNumberOfBytesRead=0x5e9fd18*=0x11b000, lpOverlapped=0x0) returned 1 [0160.571] CloseHandle (hObject=0x508) returned 1 [0160.571] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x508 [0160.606] WriteFile (in: hFile=0x508, lpBuffer=0x54a9020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5e9fd20, lpOverlapped=0x0 | out: lpBuffer=0x54a9020*, lpNumberOfBytesWritten=0x5e9fd20*=0x1000, lpOverlapped=0x0) returned 1 [0160.607] WriteFile (in: hFile=0x508, lpBuffer=0x54a9020*, nNumberOfBytesToWrite=0x11a000, lpNumberOfBytesWritten=0x5e9fd20, lpOverlapped=0x0 | out: lpBuffer=0x54a9020*, lpNumberOfBytesWritten=0x5e9fd20*=0x11a000, lpOverlapped=0x0) returned 1 [0160.634] SetEndOfFile (hFile=0x508) returned 1 [0160.634] CloseHandle (hObject=0x508) returned 1 [0160.659] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x508 [0160.659] WriteFile (in: hFile=0x508, lpBuffer=0x54a8020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x5e9fd20, lpOverlapped=0x0 | out: lpBuffer=0x54a8020*, lpNumberOfBytesWritten=0x5e9fd20*=0x1000, lpOverlapped=0x0) returned 1 [0160.659] FlushFileBuffers (hFile=0x508) returned 1 [0161.051] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0161.052] lstrcpyA (in: lpString1=0x5e9fd82, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0161.052] RegCreateKeyA (in: hKey=0x3c0, lpSubKey="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x5e9fea0 | out: phkResult=0x5e9fea0*=0x270) returned 0x0 [0161.052] RegQueryValueExA (in: hKey=0x270, lpValueName="Client", lpReserved=0x0, lpType=0x5e9fe8c, lpData=0x5e9fe60, lpcbData=0x5e9fe98*=0x4c | out: lpType=0x5e9fe8c*=0x0, lpData=0x5e9fe60*=0x0, lpcbData=0x5e9fe98*=0x4c) returned 0x2 [0161.052] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0161.052] RegSetValueExA (in: hKey=0x270, lpValueName="Install", Reserved=0x0, dwType=0x3, lpData=0x6318c40*, cbData=0x76 | out: lpData=0x6318c40*) returned 0x0 [0161.052] RegCloseKey (hKey=0x270) returned 0x0 [0161.052] RegCloseKey (hKey=0x3c4) returned 0x0 [0161.052] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0x0) returned 0x102 [0161.053] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x4, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-21-1462094071-1423818996-289466292-1000_Classes", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0161.053] StrChrA (lpStart="S-1-5-21-1462094071-1423818996-289466292-1000_Classes", wMatch=0x5f) returned="_Classes" [0161.053] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0x0) returned 0x102 [0161.053] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x5, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-18", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0161.053] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0x0) returned 0x102 [0161.053] RegEnumKeyExA (in: hKey=0x3c0, dwIndex=0x6, lpName=0x6318b30, lpcchName=0x5e9fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-18", lpcchName=0x5e9fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.053] RegCloseKey (hKey=0x3c0) returned 0x0 [0161.053] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe") returned 41 [0161.053] lstrcpyW (in: lpString1=0x6318b30, lpString2="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" | out: lpString1="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" [0161.053] PathGetShortPath (in: pszLongPath="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\nstpeer.exe" | out: pszLongPath="C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe") [0161.054] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0161.054] lstrcpyW (in: lpString1=0x6318b90, lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" | out: lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" [0161.054] PathGetShortPath (in: pszLongPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" | out: pszLongPath="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe") [0161.054] lstrlenW (lpString="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 54 [0161.054] lstrlenW (lpString="C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe") returned 37 [0161.054] GetTickCount () returned 0x3ada6 [0161.054] GetTempPathA (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x26 [0161.054] GetTempPathA (in: nBufferLength=0x26, lpBuffer=0x6318c10 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0161.054] GetTickCount () returned 0x3ada6 [0161.054] GetTempFileNameA (in: lpPathName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x22cac4c, lpTempFileName=0x6318c10 | out: lpTempFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C.tmp" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c.tmp")) returned 0xac4c [0161.055] PathFindExtensionA (pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C.tmp") returned=".tmp" [0161.055] lstrcpyA (in: lpString1=0x6318c39, lpString2=".bin" | out: lpString1=".bin") returned=".bin" [0161.055] PathFindExtensionA (pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C.bin") returned=".bin" [0161.055] CreateDirectoryA (lpPathName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c"), lpSecurityAttributes=0x0) returned 1 [0161.056] GetTickCount () returned 0x3ada6 [0161.056] GetTempFileNameA (in: lpPathName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x6318c10 | out: lpTempFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.tmp" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.tmp")) returned 0xada6 [0161.057] PathFindExtensionA (pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.tmp") returned=".tmp" [0161.057] lstrcpyA (in: lpString1=0x6318c3e, lpString2=".bin" | out: lpString1=".bin") returned=".bin" [0161.057] PathFindExtensionA (pszPath="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bin") returned=".bin" [0161.057] lstrcpyA (in: lpString1=0x6318c3e, lpString2=".bat" | out: lpString1=".bat") returned=".bat" [0161.057] wsprintfA (in: param_1=0x6318c60, param_2="\"%S\" \"%S\"" | out: param_1="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"") returned 96 [0161.057] GetTickCount () returned 0x3ada6 [0161.057] wsprintfA (in: param_1=0x6318dd0, param_2=":%u\r\nif not exist %%1 goto %u\r\ncmd /C \"%%1 %%2\"\r\nif errorlevel 1 goto %u\r\n:%u\r\ndel %%0" | out: param_1=":18241062\r\nif not exist %1 goto 4276726233\r\ncmd /C \"%1 %2\"\r\nif errorlevel 1 goto 18241062\r\n:4276726233\r\ndel %0") returned 110 [0161.057] lstrlenA (lpString="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat") returned 50 [0161.057] mbstowcs (in: _Dest=0x63190e8, _Source="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", _MaxCount=0x33 | out: _Dest="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat") returned 0x32 [0161.057] lstrlenA (lpString="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"") returned 96 [0161.057] mbstowcs (in: _Dest=0x6319158, _Source="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", _MaxCount=0x61 | out: _Dest="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"") returned 0x60 [0161.057] lstrlenA (lpString="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat") returned 50 [0161.057] mbstowcs (in: _Dest=0x6319228, _Source="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", _MaxCount=0x33 | out: _Dest="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat") returned 0x32 [0161.057] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x33 [0161.057] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", lpDst=0x6319298, nSize=0x33 | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat") returned 0x33 [0161.057] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c0 [0161.058] WriteFile (in: hFile=0x3c0, lpBuffer=0x6318dd0*, nNumberOfBytesToWrite=0x6e, lpNumberOfBytesWritten=0x5e9fe9c, lpOverlapped=0x0 | out: lpBuffer=0x6318dd0*, lpNumberOfBytesWritten=0x5e9fe9c*=0x6e, lpOverlapped=0x0) returned 1 [0161.059] SetEndOfFile (hFile=0x3c0) returned 1 [0161.059] CloseHandle (hObject=0x3c0) returned 1 [0161.060] ShellExecuteW (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", lpParameters="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0161.851] LocalFree (hMem=0x5b4b718) returned 0x0 [0161.851] HeapDestroy (hHeap=0x5f20000) returned 1 [0161.868] ExitProcess (uExitCode=0x0) Thread: id = 9 os_tid = 0xfd8 Thread: id = 10 os_tid = 0xfe8 Thread: id = 11 os_tid = 0xa48 Thread: id = 12 os_tid = 0xc90 Thread: id = 13 os_tid = 0xc94 Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2e487000" os_pid = "0x8d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe28" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\" \"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 464 start_va = 0x330000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 465 start_va = 0x350000 end_va = 0x351fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 466 start_va = 0x360000 end_va = 0x373fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 467 start_va = 0x380000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 468 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 469 start_va = 0x4c0000 end_va = 0x4c3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 470 start_va = 0x4d0000 end_va = 0x4d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 471 start_va = 0x4e0000 end_va = 0x4e1fff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 472 start_va = 0x10f0000 end_va = 0x113ffff entry_point = 0x10f0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 473 start_va = 0x1140000 end_va = 0x513ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 474 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 475 start_va = 0x7f100000 end_va = 0x7f122fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f100000" filename = "" Region: id = 476 start_va = 0x7f124000 end_va = 0x7f124fff entry_point = 0x0 region_type = private name = "private_0x000000007f124000" filename = "" Region: id = 477 start_va = 0x7f12b000 end_va = 0x7f12dfff entry_point = 0x0 region_type = private name = "private_0x000000007f12b000" filename = "" Region: id = 478 start_va = 0x7f12e000 end_va = 0x7f12efff entry_point = 0x0 region_type = private name = "private_0x000000007f12e000" filename = "" Region: id = 479 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 480 start_va = 0x7fff0000 end_va = 0x7df8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 481 start_va = 0x7df8ee380000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df8ee380000" filename = "" Region: id = 482 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 483 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 484 start_va = 0x6c0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 485 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 486 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 487 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 559 start_va = 0x330000 end_va = 0x33ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 560 start_va = 0x4f0000 end_va = 0x5adfff entry_point = 0x4f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 561 start_va = 0x5c0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 562 start_va = 0x6d0000 end_va = 0x70ffff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 563 start_va = 0x710000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 564 start_va = 0x950000 end_va = 0x95ffff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 565 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 566 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 567 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 568 start_va = 0x7f000000 end_va = 0x7f0fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f000000" filename = "" Region: id = 569 start_va = 0x7f128000 end_va = 0x7f12afff entry_point = 0x0 region_type = private name = "private_0x000000007f128000" filename = "" Region: id = 570 start_va = 0x340000 end_va = 0x343fff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 571 start_va = 0x350000 end_va = 0x353fff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 572 start_va = 0x74bf0000 end_va = 0x74bf7fff entry_point = 0x74bf0000 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 573 start_va = 0x76a10000 end_va = 0x76a8afff entry_point = 0x76a10000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 574 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 575 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 576 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 577 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 578 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 579 start_va = 0x5b0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 580 start_va = 0x960000 end_va = 0xc96fff entry_point = 0x960000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 969 start_va = 0x810000 end_va = 0x830fff entry_point = 0x810000 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\cmd.exe.mui") Thread: id = 14 os_tid = 0x274 [0166.144] GetModuleHandleA (lpModuleName=0x0) returned 0x10f0000 [0166.144] __set_app_type (_Type=0x1) [0166.144] __p__fmode () returned 0x77aa4d6c [0166.145] __p__commode () returned 0x77aa5b1c [0166.145] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x11036e0) returned 0x0 [0166.145] __getmainargs (in: _Argc=0x11150e8, _Argv=0x11150ec, _Env=0x11150f0, _DoWildCard=0, _StartInfo=0x11150fc | out: _Argc=0x11150e8, _Argv=0x11150ec, _Env=0x11150f0) returned 0 [0166.145] GetCurrentThreadId () returned 0x274 [0166.145] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x274) returned 0x84 [0166.145] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0166.145] GetProcAddress (hModule=0x75260000, lpProcName="SetThreadUILanguage") returned 0x752a2780 [0166.146] SetThreadUILanguage (LangId=0x0) returned 0x409 [0166.155] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0166.155] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x4bfec0 | out: phkResult=0x4bfec0*=0x0) returned 0x2 [0166.156] VirtualQuery (in: lpAddress=0x4bfec7, lpBuffer=0x4bfe78, dwLength=0x1c | out: lpBuffer=0x4bfe78*(BaseAddress=0x4bf000, AllocationBase=0x3c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.156] VirtualQuery (in: lpAddress=0x3c0000, lpBuffer=0x4bfe78, dwLength=0x1c | out: lpBuffer=0x4bfe78*(BaseAddress=0x3c0000, AllocationBase=0x3c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0166.156] VirtualQuery (in: lpAddress=0x3c1000, lpBuffer=0x4bfe78, dwLength=0x1c | out: lpBuffer=0x4bfe78*(BaseAddress=0x3c1000, AllocationBase=0x3c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0166.156] VirtualQuery (in: lpAddress=0x3c3000, lpBuffer=0x4bfe78, dwLength=0x1c | out: lpBuffer=0x4bfe78*(BaseAddress=0x3c3000, AllocationBase=0x3c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.156] VirtualQuery (in: lpAddress=0x4c0000, lpBuffer=0x4bfe78, dwLength=0x1c | out: lpBuffer=0x4bfe78*(BaseAddress=0x4c0000, AllocationBase=0x4c0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0166.156] GetConsoleOutputCP () returned 0x1b5 [0166.160] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0166.160] SetConsoleCtrlHandler (HandlerRoutine=0x110f980, Add=1) returned 1 [0166.160] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.160] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0166.183] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.183] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0166.189] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.189] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0166.194] _get_osfhandle (_FileHandle=0) returned 0x38 [0166.194] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0166.202] _get_osfhandle (_FileHandle=0) returned 0x38 [0166.202] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1e7) returned 1 [0166.203] GetEnvironmentStringsW () returned 0x5c7f38* [0166.203] FreeEnvironmentStringsA (penv="A") returned 1 [0166.203] GetEnvironmentStringsW () returned 0x5c7f38* [0166.203] FreeEnvironmentStringsA (penv="A") returned 1 [0166.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x4bee24 | out: phkResult=0x4bee24*=0x94) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x0, lpData=0x4bee30*=0x88, lpcbData=0x4bee2c*=0x1000) returned 0x2 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x1, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x0, lpData=0x4bee30*=0x1, lpcbData=0x4bee2c*=0x1000) returned 0x2 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x0, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x40, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x40, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x0, lpData=0x4bee30*=0x40, lpcbData=0x4bee2c*=0x1000) returned 0x2 [0166.204] RegCloseKey (hKey=0x94) returned 0x0 [0166.204] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x4bee24 | out: phkResult=0x4bee24*=0x94) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x0, lpData=0x4bee30*=0x40, lpcbData=0x4bee2c*=0x1000) returned 0x2 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x1, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x0, lpData=0x4bee30*=0x1, lpcbData=0x4bee2c*=0x1000) returned 0x2 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x0, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x9, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x4, lpData=0x4bee30*=0x9, lpcbData=0x4bee2c*=0x4) returned 0x0 [0166.204] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x4bee28, lpData=0x4bee30, lpcbData=0x4bee2c*=0x1000 | out: lpType=0x4bee28*=0x0, lpData=0x4bee30*=0x9, lpcbData=0x4bee2c*=0x1000) returned 0x2 [0166.204] RegCloseKey (hKey=0x94) returned 0x0 [0166.204] time (in: timer=0x0 | out: timer=0x0) returned 0x5bdace7f [0166.204] srand (_Seed=0x5bdace7f) [0166.204] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\" \"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"" [0166.205] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\" \"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"" [0166.205] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.205] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5c7f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0166.205] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0166.205] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0166.205] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0166.205] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0166.205] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0166.205] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0166.205] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0166.205] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0166.205] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0166.205] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0166.205] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0166.205] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0166.206] GetEnvironmentStringsW () returned 0x5c8150* [0166.206] FreeEnvironmentStringsA (penv="A") returned 1 [0166.206] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.206] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0166.206] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0166.206] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0166.206] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0166.206] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0166.206] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0166.206] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0166.206] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0166.206] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0166.206] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4bfbfc | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.206] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0x4bfbfc, lpFilePart=0x4bfbf4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x4bfbf4*="Desktop") returned 0x1d [0166.206] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0166.207] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x4bf978 | out: lpFindFileData=0x4bf978) returned 0x5c05c8 [0166.207] FindClose (in: hFindFile=0x5c05c8 | out: hFindFile=0x5c05c8) returned 1 [0166.207] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0x4bf978 | out: lpFindFileData=0x4bf978) returned 0x5c05c8 [0166.207] FindClose (in: hFindFile=0x5c05c8 | out: hFindFile=0x5c05c8) returned 1 [0166.207] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0166.207] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0x4bf978 | out: lpFindFileData=0x4bf978) returned 0x5c05c8 [0166.207] FindClose (in: hFindFile=0x5c05c8 | out: hFindFile=0x5c05c8) returned 1 [0166.207] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0166.207] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0166.207] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0166.207] GetEnvironmentStringsW () returned 0x5c8150* [0166.208] FreeEnvironmentStringsA (penv="=") returned 1 [0166.208] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.209] GetConsoleOutputCP () returned 0x1b5 [0166.210] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0166.210] GetUserDefaultLCID () returned 0x409 [0166.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x11224a0, cchData=8 | out: lpLCData=":") returned 2 [0166.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x4bfd2c, cchData=128 | out: lpLCData="0") returned 2 [0166.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x4bfd2c, cchData=128 | out: lpLCData="0") returned 2 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x4bfd2c, cchData=128 | out: lpLCData="1") returned 2 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x11224b0, cchData=8 | out: lpLCData="/") returned 2 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1122500, cchData=32 | out: lpLCData="Mon") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1122540, cchData=32 | out: lpLCData="Tue") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1122580, cchData=32 | out: lpLCData="Wed") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x11225c0, cchData=32 | out: lpLCData="Thu") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1122600, cchData=32 | out: lpLCData="Fri") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1122640, cchData=32 | out: lpLCData="Sat") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1122680, cchData=32 | out: lpLCData="Sun") returned 4 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x11224c0, cchData=8 | out: lpLCData=".") returned 2 [0166.211] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x11224e0, cchData=8 | out: lpLCData=",") returned 2 [0166.211] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0166.212] GetConsoleTitleW (in: lpConsoleTitle=0x5caaa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.213] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0166.213] GetProcAddress (hModule=0x75260000, lpProcName="CopyFileExW") returned 0x7527fa80 [0166.213] GetProcAddress (hModule=0x75260000, lpProcName="IsDebuggerPresent") returned 0x7527a790 [0166.213] GetProcAddress (hModule=0x75260000, lpProcName="SetConsoleInputExeNameW") returned 0x74f835c0 [0166.215] _wcsicmp (_String1="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"", _String2=")") returned -7 [0166.215] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"") returned 68 [0166.215] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"") returned 68 [0166.215] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"") returned 71 [0166.215] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"") returned 71 [0166.215] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"") returned 80 [0166.215] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"") returned 80 [0166.218] GetConsoleTitleW (in: lpConsoleTitle=0x4bfa18, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.219] GetFileAttributesW (lpFileName="\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat\"")) returned 0xffffffff [0166.219] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0166.219] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0166.219] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0166.219] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0166.219] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0166.219] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0166.219] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0166.219] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0166.219] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0166.219] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0166.219] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0166.219] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0166.219] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0166.219] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0166.219] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0166.219] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0166.219] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0166.219] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0166.219] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0166.219] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0166.219] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0166.219] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0166.219] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0166.219] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0166.219] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0166.219] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0166.220] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0166.220] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0166.220] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0166.220] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0166.220] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0166.220] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0166.220] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0166.220] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0166.220] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0166.220] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0166.220] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0166.220] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0166.220] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0166.220] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0166.220] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0166.220] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0166.220] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0166.220] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0166.220] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0166.220] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0166.220] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0166.220] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0166.220] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0166.220] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0166.220] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0166.220] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0166.220] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0166.220] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0166.220] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0166.220] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0166.220] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0166.220] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0166.220] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0166.220] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0166.221] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0166.221] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0166.221] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0166.221] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0166.221] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0166.221] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0166.221] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0166.221] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0166.221] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0166.221] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0166.221] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0166.221] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0166.221] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0166.221] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0166.221] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0166.221] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0166.221] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0166.221] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0166.221] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0166.221] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0166.221] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0166.221] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0166.221] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0166.221] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0166.221] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0166.221] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0166.221] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0166.222] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0166.222] SetErrorMode (uMode=0x0) returned 0x0 [0166.222] SetErrorMode (uMode=0x1) returned 0x0 [0166.222] GetFullPathNameW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\.", nBufferLength=0x208, lpBuffer=0x5c05d0, lpFilePart=0x4bf524 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C", lpFilePart=0x4bf524*="AC4C") returned 0x29 [0166.222] SetErrorMode (uMode=0x0) returned 0x1 [0166.222] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\.") returned 1 [0166.223] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0166.226] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.226] FindFirstFileExW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", fInfoLevelId=0x1, lpFindFileData=0x4bf2d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf2d0) returned 0x5cb328 [0166.227] FindClose (in: hFindFile=0x5cb328 | out: hFindFile=0x5cb328) returned 1 [0166.227] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0166.227] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0166.227] GetConsoleTitleW (in: lpConsoleTitle=0x4bf7a4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.227] ApiSetQueryApiSetPresence () returned 0x0 [0166.227] ResolveDelayLoadedAPI () returned 0x74bf14a0 [0166.246] SaferWorker () returned 0x0 [0166.273] SetErrorMode (uMode=0x0) returned 0x0 [0166.273] SetErrorMode (uMode=0x1) returned 0x0 [0166.273] GetFullPathNameW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", nBufferLength=0x104, lpBuffer=0x5cae78, lpFilePart=0x4bf654 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", lpFilePart=0x4bf654*="ADA6.bat") returned 0x32 [0166.273] SetErrorMode (uMode=0x0) returned 0x1 [0166.273] wcsspn (_String=" \"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", _Control=" \x09") returned 0x1 [0166.276] CmdBatNotificationStub () returned 0x1 [0166.276] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0166.276] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0166.276] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.276] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0166.277] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.277] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0166.277] ReadFile (in: hFile=0xb4, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf6b4, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf6b4*=0x6e, lpOverlapped=0x0) returned 1 [0166.278] SetFilePointer (in: hFile=0xb4, lDistanceToMove=11, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0166.278] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x112a960, cbMultiByte=11, lpWideCharStr=0x11157e0, cchWideChar=8191 | out: lpWideCharStr=":18241062\r\n") returned 11 [0166.278] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.278] GetFileType (hFile=0xb4) returned 0x1 [0166.278] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.278] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0166.280] _tell (_FileHandle=3) returned 11 [0166.280] _close (_FileHandle=3) returned 0 [0166.280] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0166.280] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0166.280] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.280] SetFilePointer (in: hFile=0xb4, lDistanceToMove=11, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0166.280] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.280] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0166.280] ReadFile (in: hFile=0xb4, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf6b4, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf6b4*=0x63, lpOverlapped=0x0) returned 1 [0166.281] SetFilePointer (in: hFile=0xb4, lDistanceToMove=44, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2c [0166.281] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x112a960, cbMultiByte=33, lpWideCharStr=0x11157e0, cchWideChar=8191 | out: lpWideCharStr="if not exist %1 goto 4276726233\r\n") returned 33 [0166.281] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.281] GetFileType (hFile=0xb4) returned 0x1 [0166.281] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.281] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2c [0166.282] _wcsicmp (_String1="if", _String2=")") returned 64 [0166.282] _wcsicmp (_String1="FOR", _String2="if") returned -3 [0166.282] _wcsicmp (_String1="FOR/?", _String2="if") returned -3 [0166.282] _wcsicmp (_String1="IF", _String2="if") returned 0 [0166.282] _wcsicmp (_String1="IF/?", _String2="if") returned 47 [0166.282] _wcsicmp (_String1="not", _String2="/I") returned 63 [0166.283] _wcsicmp (_String1="ERRORLEVEL", _String2="not") returned -9 [0166.283] _wcsicmp (_String1="EXIST", _String2="not") returned -9 [0166.283] _wcsicmp (_String1="CMDEXTVERSION", _String2="not") returned -11 [0166.283] _wcsicmp (_String1="DEFINED", _String2="not") returned -10 [0166.283] _wcsicmp (_String1="NOT", _String2="not") returned 0 [0166.283] _wcsicmp (_String1="ERRORLEVEL", _String2="exist") returned -6 [0166.283] _wcsicmp (_String1="EXIST", _String2="exist") returned 0 [0166.285] _wcsicmp (_String1="goto", _String2=")") returned 62 [0166.285] _wcsicmp (_String1="FOR", _String2="goto") returned -1 [0166.285] _wcsicmp (_String1="FOR/?", _String2="goto") returned -1 [0166.285] _wcsicmp (_String1="IF", _String2="goto") returned 2 [0166.285] _wcsicmp (_String1="IF/?", _String2="goto") returned 2 [0166.285] _wcsicmp (_String1="REM", _String2="goto") returned 11 [0166.285] _wcsicmp (_String1="REM/?", _String2="goto") returned 11 [0166.286] _wcsicmp (_String1="ELSE", _String2="\n") returned 91 [0166.286] _tell (_FileHandle=3) returned 44 [0166.286] _close (_FileHandle=3) returned 0 [0166.288] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf478 | out: _Buffer="\r\n") returned 2 [0166.289] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.289] GetFileType (hFile=0x3c) returned 0x2 [0166.289] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.289] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf450 | out: lpMode=0x4bf450) returned 1 [0166.302] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.302] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf468, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf468*=0x2) returned 1 [0166.313] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0166.313] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.313] _vsnwprintf (in: _Buffer=0x1119be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x4bf474 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0166.313] _vsnwprintf (in: _Buffer=0x1119c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x4bf474 | out: _Buffer=">") returned 1 [0166.313] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.314] GetFileType (hFile=0x3c) returned 0x2 [0166.314] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.314] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf454 | out: lpMode=0x4bf454) returned 1 [0166.320] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.320] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1119be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x4bf46c, lpReserved=0x0 | out: lpBuffer=0x1119be0*, lpNumberOfCharsWritten=0x4bf46c*=0x1e) returned 1 [0166.350] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf714 | out: _Buffer="if ") returned 3 [0166.350] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.350] GetFileType (hFile=0x3c) returned 0x2 [0166.350] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.350] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6ec | out: lpMode=0x4bf6ec) returned 1 [0166.352] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.352] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x4bf704, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf704*=0x3) returned 1 [0166.357] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf704 | out: _Buffer="not ") returned 4 [0166.357] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.357] GetFileType (hFile=0x3c) returned 0x2 [0166.357] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.357] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6dc | out: lpMode=0x4bf6dc) returned 1 [0166.358] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.358] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x4bf6f4, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf6f4*=0x4) returned 1 [0166.359] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x4bf700 | out: _Buffer="exist \"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" ") returned 63 [0166.359] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.359] GetFileType (hFile=0x3c) returned 0x2 [0166.359] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.359] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6d8 | out: lpMode=0x4bf6d8) returned 1 [0166.362] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.362] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x4bf6f0, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf6f0*=0x3f) returned 1 [0166.365] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.365] GetFileType (hFile=0x3c) returned 0x2 [0166.365] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.365] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6e4 | out: lpMode=0x4bf6e4) returned 1 [0166.366] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.366] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5c7808*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x4bf6fc, lpReserved=0x0 | out: lpBuffer=0x5c7808*, lpNumberOfCharsWritten=0x4bf6fc*=0x4) returned 1 [0166.367] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf704 | out: _Buffer=" 4276726233 ") returned 12 [0166.367] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.367] GetFileType (hFile=0x3c) returned 0x2 [0166.368] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.368] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6dc | out: lpMode=0x4bf6dc) returned 1 [0166.369] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.369] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x4bf6f4, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf6f4*=0xc) returned 1 [0166.370] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf728 | out: _Buffer="\r\n") returned 2 [0166.370] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.370] GetFileType (hFile=0x3c) returned 0x2 [0166.370] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.370] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf700 | out: lpMode=0x4bf700) returned 1 [0166.373] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.373] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf718, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf718*=0x2) returned 1 [0166.374] GetFullPathNameW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", nBufferLength=0x208, lpBuffer=0x4bf280, lpFilePart=0x4bf028 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpFilePart=0x4bf028*="autoclb.exe") returned 0x36 [0166.374] wcsncmp (_String1="C:\\U", _String2="\\\\.\\", _MaxCount=0x4) returned -25 [0166.374] FindFirstFileExW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", fInfoLevelId=0x1, lpFindFileData=0x4bf030, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf030) returned 0x5d8ad8 [0166.374] FindClose (in: hFindFile=0x5d8ad8 | out: hFindFile=0x5d8ad8) returned 1 [0166.374] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.374] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0166.375] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.375] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0166.376] _get_osfhandle (_FileHandle=0) returned 0x38 [0166.376] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0166.377] SetConsoleInputExeNameW () returned 0x1 [0166.377] GetConsoleOutputCP () returned 0x1b5 [0166.377] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0166.377] SetThreadUILanguage (LangId=0x0) returned 0x409 [0166.378] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0166.379] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0166.379] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.379] SetFilePointer (in: hFile=0xb4, lDistanceToMove=44, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x2c [0166.379] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.379] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x2c [0166.379] ReadFile (in: hFile=0xb4, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf6b4, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf6b4*=0x42, lpOverlapped=0x0) returned 1 [0166.379] SetFilePointer (in: hFile=0xb4, lDistanceToMove=60, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3c [0166.379] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x112a960, cbMultiByte=16, lpWideCharStr=0x11157e0, cchWideChar=8191 | out: lpWideCharStr="cmd /C \"%1 %2\"\r\ngoto 4276726233\r\n") returned 16 [0166.379] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.379] GetFileType (hFile=0xb4) returned 0x1 [0166.380] _get_osfhandle (_FileHandle=3) returned 0xb4 [0166.380] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3c [0166.380] _wcsicmp (_String1="cmd", _String2=")") returned 58 [0166.380] _wcsicmp (_String1="FOR", _String2="cmd") returned 3 [0166.380] _wcsicmp (_String1="FOR/?", _String2="cmd") returned 3 [0166.380] _wcsicmp (_String1="IF", _String2="cmd") returned 6 [0166.380] _wcsicmp (_String1="IF/?", _String2="cmd") returned 6 [0166.380] _wcsicmp (_String1="REM", _String2="cmd") returned 15 [0166.380] _wcsicmp (_String1="REM/?", _String2="cmd") returned 15 [0166.380] _tell (_FileHandle=3) returned 60 [0166.380] _close (_FileHandle=3) returned 0 [0166.381] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf478 | out: _Buffer="\r\n") returned 2 [0166.381] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.381] GetFileType (hFile=0x3c) returned 0x2 [0166.381] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.381] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf450 | out: lpMode=0x4bf450) returned 1 [0166.382] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.382] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf468, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf468*=0x2) returned 1 [0166.383] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.383] _vsnwprintf (in: _Buffer=0x1119be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x4bf474 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0166.383] _vsnwprintf (in: _Buffer=0x1119c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x4bf474 | out: _Buffer=">") returned 1 [0166.383] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.383] GetFileType (hFile=0x3c) returned 0x2 [0166.383] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.383] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf454 | out: lpMode=0x4bf454) returned 1 [0166.384] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.384] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1119be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x4bf46c, lpReserved=0x0 | out: lpBuffer=0x1119be0*, lpNumberOfCharsWritten=0x4bf46c*=0x1e) returned 1 [0166.385] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.385] GetFileType (hFile=0x3c) returned 0x2 [0166.385] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.385] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6f4 | out: lpMode=0x4bf6f4) returned 1 [0166.410] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.410] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5d83a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x4bf70c, lpReserved=0x0 | out: lpBuffer=0x5d83a0*, lpNumberOfCharsWritten=0x4bf70c*=0x3) returned 1 [0166.413] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf714 | out: _Buffer=" /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\" ") returned 103 [0166.413] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.413] GetFileType (hFile=0x3c) returned 0x2 [0166.413] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.413] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6ec | out: lpMode=0x4bf6ec) returned 1 [0166.424] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.424] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x67, lpNumberOfCharsWritten=0x4bf704, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf704*=0x67) returned 1 [0166.426] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf728 | out: _Buffer="\r\n") returned 2 [0166.426] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.426] GetFileType (hFile=0x3c) returned 0x2 [0166.426] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0166.426] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf700 | out: lpMode=0x4bf700) returned 1 [0166.430] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.430] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf718, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf718*=0x2) returned 1 [0166.432] _wcsicmp (_String1="cmd", _String2="DIR") returned -1 [0166.432] _wcsicmp (_String1="cmd", _String2="ERASE") returned -2 [0166.432] _wcsicmp (_String1="cmd", _String2="DEL") returned -1 [0166.432] _wcsicmp (_String1="cmd", _String2="TYPE") returned -17 [0166.432] _wcsicmp (_String1="cmd", _String2="COPY") returned -2 [0166.432] _wcsicmp (_String1="cmd", _String2="CD") returned 9 [0166.432] _wcsicmp (_String1="cmd", _String2="CHDIR") returned 5 [0166.432] _wcsicmp (_String1="cmd", _String2="RENAME") returned -15 [0166.432] _wcsicmp (_String1="cmd", _String2="REN") returned -15 [0166.432] _wcsicmp (_String1="cmd", _String2="ECHO") returned -2 [0166.432] _wcsicmp (_String1="cmd", _String2="SET") returned -16 [0166.432] _wcsicmp (_String1="cmd", _String2="PAUSE") returned -13 [0166.432] _wcsicmp (_String1="cmd", _String2="DATE") returned -1 [0166.432] _wcsicmp (_String1="cmd", _String2="TIME") returned -17 [0166.432] _wcsicmp (_String1="cmd", _String2="PROMPT") returned -13 [0166.432] _wcsicmp (_String1="cmd", _String2="MD") returned -10 [0166.432] _wcsicmp (_String1="cmd", _String2="MKDIR") returned -10 [0166.432] _wcsicmp (_String1="cmd", _String2="RD") returned -15 [0166.433] _wcsicmp (_String1="cmd", _String2="RMDIR") returned -15 [0166.433] _wcsicmp (_String1="cmd", _String2="PATH") returned -13 [0166.433] _wcsicmp (_String1="cmd", _String2="GOTO") returned -4 [0166.433] _wcsicmp (_String1="cmd", _String2="SHIFT") returned -16 [0166.433] _wcsicmp (_String1="cmd", _String2="CLS") returned 1 [0166.433] _wcsicmp (_String1="cmd", _String2="CALL") returned 12 [0166.433] _wcsicmp (_String1="cmd", _String2="VERIFY") returned -19 [0166.433] _wcsicmp (_String1="cmd", _String2="VER") returned -19 [0166.433] _wcsicmp (_String1="cmd", _String2="VOL") returned -19 [0166.433] _wcsicmp (_String1="cmd", _String2="EXIT") returned -2 [0166.433] _wcsicmp (_String1="cmd", _String2="SETLOCAL") returned -16 [0166.433] _wcsicmp (_String1="cmd", _String2="ENDLOCAL") returned -2 [0166.433] _wcsicmp (_String1="cmd", _String2="TITLE") returned -17 [0166.433] _wcsicmp (_String1="cmd", _String2="START") returned -16 [0166.433] _wcsicmp (_String1="cmd", _String2="DPATH") returned -1 [0166.433] _wcsicmp (_String1="cmd", _String2="KEYS") returned -8 [0166.433] _wcsicmp (_String1="cmd", _String2="MOVE") returned -10 [0166.433] _wcsicmp (_String1="cmd", _String2="PUSHD") returned -13 [0166.433] _wcsicmp (_String1="cmd", _String2="POPD") returned -13 [0166.433] _wcsicmp (_String1="cmd", _String2="ASSOC") returned 2 [0166.433] _wcsicmp (_String1="cmd", _String2="FTYPE") returned -3 [0166.433] _wcsicmp (_String1="cmd", _String2="BREAK") returned 1 [0166.433] _wcsicmp (_String1="cmd", _String2="COLOR") returned -2 [0166.434] _wcsicmp (_String1="cmd", _String2="MKLINK") returned -10 [0166.434] _wcsnicmp (_String1="cmd", _String2="cmd ", _MaxCount=0x4) returned -32 [0166.434] SetErrorMode (uMode=0x0) returned 0x0 [0166.434] SetErrorMode (uMode=0x1) returned 0x0 [0166.434] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5d8990, lpFilePart=0x4bf4c4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x4bf4c4*="Desktop") returned 0x1d [0166.434] SetErrorMode (uMode=0x0) returned 0x1 [0166.434] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0166.434] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0166.434] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0166.435] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.435] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cmd.*", fInfoLevelId=0x1, lpFindFileData=0x4bf250, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf250) returned 0xffffffff [0166.435] GetLastError () returned 0x2 [0166.435] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.435] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cmd.*", fInfoLevelId=0x1, lpFindFileData=0x4bf250, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf250) returned 0xffffffff [0166.438] GetLastError () returned 0x2 [0166.438] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.438] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cmd.*", fInfoLevelId=0x1, lpFindFileData=0x4bf250, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf250) returned 0x5d8d28 [0166.438] FindClose (in: hFindFile=0x5d8d28 | out: hFindFile=0x5d8d28) returned 1 [0166.439] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cmd.COM", fInfoLevelId=0x1, lpFindFileData=0x4bf250, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf250) returned 0xffffffff [0166.439] GetLastError () returned 0x2 [0166.439] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cmd.EXE", fInfoLevelId=0x1, lpFindFileData=0x4bf250, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4bf250) returned 0x5d8d28 [0166.439] FindClose (in: hFindFile=0x5d8d28 | out: hFindFile=0x5d8d28) returned 1 [0166.439] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0166.439] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0166.439] GetConsoleTitleW (in: lpConsoleTitle=0x4bf298, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.440] _wcsicmp (_String1="cmd", _String2="DIR") returned -1 [0166.440] _wcsicmp (_String1="cmd", _String2="ERASE") returned -2 [0166.440] _wcsicmp (_String1="cmd", _String2="DEL") returned -1 [0166.440] _wcsicmp (_String1="cmd", _String2="TYPE") returned -17 [0166.440] _wcsicmp (_String1="cmd", _String2="COPY") returned -2 [0166.440] _wcsicmp (_String1="cmd", _String2="CD") returned 9 [0166.440] _wcsicmp (_String1="cmd", _String2="CHDIR") returned 5 [0166.440] _wcsicmp (_String1="cmd", _String2="RENAME") returned -15 [0166.440] _wcsicmp (_String1="cmd", _String2="REN") returned -15 [0166.441] _wcsicmp (_String1="cmd", _String2="ECHO") returned -2 [0166.441] _wcsicmp (_String1="cmd", _String2="SET") returned -16 [0166.441] _wcsicmp (_String1="cmd", _String2="PAUSE") returned -13 [0166.441] _wcsicmp (_String1="cmd", _String2="DATE") returned -1 [0166.441] _wcsicmp (_String1="cmd", _String2="TIME") returned -17 [0166.441] _wcsicmp (_String1="cmd", _String2="PROMPT") returned -13 [0166.441] _wcsicmp (_String1="cmd", _String2="MD") returned -10 [0166.441] _wcsicmp (_String1="cmd", _String2="MKDIR") returned -10 [0166.441] _wcsicmp (_String1="cmd", _String2="RD") returned -15 [0166.441] _wcsicmp (_String1="cmd", _String2="RMDIR") returned -15 [0166.441] _wcsicmp (_String1="cmd", _String2="PATH") returned -13 [0166.441] _wcsicmp (_String1="cmd", _String2="GOTO") returned -4 [0166.441] _wcsicmp (_String1="cmd", _String2="SHIFT") returned -16 [0166.441] _wcsicmp (_String1="cmd", _String2="CLS") returned 1 [0166.441] _wcsicmp (_String1="cmd", _String2="CALL") returned 12 [0166.441] _wcsicmp (_String1="cmd", _String2="VERIFY") returned -19 [0166.441] _wcsicmp (_String1="cmd", _String2="VER") returned -19 [0166.441] _wcsicmp (_String1="cmd", _String2="VOL") returned -19 [0166.441] _wcsicmp (_String1="cmd", _String2="EXIT") returned -2 [0166.441] _wcsicmp (_String1="cmd", _String2="SETLOCAL") returned -16 [0166.441] _wcsicmp (_String1="cmd", _String2="ENDLOCAL") returned -2 [0166.441] _wcsicmp (_String1="cmd", _String2="TITLE") returned -17 [0166.441] _wcsicmp (_String1="cmd", _String2="START") returned -16 [0166.441] _wcsicmp (_String1="cmd", _String2="DPATH") returned -1 [0166.441] _wcsicmp (_String1="cmd", _String2="KEYS") returned -8 [0166.441] _wcsicmp (_String1="cmd", _String2="MOVE") returned -10 [0166.441] _wcsicmp (_String1="cmd", _String2="PUSHD") returned -13 [0166.441] _wcsicmp (_String1="cmd", _String2="POPD") returned -13 [0166.441] _wcsicmp (_String1="cmd", _String2="ASSOC") returned 2 [0166.441] _wcsicmp (_String1="cmd", _String2="FTYPE") returned -3 [0166.441] _wcsicmp (_String1="cmd", _String2="BREAK") returned 1 [0166.441] _wcsicmp (_String1="cmd", _String2="COLOR") returned -2 [0166.442] _wcsicmp (_String1="cmd", _String2="MKLINK") returned -10 [0166.442] _wcsicmp (_String1="cmd", _String2="DIR") returned -1 [0166.442] _wcsicmp (_String1="cmd", _String2="ERASE") returned -2 [0166.442] _wcsicmp (_String1="cmd", _String2="DEL") returned -1 [0166.442] _wcsicmp (_String1="cmd", _String2="TYPE") returned -17 [0166.442] _wcsicmp (_String1="cmd", _String2="COPY") returned -2 [0166.442] _wcsicmp (_String1="cmd", _String2="CD") returned 9 [0166.442] _wcsicmp (_String1="cmd", _String2="CHDIR") returned 5 [0166.442] _wcsicmp (_String1="cmd", _String2="RENAME") returned -15 [0166.442] _wcsicmp (_String1="cmd", _String2="REN") returned -15 [0166.442] _wcsicmp (_String1="cmd", _String2="ECHO") returned -2 [0166.442] _wcsicmp (_String1="cmd", _String2="SET") returned -16 [0166.442] _wcsicmp (_String1="cmd", _String2="PAUSE") returned -13 [0166.442] _wcsicmp (_String1="cmd", _String2="DATE") returned -1 [0166.442] _wcsicmp (_String1="cmd", _String2="TIME") returned -17 [0166.442] _wcsicmp (_String1="cmd", _String2="PROMPT") returned -13 [0166.442] _wcsicmp (_String1="cmd", _String2="MD") returned -10 [0166.442] _wcsicmp (_String1="cmd", _String2="MKDIR") returned -10 [0166.442] _wcsicmp (_String1="cmd", _String2="RD") returned -15 [0166.442] _wcsicmp (_String1="cmd", _String2="RMDIR") returned -15 [0166.442] _wcsicmp (_String1="cmd", _String2="PATH") returned -13 [0166.442] _wcsicmp (_String1="cmd", _String2="GOTO") returned -4 [0166.442] _wcsicmp (_String1="cmd", _String2="SHIFT") returned -16 [0166.442] _wcsicmp (_String1="cmd", _String2="CLS") returned 1 [0166.442] _wcsicmp (_String1="cmd", _String2="CALL") returned 12 [0166.442] _wcsicmp (_String1="cmd", _String2="VERIFY") returned -19 [0166.442] _wcsicmp (_String1="cmd", _String2="VER") returned -19 [0166.442] _wcsicmp (_String1="cmd", _String2="VOL") returned -19 [0166.442] _wcsicmp (_String1="cmd", _String2="EXIT") returned -2 [0166.442] _wcsicmp (_String1="cmd", _String2="SETLOCAL") returned -16 [0166.442] _wcsicmp (_String1="cmd", _String2="ENDLOCAL") returned -2 [0166.442] _wcsicmp (_String1="cmd", _String2="TITLE") returned -17 [0166.443] _wcsicmp (_String1="cmd", _String2="START") returned -16 [0166.443] _wcsicmp (_String1="cmd", _String2="DPATH") returned -1 [0166.443] _wcsicmp (_String1="cmd", _String2="KEYS") returned -8 [0166.443] _wcsicmp (_String1="cmd", _String2="MOVE") returned -10 [0166.443] _wcsicmp (_String1="cmd", _String2="PUSHD") returned -13 [0166.443] _wcsicmp (_String1="cmd", _String2="POPD") returned -13 [0166.443] _wcsicmp (_String1="cmd", _String2="ASSOC") returned 2 [0166.443] _wcsicmp (_String1="cmd", _String2="FTYPE") returned -3 [0166.443] _wcsicmp (_String1="cmd", _String2="BREAK") returned 1 [0166.443] _wcsicmp (_String1="cmd", _String2="COLOR") returned -2 [0166.443] _wcsicmp (_String1="cmd", _String2="MKLINK") returned -10 [0166.443] _wcsicmp (_String1="cmd", _String2="FOR") returned -3 [0166.443] _wcsicmp (_String1="cmd", _String2="IF") returned -6 [0166.443] _wcsicmp (_String1="cmd", _String2="REM") returned -15 [0166.443] _wcsnicmp (_String1="cmd", _String2="cmd ", _MaxCount=0x4) returned -32 [0166.443] SetErrorMode (uMode=0x0) returned 0x0 [0166.443] SetErrorMode (uMode=0x1) returned 0x0 [0166.443] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5d9030, lpFilePart=0x4beda4 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0x4beda4*="Desktop") returned 0x1d [0166.443] SetErrorMode (uMode=0x0) returned 0x1 [0166.444] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0166.444] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0166.444] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0166.444] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.444] FindFirstFileExW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop\\cmd.*", fInfoLevelId=0x1, lpFindFileData=0x4beb30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4beb30) returned 0xffffffff [0166.444] GetLastError () returned 0x2 [0166.444] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.445] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\cmd.*", fInfoLevelId=0x1, lpFindFileData=0x4beb30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4beb30) returned 0xffffffff [0166.445] GetLastError () returned 0x2 [0166.445] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.445] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cmd.*", fInfoLevelId=0x1, lpFindFileData=0x4beb30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4beb30) returned 0x5d93c8 [0166.445] FindClose (in: hFindFile=0x5d93c8 | out: hFindFile=0x5d93c8) returned 1 [0166.445] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cmd.COM", fInfoLevelId=0x1, lpFindFileData=0x4beb30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4beb30) returned 0xffffffff [0166.445] GetLastError () returned 0x2 [0166.445] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\cmd.EXE", fInfoLevelId=0x1, lpFindFileData=0x4beb30, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x4beb30) returned 0x5d93c8 [0166.445] FindClose (in: hFindFile=0x5d93c8 | out: hFindFile=0x5d93c8) returned 1 [0166.446] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0166.446] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0166.446] GetConsoleTitleW (in: lpConsoleTitle=0x4bf024, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.447] InitializeProcThreadAttributeList (in: lpAttributeList=0x4bef50, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x4bef34 | out: lpAttributeList=0x4bef50, lpSize=0x4bef34) returned 1 [0166.447] UpdateProcThreadAttribute (in: lpAttributeList=0x4bef50, dwFlags=0x0, Attribute=0x60001, lpValue=0x4bef3c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x4bef50, lpPreviousValue=0x0) returned 1 [0166.447] GetStartupInfoW (in: lpStartupInfo=0x4bef88 | out: lpStartupInfo=0x4bef88*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0166.447] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0166.447] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0166.448] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0166.449] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0166.449] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0166.449] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0166.449] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0166.449] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0166.449] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0166.449] lstrcmpW (lpString1="\\cmd.exe", lpString2="\\XCOPY.EXE") returned -1 [0166.451] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0x4beed8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x4bef24 | out: lpCommandLine="cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"", lpProcessInformation=0x4bef24*(hProcess=0xb8, hThread=0xb0, dwProcessId=0x898, dwThreadId=0x630)) returned 1 [0166.466] CloseHandle (hObject=0xb0) returned 1 [0166.466] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0166.466] GetEnvironmentStringsW () returned 0x5c9e88* [0166.466] FreeEnvironmentStringsA (penv="=") returned 1 [0166.466] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0176.579] GetExitCodeProcess (in: hProcess=0xb8, lpExitCode=0x4beebc | out: lpExitCode=0x4beebc*=0x0) returned 1 [0176.580] CloseHandle (hObject=0xb8) returned 1 [0176.580] _vsnwprintf (in: _Buffer=0x4befa4, _BufferCount=0x13, _Format="%08X", _ArgList=0x4beec4 | out: _Buffer="00000000") returned 8 [0176.580] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0176.580] GetEnvironmentStringsW () returned 0x5cb398* [0176.580] FreeEnvironmentStringsA (penv="=") returned 1 [0176.580] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0176.580] GetEnvironmentStringsW () returned 0x5cb398* [0176.580] FreeEnvironmentStringsA (penv="=") returned 1 [0176.580] DeleteProcThreadAttributeList (in: lpAttributeList=0x4bef50 | out: lpAttributeList=0x4bef50) [0176.580] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.580] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0176.583] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.583] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0176.583] _get_osfhandle (_FileHandle=0) returned 0x38 [0176.583] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0176.584] SetConsoleInputExeNameW () returned 0x1 [0176.584] GetConsoleOutputCP () returned 0x1b5 [0176.584] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0176.584] SetThreadUILanguage (LangId=0x0) returned 0x409 [0176.584] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0176.584] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0176.584] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.584] SetFilePointer (in: hFile=0xb8, lDistanceToMove=60, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x3c [0176.585] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.585] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x3c [0176.585] ReadFile (in: hFile=0xb8, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf6b4, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf6b4*=0x32, lpOverlapped=0x0) returned 1 [0176.585] SetFilePointer (in: hFile=0xb8, lDistanceToMove=91, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5b [0176.585] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x112a960, cbMultiByte=31, lpWideCharStr=0x11157e0, cchWideChar=8191 | out: lpWideCharStr="if errorlevel 1 goto 18241062\r\n\r\n") returned 31 [0176.585] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.585] GetFileType (hFile=0xb8) returned 0x1 [0176.585] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.585] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5b [0176.586] _wcsicmp (_String1="if", _String2=")") returned 64 [0176.586] _wcsicmp (_String1="FOR", _String2="if") returned -3 [0176.586] _wcsicmp (_String1="FOR/?", _String2="if") returned -3 [0176.586] _wcsicmp (_String1="IF", _String2="if") returned 0 [0176.586] _wcsicmp (_String1="IF/?", _String2="if") returned 47 [0176.586] _wcsicmp (_String1="errorlevel", _String2="/I") returned 54 [0176.586] _wcsicmp (_String1="ERRORLEVEL", _String2="errorlevel") returned 0 [0176.587] _wcsicmp (_String1="goto", _String2=")") returned 62 [0176.587] _wcsicmp (_String1="FOR", _String2="goto") returned -1 [0176.587] _wcsicmp (_String1="FOR/?", _String2="goto") returned -1 [0176.587] _wcsicmp (_String1="IF", _String2="goto") returned 2 [0176.587] _wcsicmp (_String1="IF/?", _String2="goto") returned 2 [0176.587] _wcsicmp (_String1="REM", _String2="goto") returned 11 [0176.587] _wcsicmp (_String1="REM/?", _String2="goto") returned 11 [0176.587] _wcsicmp (_String1="ELSE", _String2="\n") returned 91 [0176.588] _tell (_FileHandle=3) returned 91 [0176.588] _close (_FileHandle=3) returned 0 [0176.588] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf478 | out: _Buffer="\r\n") returned 2 [0176.588] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.588] GetFileType (hFile=0x3c) returned 0x2 [0176.588] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.588] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf450 | out: lpMode=0x4bf450) returned 1 [0176.588] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.588] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf468, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf468*=0x2) returned 1 [0176.588] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0176.588] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0176.589] _vsnwprintf (in: _Buffer=0x1119be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x4bf474 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0176.589] _vsnwprintf (in: _Buffer=0x1119c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x4bf474 | out: _Buffer=">") returned 1 [0176.589] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.589] GetFileType (hFile=0x3c) returned 0x2 [0176.589] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.589] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf454 | out: lpMode=0x4bf454) returned 1 [0176.589] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.589] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1119be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x4bf46c, lpReserved=0x0 | out: lpBuffer=0x1119be0*, lpNumberOfCharsWritten=0x4bf46c*=0x1e) returned 1 [0176.589] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf714 | out: _Buffer="if ") returned 3 [0176.589] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.589] GetFileType (hFile=0x3c) returned 0x2 [0176.589] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.589] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6ec | out: lpMode=0x4bf6ec) returned 1 [0176.590] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.590] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x4bf704, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf704*=0x3) returned 1 [0176.590] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s %s ", _ArgList=0x4bf700 | out: _Buffer="errorlevel 1 ") returned 13 [0176.590] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.590] GetFileType (hFile=0x3c) returned 0x2 [0176.590] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.590] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6d8 | out: lpMode=0x4bf6d8) returned 1 [0176.590] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.590] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x4bf6f0, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf6f0*=0xd) returned 1 [0176.591] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.591] GetFileType (hFile=0x3c) returned 0x2 [0176.591] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.591] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6e4 | out: lpMode=0x4bf6e4) returned 1 [0176.591] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.591] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5c79a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0x4bf6fc, lpReserved=0x0 | out: lpBuffer=0x5c79a8*, lpNumberOfCharsWritten=0x4bf6fc*=0x4) returned 1 [0176.591] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf704 | out: _Buffer=" 18241062 ") returned 10 [0176.591] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.591] GetFileType (hFile=0x3c) returned 0x2 [0176.591] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.591] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6dc | out: lpMode=0x4bf6dc) returned 1 [0176.592] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.592] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x4bf6f4, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf6f4*=0xa) returned 1 [0176.592] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf728 | out: _Buffer="\r\n") returned 2 [0176.592] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.592] GetFileType (hFile=0x3c) returned 0x2 [0176.592] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.592] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf700 | out: lpMode=0x4bf700) returned 1 [0176.592] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.592] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf718, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf718*=0x2) returned 1 [0176.593] wcstol (in: _String="1", _EndPtr=0x0, _Radix=10 | out: _EndPtr=0x0) returned 1 [0176.593] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.593] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0176.593] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.593] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0176.593] _get_osfhandle (_FileHandle=0) returned 0x38 [0176.593] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0176.593] SetConsoleInputExeNameW () returned 0x1 [0176.593] GetConsoleOutputCP () returned 0x1b5 [0176.594] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0176.594] SetThreadUILanguage (LangId=0x0) returned 0x409 [0176.594] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0176.594] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0176.594] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.594] SetFilePointer (in: hFile=0xb8, lDistanceToMove=91, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x5b [0176.595] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.595] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x5b [0176.595] ReadFile (in: hFile=0xb8, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf6b4, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf6b4*=0x13, lpOverlapped=0x0) returned 1 [0176.595] SetFilePointer (in: hFile=0xb8, lDistanceToMove=104, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x68 [0176.595] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x112a960, cbMultiByte=13, lpWideCharStr=0x11157e0, cchWideChar=8191 | out: lpWideCharStr=":4276726233\r\n 1 goto 18241062\r\n\r\n") returned 13 [0176.595] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.595] GetFileType (hFile=0xb8) returned 0x1 [0176.595] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.595] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x68 [0176.595] _tell (_FileHandle=3) returned 104 [0176.595] _close (_FileHandle=3) returned 0 [0176.596] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb8 [0176.596] _open_osfhandle (_OSFileHandle=0xb8, _Flags=8) returned 3 [0176.596] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.596] SetFilePointer (in: hFile=0xb8, lDistanceToMove=104, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x68 [0176.596] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.596] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x68 [0176.596] ReadFile (in: hFile=0xb8, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf6b4, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf6b4*=0x6, lpOverlapped=0x0) returned 1 [0176.596] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x112a960, cbMultiByte=6, lpWideCharStr=0x11157e0, cchWideChar=8191 | out: lpWideCharStr="del %026233\r\n 1 goto 18241062\r\n\r\n") returned 6 [0176.596] _wcsicmp (_String1="del", _String2=")") returned 59 [0176.596] _wcsicmp (_String1="FOR", _String2="del") returned 2 [0176.596] _wcsicmp (_String1="FOR/?", _String2="del") returned 2 [0176.596] _wcsicmp (_String1="IF", _String2="del") returned 5 [0176.596] _wcsicmp (_String1="IF/?", _String2="del") returned 5 [0176.596] _wcsicmp (_String1="REM", _String2="del") returned 14 [0176.596] _wcsicmp (_String1="REM/?", _String2="del") returned 14 [0176.597] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.597] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x6e [0176.597] ReadFile (in: hFile=0xb8, lpBuffer=0x112a960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x4bf5ac, lpOverlapped=0x0 | out: lpBuffer=0x112a960*, lpNumberOfBytesRead=0x4bf5ac*=0x0, lpOverlapped=0x0) returned 1 [0176.597] GetLastError () returned 0x0 [0176.597] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.597] GetFileType (hFile=0xb8) returned 0x1 [0176.597] _get_osfhandle (_FileHandle=3) returned 0xb8 [0176.597] SetFilePointer (in: hFile=0xb8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6e [0176.597] _tell (_FileHandle=3) returned 110 [0176.597] _close (_FileHandle=3) returned 0 [0176.597] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf478 | out: _Buffer="\r\n") returned 2 [0176.597] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.597] GetFileType (hFile=0x3c) returned 0x2 [0176.597] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.597] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf450 | out: lpMode=0x4bf450) returned 1 [0176.609] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.609] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf468, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf468*=0x2) returned 1 [0176.610] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0176.610] _vsnwprintf (in: _Buffer=0x1119be0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x4bf474 | out: _Buffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 29 [0176.610] _vsnwprintf (in: _Buffer=0x1119c1a, _BufferCount=0x3e1, _Format="%c", _ArgList=0x4bf474 | out: _Buffer=">") returned 1 [0176.610] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.610] GetFileType (hFile=0x3c) returned 0x2 [0176.610] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.611] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf454 | out: lpMode=0x4bf454) returned 1 [0176.611] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.611] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1119be0*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x4bf46c, lpReserved=0x0 | out: lpBuffer=0x1119be0*, lpNumberOfCharsWritten=0x4bf46c*=0x1e) returned 1 [0176.611] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.611] GetFileType (hFile=0x3c) returned 0x2 [0176.611] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.611] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6f4 | out: lpMode=0x4bf6f4) returned 1 [0176.612] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.612] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5d8550*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0x4bf70c, lpReserved=0x0 | out: lpBuffer=0x5d8550*, lpNumberOfCharsWritten=0x4bf70c*=0x3) returned 1 [0176.612] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x4bf714 | out: _Buffer=" \"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat\" ") returned 54 [0176.612] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.612] GetFileType (hFile=0x3c) returned 0x2 [0176.612] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.612] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf6ec | out: lpMode=0x4bf6ec) returned 1 [0176.613] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.613] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x4bf704, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf704*=0x36) returned 1 [0176.613] _vsnwprintf (in: _Buffer=0x1126940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x4bf728 | out: _Buffer="\r\n") returned 2 [0176.613] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.613] GetFileType (hFile=0x3c) returned 0x2 [0176.613] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0176.613] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x4bf700 | out: lpMode=0x4bf700) returned 1 [0176.613] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.613] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x4bf718, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf718*=0x2) returned 1 [0176.614] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0176.614] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0176.614] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0176.614] GetConsoleTitleW (in: lpConsoleTitle=0x4bf298, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0176.614] _wcsicmp (_String1="del", _String2="DIR") returned -4 [0176.614] _wcsicmp (_String1="del", _String2="ERASE") returned -1 [0176.614] _wcsicmp (_String1="del", _String2="DEL") returned 0 [0176.615] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x4bf040 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0176.615] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x4be0b0 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0176.615] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x4be2e4, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x4be2e8, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x4be2e4*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0176.615] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0176.616] _wcsicmp (_String1="ADA6.bat", _String2=".") returned 51 [0176.616] _wcsicmp (_String1="ADA6.bat", _String2="..") returned 51 [0176.616] GetFileAttributesW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat")) returned 0x20 [0176.616] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x5d9b18 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0176.616] SetErrorMode (uMode=0x0) returned 0x0 [0176.616] SetErrorMode (uMode=0x1) returned 0x0 [0176.616] GetFullPathNameW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", nBufferLength=0x104, lpBuffer=0x4be710, lpFilePart=0x4be6e4 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", lpFilePart=0x4be6e4*="ADA6.bat") returned 0x32 [0176.616] SetErrorMode (uMode=0x0) returned 0x1 [0176.616] GetFileAttributesW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c")) returned 0x10 [0176.616] _wcsicmp (_String1="ADA6.bat", _String2=".") returned 51 [0176.616] _wcsicmp (_String1="ADA6.bat", _String2="..") returned 51 [0176.616] GetFileAttributesW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat")) returned 0x20 [0176.617] FindFirstFileExW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", fInfoLevelId=0x0, lpFindFileData=0x5c9e94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5c9e94) returned 0x5ca698 [0176.617] RtlDosPathNameToRelativeNtPathName_U_WithStatus () returned 0x0 [0176.617] NtOpenFile (in: FileHandle=0x4be5e4, DesiredAccess=0x10000, ObjectAttributes=0x4be5ac*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x4be5d4, ShareAccess=0x4, OpenOptions=0x5040 | out: FileHandle=0x4be5e4*=0xb0, IoStatusBlock=0x4be5d4*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0176.617] RtlReleaseRelativeName () returned 0x4be5c4 [0176.617] RtlFreeAnsiString (AnsiString="\\") [0176.617] NtQueryVolumeInformationFile (in: FileHandle=0xb0, IoStatusBlock=0x4be510, FsInformation=0x4be518, Length=0x8, FsInformationClass=0x4 | out: IoStatusBlock=0x4be510, FsInformation=0x4be518) returned 0x0 [0176.618] CloseHandle (hObject=0xb0) returned 1 [0176.619] FindNextFileW (in: hFindFile=0x5ca698, lpFindFileData=0x5c9e94 | out: lpFindFileData=0x5c9e94) returned 0 [0176.620] GetLastError () returned 0x12 [0176.620] FindClose (in: hFindFile=0x5ca698 | out: hFindFile=0x5ca698) returned 1 [0176.620] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.620] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0176.621] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.621] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0176.621] _get_osfhandle (_FileHandle=0) returned 0x38 [0176.621] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0176.621] SetConsoleInputExeNameW () returned 0x1 [0176.621] GetConsoleOutputCP () returned 0x1b5 [0176.621] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0176.621] SetThreadUILanguage (LangId=0x0) returned 0x409 [0176.622] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\AC4C\\ADA6.bat" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ac4c\\ada6.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x4bf6e4, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0176.622] GetLastError () returned 0x2 [0176.622] _get_osfhandle (_FileHandle=2) returned 0x40 [0176.622] GetFileType (hFile=0x40) returned 0x2 [0176.622] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0176.623] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0x4bf67c | out: lpMode=0x4bf67c) returned 1 [0176.623] _get_osfhandle (_FileHandle=2) returned 0x40 [0176.623] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x40, lpConsoleScreenBufferInfo=0x4bf6cc | out: lpConsoleScreenBufferInfo=0x4bf6cc) returned 1 [0176.623] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x236c, dwLanguageId=0x0, lpBuffer=0x1126940, nSize=0x2000, Arguments=0x0 | out: lpBuffer="The batch file cannot be found.\r\n") returned 0x21 [0176.644] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x236c, dwLanguageId=0x0, lpBuffer=0x1126940, nSize=0x2000, Arguments=0x4bf6fc | out: lpBuffer="The batch file cannot be found.\r\n") returned 0x21 [0176.644] WriteConsoleW (in: hConsoleOutput=0x40, lpBuffer=0x1126940*, nNumberOfCharsToWrite=0x21, lpNumberOfCharsWritten=0x4bf6b0, lpReserved=0x0 | out: lpBuffer=0x1126940*, lpNumberOfCharsWritten=0x4bf6b0*=0x21) returned 1 [0176.649] CmdBatNotificationStub () returned 0x1 [0176.649] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.649] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0176.654] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.654] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0176.660] _get_osfhandle (_FileHandle=0) returned 0x38 [0176.660] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0176.665] SetConsoleInputExeNameW () returned 0x1 [0176.665] GetConsoleOutputCP () returned 0x1b5 [0176.668] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0176.668] SetThreadUILanguage (LangId=0x0) returned 0x409 [0176.681] exit (_Code=1) Thread: id = 19 os_tid = 0x534 Process: id = "3" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x79a3f000" os_pid = "0xaf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x8d4" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 488 start_va = 0x7f23b000 end_va = 0x7f23bfff entry_point = 0x0 region_type = private name = "private_0x000000007f23b000" filename = "" Region: id = 489 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 490 start_va = 0xb28bca0000 end_va = 0xb28bcbffff entry_point = 0x0 region_type = private name = "private_0x000000b28bca0000" filename = "" Region: id = 491 start_va = 0xb28bcc0000 end_va = 0xb28bcd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28bcc0000" filename = "" Region: id = 492 start_va = 0xb28bce0000 end_va = 0xb28bd1ffff entry_point = 0x0 region_type = private name = "private_0x000000b28bce0000" filename = "" Region: id = 493 start_va = 0x7df5ffd50000 end_va = 0x7ff5ffd4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffd50000" filename = "" Region: id = 494 start_va = 0x7ff71e690000 end_va = 0x7ff71e6b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff71e690000" filename = "" Region: id = 495 start_va = 0x7ff71e6bd000 end_va = 0x7ff71e6befff entry_point = 0x0 region_type = private name = "private_0x00007ff71e6bd000" filename = "" Region: id = 496 start_va = 0x7ff71e6bf000 end_va = 0x7ff71e6bffff entry_point = 0x0 region_type = private name = "private_0x00007ff71e6bf000" filename = "" Region: id = 497 start_va = 0x7ff71ef00000 end_va = 0x7ff71ef10fff entry_point = 0x7ff71ef00000 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 498 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 499 start_va = 0xb28be80000 end_va = 0xb28bf7ffff entry_point = 0x0 region_type = private name = "private_0x000000b28be80000" filename = "" Region: id = 500 start_va = 0x7ff8eb870000 end_va = 0x7ff8eba4cfff entry_point = 0x7ff8eb870000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 501 start_va = 0x7ff8ee2d0000 end_va = 0x7ff8ee37cfff entry_point = 0x7ff8ee2d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 502 start_va = 0xb28bca0000 end_va = 0xb28bcaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28bca0000" filename = "" Region: id = 503 start_va = 0xb28bd20000 end_va = 0xb28bdddfff entry_point = 0xb28bd20000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 504 start_va = 0xb28bde0000 end_va = 0xb28be1ffff entry_point = 0x0 region_type = private name = "private_0x000000b28bde0000" filename = "" Region: id = 505 start_va = 0x7ff71e590000 end_va = 0x7ff71e68ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff71e590000" filename = "" Region: id = 506 start_va = 0x7ff71e6bb000 end_va = 0x7ff71e6bcfff entry_point = 0x0 region_type = private name = "private_0x00007ff71e6bb000" filename = "" Region: id = 507 start_va = 0x7ff8ee0b0000 end_va = 0x7ff8ee14cfff entry_point = 0x7ff8ee0b0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 508 start_va = 0xb28bcb0000 end_va = 0xb28bcb6fff entry_point = 0x0 region_type = private name = "private_0x000000b28bcb0000" filename = "" Region: id = 509 start_va = 0xb28be20000 end_va = 0xb28be20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28be20000" filename = "" Region: id = 510 start_va = 0xb28be30000 end_va = 0xb28be36fff entry_point = 0x0 region_type = private name = "private_0x000000b28be30000" filename = "" Region: id = 511 start_va = 0xb28c130000 end_va = 0xb28c13ffff entry_point = 0x0 region_type = private name = "private_0x000000b28c130000" filename = "" Region: id = 512 start_va = 0x7ff8d6490000 end_va = 0x7ff8d64e2fff entry_point = 0x7ff8d6490000 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 513 start_va = 0x7ff8e79b0000 end_va = 0x7ff8e7b32fff entry_point = 0x7ff8e79b0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 514 start_va = 0x7ff8ebb30000 end_va = 0x7ff8ebbedfff entry_point = 0x7ff8ebb30000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 515 start_va = 0x7ff8ebdc0000 end_va = 0x7ff8ebf0dfff entry_point = 0x7ff8ebdc0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 516 start_va = 0x7ff8ec0c0000 end_va = 0x7ff8ec21bfff entry_point = 0x7ff8ec0c0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 517 start_va = 0x7ff8ec240000 end_va = 0x7ff8ec29afff entry_point = 0x7ff8ec240000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 518 start_va = 0x7ff8ec300000 end_va = 0x7ff8ec440fff entry_point = 0x7ff8ec300000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 519 start_va = 0x7ff8ec450000 end_va = 0x7ff8ec575fff entry_point = 0x7ff8ec450000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 520 start_va = 0x7ff8edbc0000 end_va = 0x7ff8edd44fff entry_point = 0x7ff8edbc0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 521 start_va = 0x7ff8edd60000 end_va = 0x7ff8edfdbfff entry_point = 0x7ff8edd60000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 522 start_va = 0x7ff8ee150000 end_va = 0x7ff8ee185fff entry_point = 0x7ff8ee150000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 523 start_va = 0xb28be40000 end_va = 0xb28be40fff entry_point = 0x0 region_type = private name = "private_0x000000b28be40000" filename = "" Region: id = 524 start_va = 0xb28be50000 end_va = 0xb28be50fff entry_point = 0x0 region_type = private name = "private_0x000000b28be50000" filename = "" Region: id = 525 start_va = 0xb28bf80000 end_va = 0xb28c107fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28bf80000" filename = "" Region: id = 526 start_va = 0xb28c140000 end_va = 0xb28c2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28c140000" filename = "" Region: id = 527 start_va = 0xb28c2d0000 end_va = 0xb28d6cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28c2d0000" filename = "" Region: id = 528 start_va = 0xb28d6d0000 end_va = 0xb28d70ffff entry_point = 0x0 region_type = private name = "private_0x000000b28d6d0000" filename = "" Region: id = 529 start_va = 0xb28d870000 end_va = 0xb28d87ffff entry_point = 0x0 region_type = private name = "private_0x000000b28d870000" filename = "" Region: id = 530 start_va = 0x7ff71e6b9000 end_va = 0x7ff71e6bafff entry_point = 0x0 region_type = private name = "private_0x00007ff71e6b9000" filename = "" Region: id = 531 start_va = 0x7ff8eadd0000 end_va = 0x7ff8eae19fff entry_point = 0x7ff8eadd0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 532 start_va = 0x7ff8eae20000 end_va = 0x7ff8eae2efff entry_point = 0x7ff8eae20000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 533 start_va = 0x7ff8eae30000 end_va = 0x7ff8eae42fff entry_point = 0x7ff8eae30000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 534 start_va = 0x7ff8eb180000 end_va = 0x7ff8eb7a7fff entry_point = 0x7ff8eb180000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 535 start_va = 0x7ff8eb7b0000 end_va = 0x7ff8eb862fff entry_point = 0x7ff8eb7b0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 536 start_va = 0x7ff8ec580000 end_va = 0x7ff8edaa4fff entry_point = 0x7ff8ec580000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 537 start_va = 0x7ff8edfe0000 end_va = 0x7ff8ee030fff entry_point = 0x7ff8edfe0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 538 start_va = 0x7ff8ee190000 end_va = 0x7ff8ee235fff entry_point = 0x7ff8ee190000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 539 start_va = 0x7ff8e9680000 end_va = 0x7ff8e9715fff entry_point = 0x7ff8e9680000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 540 start_va = 0xb28bce0000 end_va = 0xb28bd1ffff entry_point = 0x0 region_type = private name = "private_0x000000b28bce0000" filename = "" Region: id = 541 start_va = 0xb28be60000 end_va = 0xb28be63fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28be60000" filename = "" Region: id = 542 start_va = 0xb28d710000 end_va = 0xb28d827fff entry_point = 0x0 region_type = private name = "private_0x000000b28d710000" filename = "" Region: id = 543 start_va = 0xb28d880000 end_va = 0xb28d989fff entry_point = 0x0 region_type = private name = "private_0x000000b28d880000" filename = "" Region: id = 544 start_va = 0xb28da40000 end_va = 0xb28da4ffff entry_point = 0x0 region_type = private name = "private_0x000000b28da40000" filename = "" Region: id = 545 start_va = 0xb28da50000 end_va = 0xb28dd86fff entry_point = 0xb28da50000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 546 start_va = 0xb28dd90000 end_va = 0xb28dfacfff entry_point = 0x0 region_type = private name = "private_0x000000b28dd90000" filename = "" Region: id = 547 start_va = 0xb28dfb0000 end_va = 0xb28e1c6fff entry_point = 0x0 region_type = private name = "private_0x000000b28dfb0000" filename = "" Region: id = 548 start_va = 0xb28e1d0000 end_va = 0xb28e3e4fff entry_point = 0x0 region_type = private name = "private_0x000000b28e1d0000" filename = "" Region: id = 549 start_va = 0xb28e3f0000 end_va = 0xb28e4a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28e3f0000" filename = "" Region: id = 550 start_va = 0x7ff71e6bd000 end_va = 0x7ff71e6befff entry_point = 0x0 region_type = private name = "private_0x00007ff71e6bd000" filename = "" Region: id = 551 start_va = 0x7ff8e8fb0000 end_va = 0x7ff8e8fd1fff entry_point = 0x7ff8e8fb0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 552 start_va = 0x7ff8e8ad0000 end_va = 0x7ff8e8ae2fff entry_point = 0x7ff8e8ad0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 553 start_va = 0x7ff8ea820000 end_va = 0x7ff8ea877fff entry_point = 0x7ff8ea820000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 554 start_va = 0xb28be70000 end_va = 0xb28be76fff entry_point = 0x0 region_type = private name = "private_0x000000b28be70000" filename = "" Region: id = 555 start_va = 0xb28c110000 end_va = 0xb28c114fff entry_point = 0xb28c110000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 556 start_va = 0xb28c120000 end_va = 0xb28c120fff entry_point = 0xb28c120000 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 557 start_va = 0xb28d830000 end_va = 0xb28d831fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000b28d830000" filename = "" Region: id = 558 start_va = 0x7ff8e57b0000 end_va = 0x7ff8e5a23fff entry_point = 0x7ff8e57b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Thread: id = 15 os_tid = 0x738 Thread: id = 16 os_tid = 0x14c Thread: id = 17 os_tid = 0x858 Thread: id = 18 os_tid = 0xa6c Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x301ce000" os_pid = "0x898" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x8d4" cmd_line = "cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 581 start_va = 0xd00000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 582 start_va = 0xd20000 end_va = 0xd21fff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 583 start_va = 0xd30000 end_va = 0xd43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 584 start_va = 0xd50000 end_va = 0xd8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 585 start_va = 0xd90000 end_va = 0xe8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 586 start_va = 0xe90000 end_va = 0xe93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 587 start_va = 0xea0000 end_va = 0xea0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ea0000" filename = "" Region: id = 588 start_va = 0xeb0000 end_va = 0xeb1fff entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 589 start_va = 0x10f0000 end_va = 0x113ffff entry_point = 0x10f0000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 590 start_va = 0x1140000 end_va = 0x513ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001140000" filename = "" Region: id = 591 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 592 start_va = 0x7ed90000 end_va = 0x7edb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed90000" filename = "" Region: id = 593 start_va = 0x7edba000 end_va = 0x7edbcfff entry_point = 0x0 region_type = private name = "private_0x000000007edba000" filename = "" Region: id = 594 start_va = 0x7edbd000 end_va = 0x7edbdfff entry_point = 0x0 region_type = private name = "private_0x000000007edbd000" filename = "" Region: id = 595 start_va = 0x7edbe000 end_va = 0x7edbefff entry_point = 0x0 region_type = private name = "private_0x000000007edbe000" filename = "" Region: id = 596 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 597 start_va = 0x7fff0000 end_va = 0x7df8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 598 start_va = 0x7df8ee380000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df8ee380000" filename = "" Region: id = 599 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 600 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 601 start_va = 0xf10000 end_va = 0xf1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 602 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 603 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 604 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 605 start_va = 0xd00000 end_va = 0xd0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 606 start_va = 0xec0000 end_va = 0xefffff entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 607 start_va = 0xf50000 end_va = 0x104ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 608 start_va = 0x5140000 end_va = 0x51fdfff entry_point = 0x5140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 609 start_va = 0x5200000 end_va = 0x52fffff entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 610 start_va = 0x5490000 end_va = 0x549ffff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 611 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 612 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 613 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 614 start_va = 0x7ec90000 end_va = 0x7ed8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec90000" filename = "" Region: id = 615 start_va = 0x7edb7000 end_va = 0x7edb9fff entry_point = 0x0 region_type = private name = "private_0x000000007edb7000" filename = "" Region: id = 616 start_va = 0xd10000 end_va = 0xd13fff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 617 start_va = 0xd20000 end_va = 0xd23fff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 618 start_va = 0x54a0000 end_va = 0x57d6fff entry_point = 0x54a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 619 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 620 start_va = 0x7e900000 end_va = 0x7ec8ffff entry_point = 0x7e900000 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 20 os_tid = 0x630 [0166.539] GetModuleHandleA (lpModuleName=0x0) returned 0x10f0000 [0166.539] __set_app_type (_Type=0x1) [0166.539] __p__fmode () returned 0x77aa4d6c [0166.539] __p__commode () returned 0x77aa5b1c [0166.539] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x11036e0) returned 0x0 [0166.539] __getmainargs (in: _Argc=0x11150e8, _Argv=0x11150ec, _Env=0x11150f0, _DoWildCard=0, _StartInfo=0x11150fc | out: _Argc=0x11150e8, _Argv=0x11150ec, _Env=0x11150f0) returned 0 [0166.539] GetCurrentThreadId () returned 0x630 [0166.539] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x630) returned 0x84 [0166.540] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0166.540] GetProcAddress (hModule=0x75260000, lpProcName="SetThreadUILanguage") returned 0x752a2780 [0166.540] SetThreadUILanguage (LangId=0x0) returned 0x409 [0166.549] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0166.549] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0xe8fd40 | out: phkResult=0xe8fd40*=0x0) returned 0x2 [0166.549] VirtualQuery (in: lpAddress=0xe8fd47, lpBuffer=0xe8fcf8, dwLength=0x1c | out: lpBuffer=0xe8fcf8*(BaseAddress=0xe8f000, AllocationBase=0xd90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.549] VirtualQuery (in: lpAddress=0xd90000, lpBuffer=0xe8fcf8, dwLength=0x1c | out: lpBuffer=0xe8fcf8*(BaseAddress=0xd90000, AllocationBase=0xd90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0166.549] VirtualQuery (in: lpAddress=0xd91000, lpBuffer=0xe8fcf8, dwLength=0x1c | out: lpBuffer=0xe8fcf8*(BaseAddress=0xd91000, AllocationBase=0xd90000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0166.549] VirtualQuery (in: lpAddress=0xd93000, lpBuffer=0xe8fcf8, dwLength=0x1c | out: lpBuffer=0xe8fcf8*(BaseAddress=0xd93000, AllocationBase=0xd90000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.549] VirtualQuery (in: lpAddress=0xe90000, lpBuffer=0xe8fcf8, dwLength=0x1c | out: lpBuffer=0xe8fcf8*(BaseAddress=0xe90000, AllocationBase=0xe90000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0166.549] GetConsoleOutputCP () returned 0x1b5 [0166.590] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0166.591] SetConsoleCtrlHandler (HandlerRoutine=0x110f980, Add=1) returned 1 [0166.591] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.591] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0166.595] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.596] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0166.600] _get_osfhandle (_FileHandle=1) returned 0x3c [0166.600] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0166.602] _get_osfhandle (_FileHandle=0) returned 0x38 [0166.602] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0166.604] GetEnvironmentStringsW () returned 0xf580b0* [0166.604] FreeEnvironmentStringsA (penv="=") returned 1 [0166.604] GetEnvironmentStringsW () returned 0xf580b0* [0166.605] FreeEnvironmentStringsA (penv="=") returned 1 [0166.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xe8eca4 | out: phkResult=0xe8eca4*=0x94) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x0, lpData=0xe8ecb0*=0x0, lpcbData=0xe8ecac*=0x1000) returned 0x2 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x1, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x0, lpData=0xe8ecb0*=0x1, lpcbData=0xe8ecac*=0x1000) returned 0x2 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x0, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x40, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x40, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x0, lpData=0xe8ecb0*=0x40, lpcbData=0xe8ecac*=0x1000) returned 0x2 [0166.605] RegCloseKey (hKey=0x94) returned 0x0 [0166.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0xe8eca4 | out: phkResult=0xe8eca4*=0x94) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x0, lpData=0xe8ecb0*=0x40, lpcbData=0xe8ecac*=0x1000) returned 0x2 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x1, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x0, lpData=0xe8ecb0*=0x1, lpcbData=0xe8ecac*=0x1000) returned 0x2 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x0, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.605] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x9, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.606] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x4, lpData=0xe8ecb0*=0x9, lpcbData=0xe8ecac*=0x4) returned 0x0 [0166.606] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0xe8eca8, lpData=0xe8ecb0, lpcbData=0xe8ecac*=0x1000 | out: lpType=0xe8eca8*=0x0, lpData=0xe8ecb0*=0x9, lpcbData=0xe8ecac*=0x1000) returned 0x2 [0166.606] RegCloseKey (hKey=0x94) returned 0x0 [0166.606] time (in: timer=0x0 | out: timer=0x0) returned 0x5bdace7f [0166.606] srand (_Seed=0x5bdace7f) [0166.606] GetCommandLineW () returned="cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"" [0166.606] GetCommandLineW () returned="cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"" [0166.606] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.606] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xf580b8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0166.606] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87 [0166.606] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0166.606] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0166.606] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.606] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0166.606] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0166.607] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0166.607] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0166.607] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0166.607] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0166.607] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0166.607] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0166.607] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0166.607] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0xe8fa7c | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.607] GetFullPathNameW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", nBufferLength=0x104, lpBuffer=0xe8fa7c, lpFilePart=0xe8fa74 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFilePart=0xe8fa74*="Desktop") returned 0x1d [0166.607] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0166.607] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0xe8f7f8 | out: lpFindFileData=0xe8f7f8) returned 0xf54380 [0166.607] FindClose (in: hFindFile=0xf54380 | out: hFindFile=0xf54380) returned 1 [0166.607] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps", lpFindFileData=0xe8f7f8 | out: lpFindFileData=0xe8f7f8) returned 0xf54380 [0166.608] FindClose (in: hFindFile=0xf54380 | out: hFindFile=0xf54380) returned 1 [0166.608] _wcsnicmp (_String1="CIIHMN~1", _String2="CIiHmnxMn6Ps", _MaxCount=0xc) returned 6 [0166.608] FindFirstFileW (in: lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpFindFileData=0xe8f7f8 | out: lpFindFileData=0xe8f7f8) returned 0xf54380 [0166.608] FindClose (in: hFindFile=0xf54380 | out: hFindFile=0xf54380) returned 1 [0166.608] GetFileAttributesW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 0x11 [0166.608] SetCurrentDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\Desktop" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop")) returned 1 [0166.608] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 1 [0166.608] GetEnvironmentStringsW () returned 0xf5a120* [0166.608] FreeEnvironmentStringsA (penv="=") returned 1 [0166.608] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1126720 | out: lpBuffer="C:\\Users\\CIiHmnxMn6Ps\\Desktop") returned 0x1d [0166.610] GetConsoleOutputCP () returned 0x1b5 [0166.612] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0166.612] GetUserDefaultLCID () returned 0x409 [0166.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x11224a0, cchData=8 | out: lpLCData=":") returned 2 [0166.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xe8fbac, cchData=128 | out: lpLCData="0") returned 2 [0166.612] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0xe8fbac, cchData=128 | out: lpLCData="0") returned 2 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0xe8fbac, cchData=128 | out: lpLCData="1") returned 2 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x11224b0, cchData=8 | out: lpLCData="/") returned 2 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1122500, cchData=32 | out: lpLCData="Mon") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1122540, cchData=32 | out: lpLCData="Tue") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1122580, cchData=32 | out: lpLCData="Wed") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x11225c0, cchData=32 | out: lpLCData="Thu") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1122600, cchData=32 | out: lpLCData="Fri") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1122640, cchData=32 | out: lpLCData="Sat") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1122680, cchData=32 | out: lpLCData="Sun") returned 4 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x11224c0, cchData=8 | out: lpLCData=".") returned 2 [0166.613] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x11224e0, cchData=8 | out: lpLCData=",") returned 2 [0166.613] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0166.615] GetConsoleTitleW (in: lpConsoleTitle=0xf58d98, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.616] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0166.616] GetProcAddress (hModule=0x75260000, lpProcName="CopyFileExW") returned 0x7527fa80 [0166.616] GetProcAddress (hModule=0x75260000, lpProcName="IsDebuggerPresent") returned 0x7527a790 [0166.616] GetProcAddress (hModule=0x75260000, lpProcName="SetConsoleInputExeNameW") returned 0x74f835c0 [0166.618] _wcsicmp (_String1="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"", _String2=")") returned -7 [0166.618] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"") returned 68 [0166.618] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"") returned 68 [0166.618] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"") returned 71 [0166.618] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"") returned 71 [0166.618] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"") returned 80 [0166.618] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"") returned 80 [0166.620] GetConsoleTitleW (in: lpConsoleTitle=0xe8f898, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.620] GetFileAttributesW (lpFileName="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\"" (normalized: "c:\\users\\ciihmnxmn6ps\\desktop\\\"c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe\"")) returned 0xffffffff [0166.620] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0166.620] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0166.620] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0166.621] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0166.621] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0166.621] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0166.621] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0166.621] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0166.621] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0166.621] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0166.621] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0166.621] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0166.621] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0166.621] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0166.621] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0166.621] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0166.621] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0166.621] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0166.621] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0166.621] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0166.621] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0166.621] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0166.621] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0166.621] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0166.621] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0166.621] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0166.621] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0166.621] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0166.621] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0166.621] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0166.621] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0166.621] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0166.621] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0166.621] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0166.621] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0166.622] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0166.622] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0166.622] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0166.622] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0166.622] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0166.622] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0166.622] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0166.622] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0166.622] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0166.622] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0166.622] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0166.622] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0166.622] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0166.622] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0166.622] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0166.622] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0166.622] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0166.622] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0166.622] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0166.622] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0166.622] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0166.622] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0166.622] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0166.622] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0166.622] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0166.622] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0166.622] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0166.622] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0166.622] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0166.622] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0166.622] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0166.622] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0166.623] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0166.623] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0166.623] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0166.623] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0166.623] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0166.623] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0166.623] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0166.623] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0166.623] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0166.623] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0166.623] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0166.623] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0166.623] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0166.623] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0166.623] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0166.623] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0166.623] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0166.623] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0166.623] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0166.623] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0166.624] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0166.624] SetErrorMode (uMode=0x0) returned 0x0 [0166.624] SetErrorMode (uMode=0x1) returned 0x0 [0166.624] GetFullPathNameW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\.", nBufferLength=0x208, lpBuffer=0xf66160, lpFilePart=0xe8f3a4 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw", lpFilePart=0xe8f3a4*="adsldraw") returned 0x2a [0166.624] SetErrorMode (uMode=0x0) returned 0x1 [0166.624] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\.") returned 1 [0166.625] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x111e4a0, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0166.629] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0166.629] FindFirstFileExW (in: lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", fInfoLevelId=0x1, lpFindFileData=0xe8f150, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0xe8f150) returned 0xf59550 [0166.629] FindClose (in: hFindFile=0xf59550 | out: hFindFile=0xf59550) returned 1 [0166.629] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0166.629] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0166.629] GetConsoleTitleW (in: lpConsoleTitle=0xe8f624, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0166.632] InitializeProcThreadAttributeList (in: lpAttributeList=0xe8f550, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0xe8f534 | out: lpAttributeList=0xe8f550, lpSize=0xe8f534) returned 1 [0166.632] UpdateProcThreadAttribute (in: lpAttributeList=0xe8f550, dwFlags=0x0, Attribute=0x60001, lpValue=0xe8f53c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0xe8f550, lpPreviousValue=0x0) returned 1 [0166.632] GetStartupInfoW (in: lpStartupInfo=0xe8f588 | out: lpStartupInfo=0xe8f588*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="cmd /C \"\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0166.632] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0166.632] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0166.632] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0166.633] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0166.634] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0166.634] lstrcmpW (lpString1="\\autoclb.exe", lpString2="\\XCOPY.EXE") returned -1 [0166.635] CreateProcessW (in: lpApplicationName="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpCommandLine="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpStartupInfo=0xe8f4d8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xe8f524 | out: lpCommandLine="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", lpProcessInformation=0xe8f524*(hProcess=0xa8, hThread=0xa4, dwProcessId=0xbec, dwThreadId=0x278)) returned 1 [0166.690] CloseHandle (hObject=0xa4) returned 1 [0166.690] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0166.690] GetEnvironmentStringsW () returned 0xf582c8* [0166.690] FreeEnvironmentStringsA (penv="=") returned 1 [0166.690] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0176.388] GetExitCodeProcess (in: hProcess=0xa8, lpExitCode=0xe8f4bc | out: lpExitCode=0xe8f4bc*=0x0) returned 1 [0176.388] CloseHandle (hObject=0xa8) returned 1 [0176.388] _vsnwprintf (in: _Buffer=0xe8f5a4, _BufferCount=0x13, _Format="%08X", _ArgList=0xe8f4c4 | out: _Buffer="00000000") returned 8 [0176.388] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0176.388] GetEnvironmentStringsW () returned 0xf67728* [0176.388] FreeEnvironmentStringsA (penv="=") returned 1 [0176.388] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0176.388] GetEnvironmentStringsW () returned 0xf67728* [0176.388] FreeEnvironmentStringsA (penv="=") returned 1 [0176.388] DeleteProcThreadAttributeList (in: lpAttributeList=0xe8f550 | out: lpAttributeList=0xe8f550) [0176.388] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.388] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x3) returned 1 [0176.522] _get_osfhandle (_FileHandle=1) returned 0x3c [0176.522] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x111e40c | out: lpMode=0x111e40c) returned 1 [0176.522] _get_osfhandle (_FileHandle=0) returned 0x38 [0176.522] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x111e408 | out: lpMode=0x111e408) returned 1 [0176.523] SetConsoleInputExeNameW () returned 0x1 [0176.523] GetConsoleOutputCP () returned 0x1b5 [0176.523] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x111e460 | out: lpCPInfo=0x111e460) returned 1 [0176.523] SetThreadUILanguage (LangId=0x0) returned 0x409 [0176.523] exit (_Code=0) Thread: id = 21 os_tid = 0xa3c Process: id = "5" image_name = "autoclb.exe" filename = "c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe" page_root = "0x2dc2d000" os_pid = "0xbec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x898" cmd_line = "\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 621 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 622 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 623 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 624 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 625 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 626 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 627 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 628 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 629 start_va = 0x400000 end_va = 0x51efff entry_point = 0x400000 region_type = mapped_file name = "autoclb.exe" filename = "\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe") Region: id = 630 start_va = 0x77ca0000 end_va = 0x77e18fff entry_point = 0x77ca0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 631 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 632 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 633 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 634 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 635 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 636 start_va = 0x7fff0000 end_va = 0x7ff8ee37ffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 637 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 638 start_va = 0x7ff8ee542000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007ff8ee542000" filename = "" Region: id = 639 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 640 start_va = 0x64af0000 end_va = 0x64b62fff entry_point = 0x64af0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 641 start_va = 0x64b70000 end_va = 0x64bbefff entry_point = 0x64b70000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 642 start_va = 0x64ae0000 end_va = 0x64ae7fff entry_point = 0x64ae0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 643 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 644 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 645 start_va = 0x1d0000 end_va = 0x28dfff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 646 start_va = 0x6b0000 end_va = 0x7affff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 647 start_va = 0x74ca0000 end_va = 0x74d30fff entry_point = 0x74ca0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 648 start_va = 0x74e70000 end_va = 0x74fe5fff entry_point = 0x74e70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 649 start_va = 0x75260000 end_va = 0x7534ffff entry_point = 0x75260000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 650 start_va = 0x7fb20000 end_va = 0x7feaffff entry_point = 0x7fb20000 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 651 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 652 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 653 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 654 start_va = 0x2b0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 655 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 656 start_va = 0x520000 end_va = 0x6a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 657 start_va = 0x7b0000 end_va = 0x930fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 658 start_va = 0x9a0000 end_va = 0x9affff entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 659 start_va = 0x9b0000 end_va = 0x1daffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 660 start_va = 0x73f60000 end_va = 0x73f97fff entry_point = 0x73f60000 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\SysWOW64\\adsldpc.dll" (normalized: "c:\\windows\\syswow64\\adsldpc.dll") Region: id = 661 start_va = 0x73fa0000 end_va = 0x73fc0fff entry_point = 0x73fa0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 662 start_va = 0x73fd0000 end_va = 0x73fd6fff entry_point = 0x73fd0000 region_type = mapped_file name = "dciman32.dll" filename = "\\Windows\\SysWOW64\\dciman32.dll" (normalized: "c:\\windows\\syswow64\\dciman32.dll") Region: id = 663 start_va = 0x73fe0000 end_va = 0x742a0fff entry_point = 0x73fe0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 664 start_va = 0x742b0000 end_va = 0x742d2fff entry_point = 0x742b0000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 665 start_va = 0x742e0000 end_va = 0x743cafff entry_point = 0x742e0000 region_type = mapped_file name = "ddraw.dll" filename = "\\Windows\\SysWOW64\\ddraw.dll" (normalized: "c:\\windows\\syswow64\\ddraw.dll") Region: id = 666 start_va = 0x743d0000 end_va = 0x743d7fff entry_point = 0x743d0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 667 start_va = 0x743e0000 end_va = 0x7453ffff entry_point = 0x743e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 668 start_va = 0x74540000 end_va = 0x746aafff entry_point = 0x74540000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\\gdiplus.dll") Region: id = 669 start_va = 0x746b0000 end_va = 0x746f2fff entry_point = 0x746b0000 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 670 start_va = 0x74700000 end_va = 0x7473afff entry_point = 0x74700000 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\SysWOW64\\activeds.dll" (normalized: "c:\\windows\\syswow64\\activeds.dll") Region: id = 671 start_va = 0x74740000 end_va = 0x74763fff entry_point = 0x74740000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 672 start_va = 0x74770000 end_va = 0x74993fff entry_point = 0x74770000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 673 start_va = 0x749a0000 end_va = 0x749c4fff entry_point = 0x749a0000 region_type = mapped_file name = "glu32.dll" filename = "\\Windows\\SysWOW64\\glu32.dll" (normalized: "c:\\windows\\syswow64\\glu32.dll") Region: id = 674 start_va = 0x749d0000 end_va = 0x74aaffff entry_point = 0x749d0000 region_type = mapped_file name = "opengl32.dll" filename = "\\Windows\\SysWOW64\\opengl32.dll" (normalized: "c:\\windows\\syswow64\\opengl32.dll") Region: id = 675 start_va = 0x74ab0000 end_va = 0x74b48fff entry_point = 0x74ab0000 region_type = mapped_file name = "odbc32.dll" filename = "\\Windows\\SysWOW64\\odbc32.dll" (normalized: "c:\\windows\\syswow64\\odbc32.dll") Region: id = 676 start_va = 0x74b50000 end_va = 0x74be1fff entry_point = 0x74b50000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 677 start_va = 0x74d40000 end_va = 0x74d98fff entry_point = 0x74d40000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 678 start_va = 0x74da0000 end_va = 0x74da9fff entry_point = 0x74da0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 679 start_va = 0x74db0000 end_va = 0x74dcdfff entry_point = 0x74db0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 680 start_va = 0x75160000 end_va = 0x7521dfff entry_point = 0x75160000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 681 start_va = 0x75220000 end_va = 0x75255fff entry_point = 0x75220000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 682 start_va = 0x75350000 end_va = 0x753a2fff entry_point = 0x75350000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 683 start_va = 0x753b0000 end_va = 0x753f3fff entry_point = 0x753b0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 684 start_va = 0x75400000 end_va = 0x7542afff entry_point = 0x75400000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 685 start_va = 0x75430000 end_va = 0x767eefff entry_point = 0x75430000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 686 start_va = 0x76810000 end_va = 0x7681efff entry_point = 0x76810000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 687 start_va = 0x768b0000 end_va = 0x76999fff entry_point = 0x768b0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 688 start_va = 0x76a10000 end_va = 0x76a8afff entry_point = 0x76a10000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 689 start_va = 0x76c40000 end_va = 0x76c82fff entry_point = 0x76c40000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 690 start_va = 0x76c90000 end_va = 0x76d21fff entry_point = 0x76c90000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 691 start_va = 0x76d90000 end_va = 0x76e3bfff entry_point = 0x76d90000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 692 start_va = 0x76e40000 end_va = 0x76ff9fff entry_point = 0x76e40000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 693 start_va = 0x77000000 end_va = 0x7714cfff entry_point = 0x77000000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 694 start_va = 0x77150000 end_va = 0x7728ffff entry_point = 0x77150000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 695 start_va = 0x77290000 end_va = 0x772d3fff entry_point = 0x77290000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 696 start_va = 0x77340000 end_va = 0x773ccfff entry_point = 0x77340000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 697 start_va = 0x773f0000 end_va = 0x778ccfff entry_point = 0x773f0000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 698 start_va = 0x778d0000 end_va = 0x779effff entry_point = 0x778d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 699 start_va = 0x779f0000 end_va = 0x77aadfff entry_point = 0x779f0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 700 start_va = 0x77c30000 end_va = 0x77c3bfff entry_point = 0x77c30000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 701 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 702 start_va = 0x3f0000 end_va = 0x3f3fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 703 start_va = 0x1e10000 end_va = 0x1e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 704 start_va = 0x1e20000 end_va = 0x2156fff entry_point = 0x1e20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 705 start_va = 0x2160000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 706 start_va = 0x7fe50000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 707 start_va = 0x2260000 end_va = 0x265ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002260000" filename = "" Region: id = 708 start_va = 0x74c20000 end_va = 0x74c94fff entry_point = 0x74c20000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 709 start_va = 0x2160000 end_va = 0x222ffff entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 710 start_va = 0x2250000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 711 start_va = 0x940000 end_va = 0x940fff entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 712 start_va = 0x950000 end_va = 0x950fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 713 start_va = 0x2160000 end_va = 0x2217fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002160000" filename = "" Region: id = 714 start_va = 0x2220000 end_va = 0x222ffff entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 715 start_va = 0x950000 end_va = 0x953fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 716 start_va = 0x74c00000 end_va = 0x74c1cfff entry_point = 0x74c00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 717 start_va = 0x960000 end_va = 0x964fff entry_point = 0x960000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 718 start_va = 0x2660000 end_va = 0x26dffff entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 719 start_va = 0x970000 end_va = 0x973fff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 720 start_va = 0x980000 end_va = 0x980fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 721 start_va = 0x26e0000 end_va = 0x275ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026e0000" filename = "" Region: id = 722 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 723 start_va = 0x2760000 end_va = 0x285ffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 724 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 725 start_va = 0x60000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 726 start_va = 0x2860000 end_va = 0x296ffff entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 727 start_va = 0x160000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 728 start_va = 0x2860000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 729 start_va = 0x2960000 end_va = 0x296ffff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 730 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 731 start_va = 0x73d70000 end_va = 0x73f5ffff entry_point = 0x73d70000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 732 start_va = 0x2970000 end_va = 0x29e5fff entry_point = 0x2970000 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 733 start_va = 0x29f0000 end_va = 0x2aeffff entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 734 start_va = 0x2af0000 end_va = 0x3aeffff entry_point = 0x2af0000 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 735 start_va = 0x980000 end_va = 0x983fff entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 736 start_va = 0x3af0000 end_va = 0x3beffff entry_point = 0x0 region_type = private name = "private_0x0000000003af0000" filename = "" Region: id = 737 start_va = 0x990000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 738 start_va = 0x3bf0000 end_va = 0x3ceffff entry_point = 0x0 region_type = private name = "private_0x0000000003bf0000" filename = "" Region: id = 739 start_va = 0x1df0000 end_va = 0x1e03fff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 740 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 741 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 742 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 743 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 744 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 745 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 746 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 747 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 748 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 749 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 750 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 751 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 752 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 753 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 754 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 755 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 756 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 757 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 758 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 759 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 760 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 761 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 762 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 763 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 764 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 765 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 766 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 767 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 768 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 769 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 770 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 771 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 772 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 773 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 774 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 775 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 776 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 777 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 778 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 779 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 780 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 781 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 782 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 783 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 784 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 785 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 786 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 787 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 788 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 789 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 790 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 791 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 792 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 793 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 794 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 795 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 796 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 797 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 798 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 799 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 800 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 801 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 802 start_va = 0x990000 end_va = 0x998fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 803 start_va = 0x3cf0000 end_va = 0x4d2ffff entry_point = 0x3cf0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 804 start_va = 0x990000 end_va = 0x990fff entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 805 start_va = 0x4d30000 end_va = 0x5221fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004d30000" filename = "" Region: id = 806 start_va = 0x1df0000 end_va = 0x1df0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001df0000" filename = "" Region: id = 807 start_va = 0x76820000 end_va = 0x768a1fff entry_point = 0x76820000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 808 start_va = 0x1e00000 end_va = 0x1e00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e00000" filename = "" Region: id = 809 start_va = 0x73cc0000 end_va = 0x73d66fff entry_point = 0x73cc0000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 810 start_va = 0x73d50000 end_va = 0x73d62fff entry_point = 0x73d50000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 811 start_va = 0x73d30000 end_va = 0x73d4afff entry_point = 0x73d30000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 812 start_va = 0x73d00000 end_va = 0x73d2efff entry_point = 0x73d00000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 813 start_va = 0x73ce0000 end_va = 0x73cf8fff entry_point = 0x73ce0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 814 start_va = 0x1df0000 end_va = 0x1df0fff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 815 start_va = 0x2230000 end_va = 0x2236fff entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 816 start_va = 0x73c80000 end_va = 0x73cd3fff entry_point = 0x73c80000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\SysWOW64\\MMDevAPI.dll" (normalized: "c:\\windows\\syswow64\\mmdevapi.dll") Region: id = 817 start_va = 0x73b30000 end_va = 0x73c71fff entry_point = 0x73b30000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 818 start_va = 0x73af0000 end_va = 0x73b27fff entry_point = 0x73af0000 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\SysWOW64\\wdmaud.drv" (normalized: "c:\\windows\\syswow64\\wdmaud.drv") Region: id = 819 start_va = 0x73ad0000 end_va = 0x73ad8fff entry_point = 0x73ad0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\SysWOW64\\avrt.dll" (normalized: "c:\\windows\\syswow64\\avrt.dll") Region: id = 820 start_va = 0x73ae0000 end_va = 0x73ae6fff entry_point = 0x73ae0000 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\SysWOW64\\ksuser.dll" (normalized: "c:\\windows\\syswow64\\ksuser.dll") Region: id = 821 start_va = 0x2240000 end_va = 0x2240fff entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 822 start_va = 0x26e0000 end_va = 0x26e0fff entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 823 start_va = 0x26f0000 end_va = 0x26f0fff entry_point = 0x26f0000 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\SysWOW64\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wdmaud.drv.mui") Region: id = 824 start_va = 0x2700000 end_va = 0x2717fff entry_point = 0x2700000 region_type = mapped_file name = "hdaudio.pnf" filename = "\\Windows\\INF\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf") Region: id = 825 start_va = 0x2700000 end_va = 0x2700fff entry_point = 0x2700000 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mmdevapi.dll.mui") Region: id = 826 start_va = 0x73a60000 end_va = 0x73ac7fff entry_point = 0x73a60000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\SysWOW64\\AudioSes.dll" (normalized: "c:\\windows\\syswow64\\audioses.dll") Region: id = 827 start_va = 0x73990000 end_va = 0x73a54fff entry_point = 0x73990000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 828 start_va = 0x2710000 end_va = 0x2727fff entry_point = 0x2710000 region_type = mapped_file name = "hdaudio.pnf" filename = "\\Windows\\INF\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf") Region: id = 829 start_va = 0x73980000 end_va = 0x73988fff entry_point = 0x73980000 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\SysWOW64\\msacm32.drv" (normalized: "c:\\windows\\syswow64\\msacm32.drv") Region: id = 830 start_va = 0x73960000 end_va = 0x73977fff entry_point = 0x73960000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\SysWOW64\\msacm32.dll" (normalized: "c:\\windows\\syswow64\\msacm32.dll") Region: id = 831 start_va = 0x73950000 end_va = 0x73957fff entry_point = 0x73950000 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\SysWOW64\\midimap.dll" (normalized: "c:\\windows\\syswow64\\midimap.dll") Region: id = 832 start_va = 0x2710000 end_va = 0x274ffff entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 833 start_va = 0x2750000 end_va = 0x2751fff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 834 start_va = 0x5230000 end_va = 0x532ffff entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 835 start_va = 0x5330000 end_va = 0x5339fff entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 836 start_va = 0x5340000 end_va = 0x5341fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005340000" filename = "" Region: id = 837 start_va = 0x5350000 end_va = 0x5351fff entry_point = 0x0 region_type = private name = "private_0x0000000005350000" filename = "" Region: id = 838 start_va = 0x7fe4d000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe4d000" filename = "" Region: id = 839 start_va = 0x5360000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 840 start_va = 0x53a0000 end_va = 0x549ffff entry_point = 0x0 region_type = private name = "private_0x00000000053a0000" filename = "" Region: id = 841 start_va = 0x54a0000 end_va = 0x54a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054a0000" filename = "" Region: id = 842 start_va = 0x7fe4a000 end_va = 0x7fe4cfff entry_point = 0x0 region_type = private name = "private_0x000000007fe4a000" filename = "" Region: id = 843 start_va = 0x54b0000 end_va = 0x54b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054b0000" filename = "" Region: id = 844 start_va = 0x54c0000 end_va = 0x54c1fff entry_point = 0x0 region_type = private name = "private_0x00000000054c0000" filename = "" Region: id = 845 start_va = 0x73910000 end_va = 0x7394afff entry_point = 0x73910000 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\SysWOW64\\adsldp.dll" (normalized: "c:\\windows\\syswow64\\adsldp.dll") Region: id = 846 start_va = 0x73890000 end_va = 0x7390ffff entry_point = 0x73890000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 847 start_va = 0x54d0000 end_va = 0x54ebfff entry_point = 0x54d0000 region_type = mapped_file name = "activeds.tlb" filename = "\\Windows\\SysWOW64\\activeds.tlb" (normalized: "c:\\windows\\syswow64\\activeds.tlb") Region: id = 848 start_va = 0x73880000 end_va = 0x73889fff entry_point = 0x73880000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 849 start_va = 0x54f0000 end_va = 0x54f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054f0000" filename = "" Region: id = 850 start_va = 0x5500000 end_va = 0x5501fff entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 851 start_va = 0x5510000 end_va = 0x5511fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005510000" filename = "" Region: id = 852 start_va = 0x5520000 end_va = 0x5521fff entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 853 start_va = 0x5530000 end_va = 0x55e0fff entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 854 start_va = 0x55f0000 end_va = 0x55f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055f0000" filename = "" Region: id = 855 start_va = 0x5600000 end_va = 0x5601fff entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 856 start_va = 0x5610000 end_va = 0x5611fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005610000" filename = "" Region: id = 857 start_va = 0x5620000 end_va = 0x5621fff entry_point = 0x0 region_type = private name = "private_0x0000000005620000" filename = "" Region: id = 858 start_va = 0x5630000 end_va = 0x5631fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005630000" filename = "" Region: id = 859 start_va = 0x5640000 end_va = 0x5641fff entry_point = 0x0 region_type = private name = "private_0x0000000005640000" filename = "" Region: id = 860 start_va = 0x5650000 end_va = 0x56fefff entry_point = 0x0 region_type = private name = "private_0x0000000005650000" filename = "" Region: id = 861 start_va = 0x5700000 end_va = 0x5702fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005700000" filename = "" Region: id = 862 start_va = 0x5710000 end_va = 0x5711fff entry_point = 0x0 region_type = private name = "private_0x0000000005710000" filename = "" Region: id = 863 start_va = 0x5720000 end_va = 0x5721fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005720000" filename = "" Region: id = 864 start_va = 0x5730000 end_va = 0x5731fff entry_point = 0x0 region_type = private name = "private_0x0000000005730000" filename = "" Region: id = 865 start_va = 0x5740000 end_va = 0x57f6fff entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 866 start_va = 0x5800000 end_va = 0x5802fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005800000" filename = "" Region: id = 867 start_va = 0x5810000 end_va = 0x5811fff entry_point = 0x0 region_type = private name = "private_0x0000000005810000" filename = "" Region: id = 868 start_va = 0x5820000 end_va = 0x58dbfff entry_point = 0x0 region_type = private name = "private_0x0000000005820000" filename = "" Region: id = 869 start_va = 0x58e0000 end_va = 0x58e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000058e0000" filename = "" Region: id = 870 start_va = 0x58f0000 end_va = 0x58f1fff entry_point = 0x0 region_type = private name = "private_0x00000000058f0000" filename = "" Region: id = 871 start_va = 0x5900000 end_va = 0x5903fff entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 872 start_va = 0x5910000 end_va = 0x5948fff entry_point = 0x5910000 region_type = mapped_file name = "odbcint.dll" filename = "\\Windows\\SysWOW64\\odbcint.dll" (normalized: "c:\\windows\\syswow64\\odbcint.dll") Region: id = 873 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 874 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 875 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 876 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 877 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 878 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 879 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 880 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 881 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 882 start_va = 0x5910000 end_va = 0x5910fff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 883 start_va = 0x5910000 end_va = 0x5a0ffff entry_point = 0x0 region_type = private name = "private_0x0000000005910000" filename = "" Region: id = 884 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 885 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 886 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 887 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 888 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 889 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 890 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 891 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 892 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 893 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 894 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 895 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 896 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 897 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 898 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 899 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 900 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 901 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 902 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 903 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 904 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 905 start_va = 0x5a20000 end_va = 0x5c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a20000" filename = "" Region: id = 906 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 907 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 908 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 909 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 910 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 911 start_va = 0x5a10000 end_va = 0x5a10fff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 912 start_va = 0x76a90000 end_va = 0x76c34fff entry_point = 0x76a90000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 913 start_va = 0x5c20000 end_va = 0x5c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 914 start_va = 0x5c60000 end_va = 0x5d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005c60000" filename = "" Region: id = 915 start_va = 0x5d60000 end_va = 0x626ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d60000" filename = "" Region: id = 916 start_va = 0x7fe47000 end_va = 0x7fe49fff entry_point = 0x0 region_type = private name = "private_0x000000007fe47000" filename = "" Region: id = 917 start_va = 0x76d40000 end_va = 0x76d81fff entry_point = 0x76d40000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 918 start_va = 0x76d30000 end_va = 0x76d3dfff entry_point = 0x76d30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 919 start_va = 0x77ab0000 end_va = 0x77c24fff entry_point = 0x77ab0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 934 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 935 start_va = 0x6270000 end_va = 0x6431fff entry_point = 0x0 region_type = private name = "private_0x0000000006270000" filename = "" Region: id = 936 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 937 start_va = 0x6270000 end_va = 0x6431fff entry_point = 0x0 region_type = private name = "private_0x0000000006270000" filename = "" Region: id = 938 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 939 start_va = 0x6270000 end_va = 0x6431fff entry_point = 0x0 region_type = private name = "private_0x0000000006270000" filename = "" Region: id = 940 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 941 start_va = 0x6270000 end_va = 0x6431fff entry_point = 0x0 region_type = private name = "private_0x0000000006270000" filename = "" Region: id = 946 start_va = 0x6270000 end_va = 0x63a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006270000" filename = "" Region: id = 955 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 956 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 957 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 958 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 959 start_va = 0x1db0000 end_va = 0x1db0fff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 960 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Thread: id = 22 os_tid = 0x278 [0166.916] GetStartupInfoW (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0166.916] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0166.918] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0166.918] GetProcAddress (hModule=0x75260000, lpProcName="FlsAlloc") returned 0x7527a330 [0166.918] GetProcAddress (hModule=0x75260000, lpProcName="FlsGetValue") returned 0x75277580 [0166.918] GetProcAddress (hModule=0x75260000, lpProcName="FlsSetValue") returned 0x75279910 [0166.918] GetProcAddress (hModule=0x75260000, lpProcName="FlsFree") returned 0x7527f400 [0166.920] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0166.920] GetCurrentThreadId () returned 0x278 [0166.920] GetStartupInfoW (in: lpStartupInfo=0x19fea0 | out: lpStartupInfo=0x19fea0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x22505c8, hStdOutput=0x42ba64, hStdError=0x0)) [0166.921] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0166.921] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0166.921] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0166.921] SetHandleCount (uNumber=0x20) returned 0x20 [0166.921] GetCommandLineA () returned="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"" [0166.921] GetEnvironmentStringsW () returned 0x6d2cb0* [0166.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Users\\CIiHmnxMn6Ps\\Desktop", cchWideChar=1377, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1377 [0166.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Users\\CIiHmnxMn6Ps\\Desktop", cchWideChar=1377, lpMultiByteStr=0x2251038, cbMultiByte=1377, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=C:=C:\\Users\\CIiHmnxMn6Ps\\Desktop", lpUsedDefaultChar=0x0) returned 1377 [0166.921] FreeEnvironmentStringsW (penv=0x6d2cb0) returned 1 [0166.921] GetLastError () returned 0xcb [0166.921] SetLastError (dwErrCode=0xcb) [0166.921] GetLastError () returned 0xcb [0166.921] SetLastError (dwErrCode=0xcb) [0166.921] GetLastError () returned 0xcb [0166.921] SetLastError (dwErrCode=0xcb) [0166.921] GetACP () returned 0x4e4 [0166.921] GetLastError () returned 0xcb [0166.921] SetLastError (dwErrCode=0xcb) [0166.921] IsValidCodePage (CodePage=0x4e4) returned 1 [0166.922] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe50 | out: lpCPInfo=0x19fe50) returned 1 [0166.922] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f914 | out: lpCPInfo=0x19f914) returned 1 [0166.922] GetLastError () returned 0xcb [0166.922] SetLastError (dwErrCode=0xcb) [0166.922] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.922] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x2251820, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0166.922] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpCharType=0x19fc34 | out: lpCharType=0x19fc34) returned 1 [0166.922] GetLastError () returned 0xcb [0166.922] SetLastError (dwErrCode=0xcb) [0166.922] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.922] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x2251820, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0166.922] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0166.923] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2251a58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0166.923] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fb34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0166.923] GetLastError () returned 0xcb [0166.923] SetLastError (dwErrCode=0xcb) [0166.923] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.923] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x2251820, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0166.923] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0166.923] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2251a58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽") returned 256 [0166.923] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fa34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x48\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x68\x02\x28\x02\x28\x02\x28\x02\x28\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x48\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02\x20\x02", lpUsedDefaultChar=0x0) returned 256 [0166.923] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x463700, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x36 [0166.923] GetLastError () returned 0x0 [0166.923] SetLastError (dwErrCode=0x0) [0166.923] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.924] SetLastError (dwErrCode=0x0) [0166.924] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.925] SetLastError (dwErrCode=0x0) [0166.925] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.926] SetLastError (dwErrCode=0x0) [0166.926] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.927] SetLastError (dwErrCode=0x0) [0166.927] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.928] SetLastError (dwErrCode=0x0) [0166.928] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.929] GetLastError () returned 0x0 [0166.929] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.930] SetLastError (dwErrCode=0x0) [0166.930] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.931] GetLastError () returned 0x0 [0166.931] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.932] SetLastError (dwErrCode=0x0) [0166.932] GetLastError () returned 0x0 [0166.933] SetLastError (dwErrCode=0x0) [0166.933] GetLastError () returned 0x0 [0166.933] SetLastError (dwErrCode=0x0) [0166.933] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.949] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0166.949] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0166.949] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x435a30) returned 0x0 [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetCurrentProcessId () returned 0xbec [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetCurrentThread () returned 0xfffffffe [0166.952] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x6, OpenAsSelf=1, TokenHandle=0x19fd78 | out: TokenHandle=0x19fd78*=0x0) returned 0 [0166.952] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400000, lpName="AtlDebugAllocator_FileMappingNameStatic_100_bec") returned 0x1e4 [0166.952] GetLastError () returned 0x0 [0166.952] MapViewOfFile (hFileMappingObject=0x1e4, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2260000 [0166.952] GetSystemInfo (in: lpSystemInfo=0x19fd50 | out: lpSystemInfo=0x19fd50*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0166.952] VirtualAlloc (lpAddress=0x2260000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2260000 [0166.952] GetCurrentProcessId () returned 0xbec [0166.953] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fafc, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x36 [0166.953] VirtualAlloc (lpAddress=0x2261000, dwSize=0x2990, flAllocationType=0x1000, flProtect=0x4) returned 0x2261000 [0166.953] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19fc48, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x36 [0166.953] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.954] lstrlenA (lpString="atlTraceGeneral") returned 15 [0166.954] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bb90, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceGeneral") returned 16 [0166.954] VirtualAlloc (lpAddress=0x265fa10, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x265f000 [0166.955] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.955] lstrlenA (lpString="atlTraceCOM") returned 11 [0166.955] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bba0, cbMultiByte=12, lpWideCharStr=0x19fd88, cchWideChar=12 | out: lpWideCharStr="atlTraceCOM") returned 12 [0166.955] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.955] lstrlenA (lpString="atlTraceQI") returned 10 [0166.955] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbac, cbMultiByte=11, lpWideCharStr=0x19fd88, cchWideChar=11 | out: lpWideCharStr="atlTraceQI") returned 11 [0166.955] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.955] lstrlenA (lpString="atlTraceRegistrar") returned 17 [0166.955] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbb8, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceRegistrar") returned 18 [0166.955] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.955] lstrlenA (lpString="atlTraceRefcount") returned 16 [0166.955] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbcc, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceRefcount") returned 17 [0166.956] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.956] lstrlenA (lpString="atlTraceWindowing") returned 17 [0166.956] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbe0, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceWindowing") returned 18 [0166.956] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.956] lstrlenA (lpString="atlTraceControls") returned 16 [0166.956] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbf4, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceControls") returned 17 [0166.956] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.956] lstrlenA (lpString="atlTraceHosting") returned 15 [0166.956] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc08, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceHosting") returned 16 [0166.956] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.956] lstrlenA (lpString="atlTraceDBClient") returned 16 [0166.956] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc18, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceDBClient") returned 17 [0166.956] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.956] lstrlenA (lpString="atlTraceDBProvider") returned 18 [0166.957] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc2c, cbMultiByte=19, lpWideCharStr=0x19fd88, cchWideChar=19 | out: lpWideCharStr="atlTraceDBProvider") returned 19 [0166.957] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.957] lstrlenA (lpString="atlTraceSnapin") returned 14 [0166.957] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc40, cbMultiByte=15, lpWideCharStr=0x19fd88, cchWideChar=15 | out: lpWideCharStr="atlTraceSnapin") returned 15 [0166.957] VirtualAlloc (lpAddress=0x265f420, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x265f000 [0166.957] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.957] lstrlenA (lpString="atlTraceNotImpl") returned 15 [0166.957] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc50, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceNotImpl") returned 16 [0166.957] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.958] lstrlenA (lpString="atlTraceAllocation") returned 18 [0166.958] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc60, cbMultiByte=19, lpWideCharStr=0x19fd88, cchWideChar=19 | out: lpWideCharStr="atlTraceAllocation") returned 19 [0166.958] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.958] lstrlenA (lpString="atlTraceException") returned 17 [0166.958] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc74, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceException") returned 18 [0166.958] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.958] lstrlenA (lpString="atlTraceTime") returned 12 [0166.958] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc88, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceTime") returned 13 [0166.958] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.958] lstrlenA (lpString="atlTraceCache") returned 13 [0166.958] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc98, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceCache") returned 14 [0166.958] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.958] lstrlenA (lpString="atlTraceStencil") returned 15 [0166.958] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bca8, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceStencil") returned 16 [0166.958] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.958] lstrlenA (lpString="atlTraceString") returned 14 [0166.958] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcb8, cbMultiByte=15, lpWideCharStr=0x19fd88, cchWideChar=15 | out: lpWideCharStr="atlTraceString") returned 15 [0166.958] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.959] lstrlenA (lpString="atlTraceMap") returned 11 [0166.959] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcc8, cbMultiByte=12, lpWideCharStr=0x19fd88, cchWideChar=12 | out: lpWideCharStr="atlTraceMap") returned 12 [0166.959] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.959] lstrlenA (lpString="atlTraceUtil") returned 12 [0166.959] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcd4, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceUtil") returned 13 [0166.959] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.959] lstrlenA (lpString="atlTraceSecurity") returned 16 [0166.959] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bce4, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceSecurity") returned 17 [0166.959] VirtualAlloc (lpAddress=0x265ee30, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x265e000 [0166.959] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.959] lstrlenA (lpString="atlTraceSync") returned 12 [0166.959] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcf8, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceSync") returned 13 [0166.959] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.959] lstrlenA (lpString="atlTraceISAPI") returned 13 [0166.959] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd08, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceISAPI") returned 14 [0166.959] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.960] lstrlenA (lpString="atlTraceUser") returned 12 [0166.960] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd18, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceUser") returned 13 [0166.960] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.960] lstrlenA (lpString="atlTraceUser2") returned 13 [0166.960] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd28, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser2") returned 14 [0166.960] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.960] lstrlenA (lpString="atlTraceUser3") returned 13 [0166.960] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd38, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser3") returned 14 [0166.960] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.960] lstrlenA (lpString="atlTraceUser4") returned 13 [0166.960] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd48, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser4") returned 14 [0166.960] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.961] lstrlenA (lpString="atlTraceUI") returned 10 [0166.961] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x456fd0, cbMultiByte=11, lpWideCharStr=0x19fd88, cchWideChar=11 | out: lpWideCharStr="atlTraceUI") returned 11 [0166.961] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0166.961] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.962] GetLastError () returned 0x2 [0166.962] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.963] SetLastError (dwErrCode=0x2) [0166.963] GetLastError () returned 0x2 [0166.964] SetLastError (dwErrCode=0x2) [0166.964] GetLastError () returned 0x2 [0166.964] SetLastError (dwErrCode=0x2) [0166.964] GetLastError () returned 0x2 [0166.964] SetLastError (dwErrCode=0x2) [0166.964] GetLastError () returned 0x2 [0166.964] SetLastError (dwErrCode=0x2) [0166.964] GetLastError () returned 0x2 [0166.964] SetLastError (dwErrCode=0x2) [0166.964] GetLastError () returned 0x2 [0166.964] SetLastError (dwErrCode=0x2) [0166.964] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.965] GetLastError () returned 0x2 [0166.965] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] GetLastError () returned 0x2 [0166.966] SetLastError (dwErrCode=0x2) [0166.966] CoInitialize (pvReserved=0x0) returned 0x0 [0166.975] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0166.976] InitCommonControlsEx (picce=0x19febc) returned 1 [0166.976] GetCurrentThreadId () returned 0x278 [0166.976] GetCurrentThreadId () returned 0x278 [0166.976] GetCurrentThreadId () returned 0x278 [0166.977] SetRectEmpty (in: lprc=0x19fe60 | out: lprc=0x19fe60) returned 1 [0166.977] SetRectEmpty (in: lprc=0x19fea0 | out: lprc=0x19fea0) returned 1 [0166.977] IsProcessorFeaturePresent (ProcessorFeature=0xc) returned 1 [0166.977] RtlInterlockedPopEntrySList (in: ListHead=0x6c2298 | out: ListHead=0x6c2298) returned 0x0 [0166.977] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x940000 [0166.978] RtlInterlockedPopEntrySList (in: ListHead=0x6c2298 | out: ListHead=0x6c2298) returned 0x0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940000 | out: ListHead=0x6c2298, ListEntry=0x940000) returned 0x0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940010 | out: ListHead=0x6c2298, ListEntry=0x940010) returned 0x940000 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940020 | out: ListHead=0x6c2298, ListEntry=0x940020) returned 0x940010 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940030 | out: ListHead=0x6c2298, ListEntry=0x940030) returned 0x940020 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940040 | out: ListHead=0x6c2298, ListEntry=0x940040) returned 0x940030 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940050 | out: ListHead=0x6c2298, ListEntry=0x940050) returned 0x940040 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940060 | out: ListHead=0x6c2298, ListEntry=0x940060) returned 0x940050 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940070 | out: ListHead=0x6c2298, ListEntry=0x940070) returned 0x940060 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940080 | out: ListHead=0x6c2298, ListEntry=0x940080) returned 0x940070 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940090 | out: ListHead=0x6c2298, ListEntry=0x940090) returned 0x940080 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9400a0 | out: ListHead=0x6c2298, ListEntry=0x9400a0) returned 0x940090 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9400b0 | out: ListHead=0x6c2298, ListEntry=0x9400b0) returned 0x9400a0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9400c0 | out: ListHead=0x6c2298, ListEntry=0x9400c0) returned 0x9400b0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9400d0 | out: ListHead=0x6c2298, ListEntry=0x9400d0) returned 0x9400c0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9400e0 | out: ListHead=0x6c2298, ListEntry=0x9400e0) returned 0x9400d0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9400f0 | out: ListHead=0x6c2298, ListEntry=0x9400f0) returned 0x9400e0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940100 | out: ListHead=0x6c2298, ListEntry=0x940100) returned 0x9400f0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940110 | out: ListHead=0x6c2298, ListEntry=0x940110) returned 0x940100 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940120 | out: ListHead=0x6c2298, ListEntry=0x940120) returned 0x940110 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940130 | out: ListHead=0x6c2298, ListEntry=0x940130) returned 0x940120 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940140 | out: ListHead=0x6c2298, ListEntry=0x940140) returned 0x940130 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940150 | out: ListHead=0x6c2298, ListEntry=0x940150) returned 0x940140 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940160 | out: ListHead=0x6c2298, ListEntry=0x940160) returned 0x940150 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940170 | out: ListHead=0x6c2298, ListEntry=0x940170) returned 0x940160 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940180 | out: ListHead=0x6c2298, ListEntry=0x940180) returned 0x940170 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940190 | out: ListHead=0x6c2298, ListEntry=0x940190) returned 0x940180 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9401a0 | out: ListHead=0x6c2298, ListEntry=0x9401a0) returned 0x940190 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9401b0 | out: ListHead=0x6c2298, ListEntry=0x9401b0) returned 0x9401a0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9401c0 | out: ListHead=0x6c2298, ListEntry=0x9401c0) returned 0x9401b0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9401d0 | out: ListHead=0x6c2298, ListEntry=0x9401d0) returned 0x9401c0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9401e0 | out: ListHead=0x6c2298, ListEntry=0x9401e0) returned 0x9401d0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9401f0 | out: ListHead=0x6c2298, ListEntry=0x9401f0) returned 0x9401e0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940200 | out: ListHead=0x6c2298, ListEntry=0x940200) returned 0x9401f0 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940210 | out: ListHead=0x6c2298, ListEntry=0x940210) returned 0x940200 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940220 | out: ListHead=0x6c2298, ListEntry=0x940220) returned 0x940210 [0166.978] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940230 | out: ListHead=0x6c2298, ListEntry=0x940230) returned 0x940220 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940240 | out: ListHead=0x6c2298, ListEntry=0x940240) returned 0x940230 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940250 | out: ListHead=0x6c2298, ListEntry=0x940250) returned 0x940240 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940260 | out: ListHead=0x6c2298, ListEntry=0x940260) returned 0x940250 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940270 | out: ListHead=0x6c2298, ListEntry=0x940270) returned 0x940260 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940280 | out: ListHead=0x6c2298, ListEntry=0x940280) returned 0x940270 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940290 | out: ListHead=0x6c2298, ListEntry=0x940290) returned 0x940280 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9402a0 | out: ListHead=0x6c2298, ListEntry=0x9402a0) returned 0x940290 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9402b0 | out: ListHead=0x6c2298, ListEntry=0x9402b0) returned 0x9402a0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9402c0 | out: ListHead=0x6c2298, ListEntry=0x9402c0) returned 0x9402b0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9402d0 | out: ListHead=0x6c2298, ListEntry=0x9402d0) returned 0x9402c0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9402e0 | out: ListHead=0x6c2298, ListEntry=0x9402e0) returned 0x9402d0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9402f0 | out: ListHead=0x6c2298, ListEntry=0x9402f0) returned 0x9402e0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940300 | out: ListHead=0x6c2298, ListEntry=0x940300) returned 0x9402f0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940310 | out: ListHead=0x6c2298, ListEntry=0x940310) returned 0x940300 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940320 | out: ListHead=0x6c2298, ListEntry=0x940320) returned 0x940310 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940330 | out: ListHead=0x6c2298, ListEntry=0x940330) returned 0x940320 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940340 | out: ListHead=0x6c2298, ListEntry=0x940340) returned 0x940330 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940350 | out: ListHead=0x6c2298, ListEntry=0x940350) returned 0x940340 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940360 | out: ListHead=0x6c2298, ListEntry=0x940360) returned 0x940350 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940370 | out: ListHead=0x6c2298, ListEntry=0x940370) returned 0x940360 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940380 | out: ListHead=0x6c2298, ListEntry=0x940380) returned 0x940370 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940390 | out: ListHead=0x6c2298, ListEntry=0x940390) returned 0x940380 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9403a0 | out: ListHead=0x6c2298, ListEntry=0x9403a0) returned 0x940390 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9403b0 | out: ListHead=0x6c2298, ListEntry=0x9403b0) returned 0x9403a0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9403c0 | out: ListHead=0x6c2298, ListEntry=0x9403c0) returned 0x9403b0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9403d0 | out: ListHead=0x6c2298, ListEntry=0x9403d0) returned 0x9403c0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9403e0 | out: ListHead=0x6c2298, ListEntry=0x9403e0) returned 0x9403d0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9403f0 | out: ListHead=0x6c2298, ListEntry=0x9403f0) returned 0x9403e0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940400 | out: ListHead=0x6c2298, ListEntry=0x940400) returned 0x9403f0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940410 | out: ListHead=0x6c2298, ListEntry=0x940410) returned 0x940400 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940420 | out: ListHead=0x6c2298, ListEntry=0x940420) returned 0x940410 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940430 | out: ListHead=0x6c2298, ListEntry=0x940430) returned 0x940420 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940440 | out: ListHead=0x6c2298, ListEntry=0x940440) returned 0x940430 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940450 | out: ListHead=0x6c2298, ListEntry=0x940450) returned 0x940440 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940460 | out: ListHead=0x6c2298, ListEntry=0x940460) returned 0x940450 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940470 | out: ListHead=0x6c2298, ListEntry=0x940470) returned 0x940460 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940480 | out: ListHead=0x6c2298, ListEntry=0x940480) returned 0x940470 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940490 | out: ListHead=0x6c2298, ListEntry=0x940490) returned 0x940480 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9404a0 | out: ListHead=0x6c2298, ListEntry=0x9404a0) returned 0x940490 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9404b0 | out: ListHead=0x6c2298, ListEntry=0x9404b0) returned 0x9404a0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9404c0 | out: ListHead=0x6c2298, ListEntry=0x9404c0) returned 0x9404b0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9404d0 | out: ListHead=0x6c2298, ListEntry=0x9404d0) returned 0x9404c0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9404e0 | out: ListHead=0x6c2298, ListEntry=0x9404e0) returned 0x9404d0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9404f0 | out: ListHead=0x6c2298, ListEntry=0x9404f0) returned 0x9404e0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940500 | out: ListHead=0x6c2298, ListEntry=0x940500) returned 0x9404f0 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940510 | out: ListHead=0x6c2298, ListEntry=0x940510) returned 0x940500 [0166.979] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940520 | out: ListHead=0x6c2298, ListEntry=0x940520) returned 0x940510 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940530 | out: ListHead=0x6c2298, ListEntry=0x940530) returned 0x940520 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940540 | out: ListHead=0x6c2298, ListEntry=0x940540) returned 0x940530 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940550 | out: ListHead=0x6c2298, ListEntry=0x940550) returned 0x940540 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940560 | out: ListHead=0x6c2298, ListEntry=0x940560) returned 0x940550 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940570 | out: ListHead=0x6c2298, ListEntry=0x940570) returned 0x940560 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940580 | out: ListHead=0x6c2298, ListEntry=0x940580) returned 0x940570 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940590 | out: ListHead=0x6c2298, ListEntry=0x940590) returned 0x940580 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9405a0 | out: ListHead=0x6c2298, ListEntry=0x9405a0) returned 0x940590 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9405b0 | out: ListHead=0x6c2298, ListEntry=0x9405b0) returned 0x9405a0 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9405c0 | out: ListHead=0x6c2298, ListEntry=0x9405c0) returned 0x9405b0 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9405d0 | out: ListHead=0x6c2298, ListEntry=0x9405d0) returned 0x9405c0 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9405e0 | out: ListHead=0x6c2298, ListEntry=0x9405e0) returned 0x9405d0 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9405f0 | out: ListHead=0x6c2298, ListEntry=0x9405f0) returned 0x9405e0 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940600 | out: ListHead=0x6c2298, ListEntry=0x940600) returned 0x9405f0 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940610 | out: ListHead=0x6c2298, ListEntry=0x940610) returned 0x940600 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940620 | out: ListHead=0x6c2298, ListEntry=0x940620) returned 0x940610 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940630 | out: ListHead=0x6c2298, ListEntry=0x940630) returned 0x940620 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940640 | out: ListHead=0x6c2298, ListEntry=0x940640) returned 0x940630 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940650 | out: ListHead=0x6c2298, ListEntry=0x940650) returned 0x940640 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940660 | out: ListHead=0x6c2298, ListEntry=0x940660) returned 0x940650 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940670 | out: ListHead=0x6c2298, ListEntry=0x940670) returned 0x940660 [0166.980] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940680 | out: ListHead=0x6c2298, ListEntry=0x940680) returned 0x940670 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940690 | out: ListHead=0x6c2298, ListEntry=0x940690) returned 0x940680 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9406a0 | out: ListHead=0x6c2298, ListEntry=0x9406a0) returned 0x940690 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9406b0 | out: ListHead=0x6c2298, ListEntry=0x9406b0) returned 0x9406a0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9406c0 | out: ListHead=0x6c2298, ListEntry=0x9406c0) returned 0x9406b0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9406d0 | out: ListHead=0x6c2298, ListEntry=0x9406d0) returned 0x9406c0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9406e0 | out: ListHead=0x6c2298, ListEntry=0x9406e0) returned 0x9406d0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9406f0 | out: ListHead=0x6c2298, ListEntry=0x9406f0) returned 0x9406e0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940700 | out: ListHead=0x6c2298, ListEntry=0x940700) returned 0x9406f0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940710 | out: ListHead=0x6c2298, ListEntry=0x940710) returned 0x940700 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940720 | out: ListHead=0x6c2298, ListEntry=0x940720) returned 0x940710 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940730 | out: ListHead=0x6c2298, ListEntry=0x940730) returned 0x940720 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940740 | out: ListHead=0x6c2298, ListEntry=0x940740) returned 0x940730 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940750 | out: ListHead=0x6c2298, ListEntry=0x940750) returned 0x940740 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940760 | out: ListHead=0x6c2298, ListEntry=0x940760) returned 0x940750 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940770 | out: ListHead=0x6c2298, ListEntry=0x940770) returned 0x940760 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940780 | out: ListHead=0x6c2298, ListEntry=0x940780) returned 0x940770 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940790 | out: ListHead=0x6c2298, ListEntry=0x940790) returned 0x940780 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9407a0 | out: ListHead=0x6c2298, ListEntry=0x9407a0) returned 0x940790 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9407b0 | out: ListHead=0x6c2298, ListEntry=0x9407b0) returned 0x9407a0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9407c0 | out: ListHead=0x6c2298, ListEntry=0x9407c0) returned 0x9407b0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9407d0 | out: ListHead=0x6c2298, ListEntry=0x9407d0) returned 0x9407c0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9407e0 | out: ListHead=0x6c2298, ListEntry=0x9407e0) returned 0x9407d0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9407f0 | out: ListHead=0x6c2298, ListEntry=0x9407f0) returned 0x9407e0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940800 | out: ListHead=0x6c2298, ListEntry=0x940800) returned 0x9407f0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940810 | out: ListHead=0x6c2298, ListEntry=0x940810) returned 0x940800 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940820 | out: ListHead=0x6c2298, ListEntry=0x940820) returned 0x940810 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940830 | out: ListHead=0x6c2298, ListEntry=0x940830) returned 0x940820 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940840 | out: ListHead=0x6c2298, ListEntry=0x940840) returned 0x940830 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940850 | out: ListHead=0x6c2298, ListEntry=0x940850) returned 0x940840 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940860 | out: ListHead=0x6c2298, ListEntry=0x940860) returned 0x940850 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940870 | out: ListHead=0x6c2298, ListEntry=0x940870) returned 0x940860 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940880 | out: ListHead=0x6c2298, ListEntry=0x940880) returned 0x940870 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940890 | out: ListHead=0x6c2298, ListEntry=0x940890) returned 0x940880 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9408a0 | out: ListHead=0x6c2298, ListEntry=0x9408a0) returned 0x940890 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9408b0 | out: ListHead=0x6c2298, ListEntry=0x9408b0) returned 0x9408a0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9408c0 | out: ListHead=0x6c2298, ListEntry=0x9408c0) returned 0x9408b0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9408d0 | out: ListHead=0x6c2298, ListEntry=0x9408d0) returned 0x9408c0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9408e0 | out: ListHead=0x6c2298, ListEntry=0x9408e0) returned 0x9408d0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9408f0 | out: ListHead=0x6c2298, ListEntry=0x9408f0) returned 0x9408e0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940900 | out: ListHead=0x6c2298, ListEntry=0x940900) returned 0x9408f0 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940910 | out: ListHead=0x6c2298, ListEntry=0x940910) returned 0x940900 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940920 | out: ListHead=0x6c2298, ListEntry=0x940920) returned 0x940910 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940930 | out: ListHead=0x6c2298, ListEntry=0x940930) returned 0x940920 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940940 | out: ListHead=0x6c2298, ListEntry=0x940940) returned 0x940930 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940950 | out: ListHead=0x6c2298, ListEntry=0x940950) returned 0x940940 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940960 | out: ListHead=0x6c2298, ListEntry=0x940960) returned 0x940950 [0166.981] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940970 | out: ListHead=0x6c2298, ListEntry=0x940970) returned 0x940960 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940980 | out: ListHead=0x6c2298, ListEntry=0x940980) returned 0x940970 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940990 | out: ListHead=0x6c2298, ListEntry=0x940990) returned 0x940980 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9409a0 | out: ListHead=0x6c2298, ListEntry=0x9409a0) returned 0x940990 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9409b0 | out: ListHead=0x6c2298, ListEntry=0x9409b0) returned 0x9409a0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9409c0 | out: ListHead=0x6c2298, ListEntry=0x9409c0) returned 0x9409b0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9409d0 | out: ListHead=0x6c2298, ListEntry=0x9409d0) returned 0x9409c0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9409e0 | out: ListHead=0x6c2298, ListEntry=0x9409e0) returned 0x9409d0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x9409f0 | out: ListHead=0x6c2298, ListEntry=0x9409f0) returned 0x9409e0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a00 | out: ListHead=0x6c2298, ListEntry=0x940a00) returned 0x9409f0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a10 | out: ListHead=0x6c2298, ListEntry=0x940a10) returned 0x940a00 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a20 | out: ListHead=0x6c2298, ListEntry=0x940a20) returned 0x940a10 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a30 | out: ListHead=0x6c2298, ListEntry=0x940a30) returned 0x940a20 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a40 | out: ListHead=0x6c2298, ListEntry=0x940a40) returned 0x940a30 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a50 | out: ListHead=0x6c2298, ListEntry=0x940a50) returned 0x940a40 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a60 | out: ListHead=0x6c2298, ListEntry=0x940a60) returned 0x940a50 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a70 | out: ListHead=0x6c2298, ListEntry=0x940a70) returned 0x940a60 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a80 | out: ListHead=0x6c2298, ListEntry=0x940a80) returned 0x940a70 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940a90 | out: ListHead=0x6c2298, ListEntry=0x940a90) returned 0x940a80 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940aa0 | out: ListHead=0x6c2298, ListEntry=0x940aa0) returned 0x940a90 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ab0 | out: ListHead=0x6c2298, ListEntry=0x940ab0) returned 0x940aa0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ac0 | out: ListHead=0x6c2298, ListEntry=0x940ac0) returned 0x940ab0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ad0 | out: ListHead=0x6c2298, ListEntry=0x940ad0) returned 0x940ac0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ae0 | out: ListHead=0x6c2298, ListEntry=0x940ae0) returned 0x940ad0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940af0 | out: ListHead=0x6c2298, ListEntry=0x940af0) returned 0x940ae0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b00 | out: ListHead=0x6c2298, ListEntry=0x940b00) returned 0x940af0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b10 | out: ListHead=0x6c2298, ListEntry=0x940b10) returned 0x940b00 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b20 | out: ListHead=0x6c2298, ListEntry=0x940b20) returned 0x940b10 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b30 | out: ListHead=0x6c2298, ListEntry=0x940b30) returned 0x940b20 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b40 | out: ListHead=0x6c2298, ListEntry=0x940b40) returned 0x940b30 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b50 | out: ListHead=0x6c2298, ListEntry=0x940b50) returned 0x940b40 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b60 | out: ListHead=0x6c2298, ListEntry=0x940b60) returned 0x940b50 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b70 | out: ListHead=0x6c2298, ListEntry=0x940b70) returned 0x940b60 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b80 | out: ListHead=0x6c2298, ListEntry=0x940b80) returned 0x940b70 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940b90 | out: ListHead=0x6c2298, ListEntry=0x940b90) returned 0x940b80 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ba0 | out: ListHead=0x6c2298, ListEntry=0x940ba0) returned 0x940b90 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940bb0 | out: ListHead=0x6c2298, ListEntry=0x940bb0) returned 0x940ba0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940bc0 | out: ListHead=0x6c2298, ListEntry=0x940bc0) returned 0x940bb0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940bd0 | out: ListHead=0x6c2298, ListEntry=0x940bd0) returned 0x940bc0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940be0 | out: ListHead=0x6c2298, ListEntry=0x940be0) returned 0x940bd0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940bf0 | out: ListHead=0x6c2298, ListEntry=0x940bf0) returned 0x940be0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c00 | out: ListHead=0x6c2298, ListEntry=0x940c00) returned 0x940bf0 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c10 | out: ListHead=0x6c2298, ListEntry=0x940c10) returned 0x940c00 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c20 | out: ListHead=0x6c2298, ListEntry=0x940c20) returned 0x940c10 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c30 | out: ListHead=0x6c2298, ListEntry=0x940c30) returned 0x940c20 [0166.982] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c40 | out: ListHead=0x6c2298, ListEntry=0x940c40) returned 0x940c30 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c50 | out: ListHead=0x6c2298, ListEntry=0x940c50) returned 0x940c40 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c60 | out: ListHead=0x6c2298, ListEntry=0x940c60) returned 0x940c50 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c70 | out: ListHead=0x6c2298, ListEntry=0x940c70) returned 0x940c60 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c80 | out: ListHead=0x6c2298, ListEntry=0x940c80) returned 0x940c70 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940c90 | out: ListHead=0x6c2298, ListEntry=0x940c90) returned 0x940c80 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ca0 | out: ListHead=0x6c2298, ListEntry=0x940ca0) returned 0x940c90 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940cb0 | out: ListHead=0x6c2298, ListEntry=0x940cb0) returned 0x940ca0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940cc0 | out: ListHead=0x6c2298, ListEntry=0x940cc0) returned 0x940cb0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940cd0 | out: ListHead=0x6c2298, ListEntry=0x940cd0) returned 0x940cc0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ce0 | out: ListHead=0x6c2298, ListEntry=0x940ce0) returned 0x940cd0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940cf0 | out: ListHead=0x6c2298, ListEntry=0x940cf0) returned 0x940ce0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d00 | out: ListHead=0x6c2298, ListEntry=0x940d00) returned 0x940cf0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d10 | out: ListHead=0x6c2298, ListEntry=0x940d10) returned 0x940d00 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d20 | out: ListHead=0x6c2298, ListEntry=0x940d20) returned 0x940d10 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d30 | out: ListHead=0x6c2298, ListEntry=0x940d30) returned 0x940d20 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d40 | out: ListHead=0x6c2298, ListEntry=0x940d40) returned 0x940d30 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d50 | out: ListHead=0x6c2298, ListEntry=0x940d50) returned 0x940d40 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d60 | out: ListHead=0x6c2298, ListEntry=0x940d60) returned 0x940d50 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d70 | out: ListHead=0x6c2298, ListEntry=0x940d70) returned 0x940d60 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d80 | out: ListHead=0x6c2298, ListEntry=0x940d80) returned 0x940d70 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940d90 | out: ListHead=0x6c2298, ListEntry=0x940d90) returned 0x940d80 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940da0 | out: ListHead=0x6c2298, ListEntry=0x940da0) returned 0x940d90 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940db0 | out: ListHead=0x6c2298, ListEntry=0x940db0) returned 0x940da0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940dc0 | out: ListHead=0x6c2298, ListEntry=0x940dc0) returned 0x940db0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940dd0 | out: ListHead=0x6c2298, ListEntry=0x940dd0) returned 0x940dc0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940de0 | out: ListHead=0x6c2298, ListEntry=0x940de0) returned 0x940dd0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940df0 | out: ListHead=0x6c2298, ListEntry=0x940df0) returned 0x940de0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e00 | out: ListHead=0x6c2298, ListEntry=0x940e00) returned 0x940df0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e10 | out: ListHead=0x6c2298, ListEntry=0x940e10) returned 0x940e00 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e20 | out: ListHead=0x6c2298, ListEntry=0x940e20) returned 0x940e10 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e30 | out: ListHead=0x6c2298, ListEntry=0x940e30) returned 0x940e20 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e40 | out: ListHead=0x6c2298, ListEntry=0x940e40) returned 0x940e30 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e50 | out: ListHead=0x6c2298, ListEntry=0x940e50) returned 0x940e40 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e60 | out: ListHead=0x6c2298, ListEntry=0x940e60) returned 0x940e50 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e70 | out: ListHead=0x6c2298, ListEntry=0x940e70) returned 0x940e60 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e80 | out: ListHead=0x6c2298, ListEntry=0x940e80) returned 0x940e70 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940e90 | out: ListHead=0x6c2298, ListEntry=0x940e90) returned 0x940e80 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ea0 | out: ListHead=0x6c2298, ListEntry=0x940ea0) returned 0x940e90 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940eb0 | out: ListHead=0x6c2298, ListEntry=0x940eb0) returned 0x940ea0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ec0 | out: ListHead=0x6c2298, ListEntry=0x940ec0) returned 0x940eb0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ed0 | out: ListHead=0x6c2298, ListEntry=0x940ed0) returned 0x940ec0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ee0 | out: ListHead=0x6c2298, ListEntry=0x940ee0) returned 0x940ed0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940ef0 | out: ListHead=0x6c2298, ListEntry=0x940ef0) returned 0x940ee0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f00 | out: ListHead=0x6c2298, ListEntry=0x940f00) returned 0x940ef0 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f10 | out: ListHead=0x6c2298, ListEntry=0x940f10) returned 0x940f00 [0166.983] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f20 | out: ListHead=0x6c2298, ListEntry=0x940f20) returned 0x940f10 [0166.984] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f30 | out: ListHead=0x6c2298, ListEntry=0x940f30) returned 0x940f20 [0166.984] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f40 | out: ListHead=0x6c2298, ListEntry=0x940f40) returned 0x940f30 [0166.984] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f50 | out: ListHead=0x6c2298, ListEntry=0x940f50) returned 0x940f40 [0166.984] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f60 | out: ListHead=0x6c2298, ListEntry=0x940f60) returned 0x940f50 [0166.984] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f70 | out: ListHead=0x6c2298, ListEntry=0x940f70) returned 0x940f60 [0166.984] RtlInterlockedPushEntrySList (in: ListHead=0x6c2298, ListEntry=0x940f80 | out: ListHead=0x6c2298, ListEntry=0x940f80) returned 0x940f70 [0166.984] GetCurrentProcess () returned 0xffffffff [0166.984] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x940ff0, dwSize=0xd) returned 1 [0166.984] GetCurrentThreadId () returned 0x278 [0166.984] CreateDialogParamA (hInstance=0x400000, lpTemplateName=0x81, hWndParent=0x0, lpDialogFunc=0x40a020, dwInitParam=0x0) returned 0x40076 [0167.015] GetCurrentThreadId () returned 0x278 [0167.015] GetCurrentProcess () returned 0xffffffff [0167.015] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x940ff0, dwSize=0xd) returned 1 [0167.015] SetWindowLongA (hWnd=0x40076, nIndex=4, dwNewLong=9703408) returned 4235296 [0167.028] IsWindow (hWnd=0x40076) returned 1 [0167.028] IsWindow (hWnd=0x40076) returned 1 [0167.028] GetWindowLongA (hWnd=0x40076, nIndex=-16) returned 80347204 [0167.028] GetWindow (hWnd=0x40076, uCmd=0x4) returned 0x0 [0167.028] GetWindowRect (in: hWnd=0x40076, lpRect=0x19f89c | out: lpRect=0x19f89c) returned 1 [0167.028] MonitorFromWindow (hwnd=0x40076, dwFlags=0x2) returned 0x10001 [0167.028] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19f860 | out: lpmi=0x19f860) returned 1 [0167.028] SetWindowPos (hWnd=0x40076, hWndInsertAfter=0x0, X=535, Y=255, cx=-1, cy=-1, uFlags=0x15) returned 1 [0167.037] GetSystemMetrics (nIndex=12) returned 32 [0167.037] GetSystemMetrics (nIndex=11) returned 32 [0167.037] LoadImageA (hInst=0x400000, name=0x80, type=0x1, cx=32, cy=32, fuLoad=0x0) returned 0x30117 [0167.039] IsWindow (hWnd=0x40076) returned 1 [0167.039] SendMessageA (hWnd=0x40076, Msg=0x80, wParam=0x1, lParam=0x30117) returned 0x0 [0167.041] GetSystemMetrics (nIndex=50) returned 16 [0167.041] GetSystemMetrics (nIndex=49) returned 16 [0167.041] LoadImageA (hInst=0x400000, name=0x80, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x2011b [0167.042] IsWindow (hWnd=0x40076) returned 1 [0167.042] SendMessageA (hWnd=0x40076, Msg=0x80, wParam=0x0, lParam=0x2011b) returned 0x0 [0167.043] GetDlgItem (hDlg=0x40076, nIDDlgItem=1000) returned 0x200a4 [0167.043] IsWindow (hWnd=0x200a4) returned 1 [0167.043] RtlInterlockedPopEntrySList (in: ListHead=0x6c2298 | out: ListHead=0x6c2298) returned 0x940fe0 [0167.043] GetCurrentProcess () returned 0xffffffff [0167.043] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x940fe0, dwSize=0xd) returned 1 [0167.043] SetWindowLongA (hWnd=0x200a4, nIndex=-4, dwNewLong=9703392) returned 2010237808 [0167.043] GetWindowRect (in: hWnd=0x200a4, lpRect=0x19f8c4 | out: lpRect=0x19f8c4) returned 1 [0167.043] IsWindow (hWnd=0x200a4) returned 1 [0167.043] GetParent (hWnd=0x200a4) returned 0x40076 [0167.043] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40076, lpPoints=0x19f8c4, cPoints=0x2 | out: lpPoints=0x19f8c4) returned -18350618 [0167.044] IsWindow (hWnd=0x200a4) returned 1 [0167.044] SetWindowPos (hWnd=0x200a4, hWndInsertAfter=0x0, X=84, Y=49, cx=269, cy=59, uFlags=0x20) returned 1 [0167.044] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x200a4, Msg=0x46, wParam=0x0, lParam=0x19f854) returned 0x0 [0167.044] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x200a4, Msg=0x83, wParam=0x1, lParam=0x19f82c) returned 0x0 [0167.044] CopyRect (in: lprcDst=0x19fe60, lprcSrc=0x19f82c | out: lprcDst=0x19fe60) returned 1 [0167.044] OffsetRect (in: lprc=0x19fe60, dx=-84, dy=-49 | out: lprc=0x19fe60) returned 1 [0167.045] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x200a4, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0167.045] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x200a4, Msg=0x47, wParam=0x0, lParam=0x19f854) returned 0x0 [0167.045] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x200a4, Msg=0x5, wParam=0x0, lParam=0x3700dd) returned 0x0 [0167.046] GetDlgItem (hDlg=0x40076, nIDDlgItem=1001) returned 0x3022c [0167.046] IsWindow (hWnd=0x3022c) returned 1 [0167.046] RtlInterlockedPopEntrySList (in: ListHead=0x6c2298 | out: ListHead=0x6c2298) returned 0x940fd0 [0167.046] GetCurrentProcess () returned 0xffffffff [0167.046] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x940fd0, dwSize=0xd) returned 1 [0167.046] SetWindowLongA (hWnd=0x3022c, nIndex=-4, dwNewLong=9703376) returned 2010237808 [0167.046] GetWindowRect (in: hWnd=0x3022c, lpRect=0x19f8c4 | out: lpRect=0x19f8c4) returned 1 [0167.046] IsWindow (hWnd=0x3022c) returned 1 [0167.046] GetParent (hWnd=0x3022c) returned 0x40076 [0167.046] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40076, lpPoints=0x19f8c4, cPoints=0x2 | out: lpPoints=0x19f8c4) returned -18350618 [0167.046] IsWindow (hWnd=0x3022c) returned 1 [0167.046] SetWindowPos (hWnd=0x3022c, hWndInsertAfter=0x0, X=105, Y=80, cx=315, cy=52, uFlags=0x20) returned 1 [0167.046] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x46, wParam=0x0, lParam=0x19f854) returned 0x0 [0167.046] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x83, wParam=0x1, lParam=0x19f82c) returned 0x0 [0167.046] CopyRect (in: lprcDst=0x19fea0, lprcSrc=0x19f82c | out: lprcDst=0x19fea0) returned 1 [0167.046] OffsetRect (in: lprc=0x19fea0, dx=-105, dy=-80 | out: lprc=0x19fea0) returned 1 [0167.048] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0167.048] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x47, wParam=0x0, lParam=0x19f854) returned 0x0 [0167.048] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x5, wParam=0x0, lParam=0x300111) returned 0x0 [0167.048] GetCurrentThreadId () returned 0x278 [0167.049] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x89 [0167.049] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0xb1, wParam=0x0, lParam=0x7fffffff) returned 0x1 [0167.062] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0167.066] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0167.066] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0167.066] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0167.066] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x282, wParam=0xf, lParam=0x800df) returned 0x0 [0167.067] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0167.067] IsWindow (hWnd=0x3022c) returned 1 [0167.067] SendMessageA (hWnd=0x3022c, Msg=0x2111, wParam=0x10003e9, lParam=0x3022c) returned 0x0 [0167.067] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x2111, wParam=0x10003e9, lParam=0x3022c) returned 0x0 [0167.067] SetWindowLongA (hWnd=0x40076, nIndex=0, dwNewLong=0) returned 0 [0167.068] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x89 [0167.068] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0167.068] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x200a4, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0167.069] IsWindow (hWnd=0x40076) returned 1 [0167.069] ShowWindow (hWnd=0x40076, nCmdShow=10) returned 0 [0167.079] IsWindow (hWnd=0x40076) returned 1 [0167.079] SendMessageA (hWnd=0x40076, Msg=0x2136, wParam=0x4f010742, lParam=0x40076) returned 0x0 [0167.080] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.080] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.080] IsWindow (hWnd=0x40076) returned 1 [0167.080] IsDialogMessageA (hDlg=0x40076, lpMsg=0x19fdd4) returned 1 [0167.081] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.081] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x84, wParam=0x0, lParam=0x17f02d6) returned 0x1 [0167.081] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.081] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x84, wParam=0x0, lParam=0x17f02d6) returned 0x1 [0167.081] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x20, wParam=0x3022c, lParam=0x2000001) returned 0x0 [0167.081] IsWindow (hWnd=0x40076) returned 1 [0167.081] IsDialogMessageA (hDlg=0x40076, lpMsg=0x19fdd4) returned 1 [0167.081] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x200, wParam=0x0, lParam=0x140051) returned 0x1 [0167.081] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.082] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.082] IsWindow (hWnd=0x40076) returned 1 [0167.082] IsDialogMessageA (hDlg=0x40076, lpMsg=0x19fdd4) returned 1 [0167.082] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.082] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0167.082] IsWindow (hWnd=0x40076) returned 1 [0167.082] IsDialogMessageA (hDlg=0x40076, lpMsg=0x19fdd4) [0167.082] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0xf, wParam=0x0, lParam=0x0) [0167.082] CallWindowProcA (lpPrevWndFunc=0x77d1cb70, hWnd=0x3022c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0167.082] IsWindow (hWnd=0x3022c) returned 1 [0167.082] GetWindowLongA (hWnd=0x3022c, nIndex=-16) returned 1342242944 [0167.082] OffsetRect (in: lprc=0x463a10, dx=-275, dy=-2 | out: lprc=0x463a10) returned 1 [0167.083] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0167.083] GetLastError () returned 0x0 [0167.083] SetLastError (dwErrCode=0x0) [0167.083] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0167.083] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4270e0, lpParameter=0x22510e8, dwCreationFlags=0x4, lpThreadId=0x22510e8 | out: lpThreadId=0x22510e8*=0x718) returned 0x21c [0167.084] ResumeThread (hThread=0x21c) returned 0x1 [0167.084] GetLastError () returned 0x0 [0167.084] SetLastError (dwErrCode=0x0) [0167.085] RtlExitUserThread (Status=0x0) Thread: id = 23 os_tid = 0x608 Thread: id = 24 os_tid = 0x718 [0167.134] GetLastError () returned 0x0 [0167.134] SetLastError (dwErrCode=0x0) [0167.134] CancelDC (hdc=0x0) returned 0 [0167.135] GetDC (hWnd=0x0) returned 0x22010678 [0167.135] SetBkColor (hdc=0x22010678, color=0x1) returned 0xffffff [0167.135] GetLastError () returned 0x6 [0167.135] CreateDIBSection (in: hdc=0x0, lpbmi=0x285e9f8, usage=0x0, ppvBits=0x285e9d8, hSection=0x0, offset=0x0 | out: ppvBits=0x285e9d8) returned 0x1b05066f [0167.135] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0167.135] GdipCreateFontFamilyFromName (name=0x4557b8, fontCollection=0x0, fontFamily=0x285eac4) returned 0x12 [0167.136] GdipCreateFont (fontFamily=0x0, emSize=0x40c00000, style=1, unit=0x2, font=0x285999c) returned 0x12 [0167.136] GdiplusStartup (in: token=0x285eac0, input=0x285ea78, output=0x0 | out: token=0x285eac0, output=0x0) returned 0x0 [0167.144] GdipCreateFromHDC2 (hdc=0x0, hDevice=0x0, graphics=0x28599a4) returned 0x3 [0167.144] GdipCreateSolidFill (color=0xffffffff, brush=0x28599a8) returned 0x0 [0167.144] GdipCreateFontFamilyFromName (name="Times New Roman", fontCollection=0x0, fontFamily=0x285ea40) returned 0x0 [0167.178] GdipDrawString (graphics=0x0, string="Using \"Technology\", i.e.", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipDrawString (graphics=0x0, string="GDI+, I have created a", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipDrawString (graphics=0x0, string="texture from system", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipDrawString (graphics=0x0, string="installed fonts! That", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipDrawString (graphics=0x0, string="means international", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipDrawString (graphics=0x0, string="characters!", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipDrawString (graphics=0x0, string="", length=-1, font=0x0, layoutRect=0x285998c, stringFormat=0x0, brush=0x2961f08) returned 0x2 [0167.178] GdipFlush (graphics=0x0, intention=0x0) returned 0x2 [0167.179] GdipCreateBitmapFromHBITMAP (hbm=0x0, hpal=0x0, bitmap=0x28599a4) returned 0x7 [0167.179] DeleteObject (ho=0x0) returned 0 [0167.179] DeleteDC (hdc=0x0) returned 0 [0167.179] GdipDisposeImage (image=0x0) returned 0x2 [0167.179] GdipDeleteFontFamily (fontFamily=0x3af8898) returned 0x0 [0167.179] GdipDeleteBrush (brush=0x2961f08) returned 0x0 [0167.179] GdipDeleteGraphics (graphics=0x0) returned 0x2 [0167.179] GdipDeleteFont (font=0x0) returned 0x2 [0167.179] GdipDeleteFontFamily (fontFamily=0x0) returned 0x2 [0167.179] GetSysColorBrush (nIndex=15) returned 0x1100074 [0167.179] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0167.179] RegisterClassA (lpWndClass=0x285e3c4) returned 0xc160 [0167.179] CreateWindowExA (dwExStyle=0x0, lpClassName="Check Box", lpWindowName="", dwStyle=0x10cf0000, X=150, Y=150, nWidth=230, nHeight=150, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0167.180] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x79e) returned 0x0 [0167.180] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x22c [0167.185] Process32First (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.185] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0167.186] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x10c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0167.187] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x150, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0167.187] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x150, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0167.188] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x190, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0167.188] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x190, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0167.189] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x198, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0167.190] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x198, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0167.190] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.191] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x268, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.191] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d0, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0167.192] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x37, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.193] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.193] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.194] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.195] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.195] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.196] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x230, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0167.196] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.197] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.198] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0167.198] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.202] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0167.203] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0167.204] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x4ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.204] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0167.205] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0167.206] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0167.206] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x588, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0167.207] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="uni-likely.exe")) returned 1 [0167.207] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="treo.exe")) returned 1 [0167.208] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="subsection berry drainage.exe")) returned 1 [0167.209] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="shade.exe")) returned 1 [0167.209] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="conversations.exe")) returned 1 [0167.210] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x420, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="maui observation.exe")) returned 1 [0167.210] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="oldsleepsdelay.exe")) returned 1 [0167.211] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="interactions-miles-validity.exe")) returned 1 [0167.212] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="infraredpdf.exe")) returned 1 [0167.212] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="ranges tremendous.exe")) returned 1 [0167.213] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="statute lan.exe")) returned 1 [0167.214] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x658, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="batteries.exe")) returned 1 [0167.214] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="word_societies.exe")) returned 1 [0167.215] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x88c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtreserves.exe")) returned 1 [0167.216] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x988, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="skiing_layer_resolutions.exe")) returned 1 [0167.216] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-auditor.exe")) returned 1 [0167.217] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="alpine zones.exe")) returned 1 [0167.217] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="completion.exe")) returned 1 [0167.218] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="fiscalrkansas.exe")) returned 1 [0167.219] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x508, pcPriClassBase=8, dwFlags=0x0, szExeFile="funny.exe")) returned 1 [0167.219] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0167.220] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0167.220] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.221] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x330, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0167.222] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1e8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.222] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xe28, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0167.223] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x8d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0167.223] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x300, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xc78, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0167.224] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0167.225] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x898, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x8d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0167.225] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x898, pcPriClassBase=8, dwFlags=0x0, szExeFile="autoclb.exe")) returned 1 [0167.226] Process32Next (in: hSnapshot=0x22c, lppe=0x285e168 | out: lppe=0x285e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x898, pcPriClassBase=8, dwFlags=0x0, szExeFile="autoclb.exe")) returned 0 [0167.227] CloseHandle (hObject=0x22c) returned 1 [0167.227] DefWindowProcW (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0167.227] DefWindowProcW (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0167.227] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x158, pvParam=0x285dc78, fWinIni=0x0 | out: pvParam=0x285dc78) returned 1 [0167.227] CreateFontIndirectA (lplf=0x285dbec) returned 0x260a068f [0167.227] DdeAccessData (in: hData=0x0, pcbDataSize=0x285ddd4 | out: pcbDataSize=0x285ddd4) returned 0x0 [0167.227] CreateWindowExA (dwExStyle=0x0, lpClassName="SysListView32", lpWindowName=0x0, dwStyle=0x50000000, X=50, Y=50, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0167.227] LoadImageA (hInst=0x400000, name=0x66f, type=0x0, cx=0, cy=0, fuLoad=0x0) returned 0x0 [0167.227] SendMessageA (hWnd=0x0, Msg=0x1044, wParam=0x0, lParam=0x285dc60) returned 0x0 [0167.227] GetTitleBarInfo (in: hwnd=0x0, pti=0x0 | out: pti=0x0) returned 0 [0167.227] DestroyWindow (hWnd=0x0) returned 0 [0167.227] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x1b05066f, lParam=0x0) returned 0x0 [0167.228] BeginPaint (in: hWnd=0x0, lpPaint=0x285dde8 | out: lpPaint=0x285dde8) returned 0x0 [0167.228] EndPaint (hWnd=0x0, lpPaint=0x285dde8) returned 0 [0167.228] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x1b05066f, lParam=0x0) returned 0x0 [0167.228] CreateCompatibleDC (hdc=0x1) returned 0x0 [0167.228] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0167.228] DeleteDC (hdc=0x0) returned 0 [0167.228] GetDC (hWnd=0x0) returned 0x4f010742 [0167.228] CreateCompatibleDC (hdc=0x4f010742) returned 0x180106f6 [0167.228] CreateCompatibleBitmap (hdc=0x180106f6, cx=512, cy=512) returned 0x1e050752 [0167.228] SelectObject (hdc=0x180106f6, h=0x1e050752) returned 0x185000f [0167.228] SelectObject (hdc=0x180106f6, h=0x0) returned 0x0 [0167.228] SetRect (in: lprc=0x285d314, xLeft=0, yTop=0, xRight=512, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.228] GetStockObject (i=0) returned 0x1900010 [0167.228] FillRect (hDC=0x180106f6, lprc=0x285d314, hbr=0x1900010) returned 1 [0167.228] SetTextColor (hdc=0x180106f6, color=0x0) returned 0x0 [0167.228] SetRect (in: lprc=0x285d314, xLeft=0, yTop=0, xRight=32, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.228] DrawTextA (in: hdc=0x180106f6, lpchText="", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="", lprc=0x285d314) returned 16 [0167.244] SetRect (in: lprc=0x285d314, xLeft=32, yTop=0, xRight=64, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.244] DrawTextA (in: hdc=0x180106f6, lpchText="\x01\x01", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x01\x01", lprc=0x285d314) returned 16 [0167.245] SetRect (in: lprc=0x285d314, xLeft=64, yTop=0, xRight=96, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.245] DrawTextA (in: hdc=0x180106f6, lpchText="\x02\x02", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x02\x02", lprc=0x285d314) returned 16 [0167.246] SetRect (in: lprc=0x285d314, xLeft=96, yTop=0, xRight=128, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.246] DrawTextA (in: hdc=0x180106f6, lpchText="\x03\x03", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x03\x03", lprc=0x285d314) returned 16 [0167.247] SetRect (in: lprc=0x285d314, xLeft=128, yTop=0, xRight=160, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.247] DrawTextA (in: hdc=0x180106f6, lpchText="\x04\x04", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x04\x04", lprc=0x285d314) returned 16 [0167.247] SetRect (in: lprc=0x285d314, xLeft=160, yTop=0, xRight=192, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.247] DrawTextA (in: hdc=0x180106f6, lpchText="\x05\x05", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x05\x05", lprc=0x285d314) returned 16 [0167.248] SetRect (in: lprc=0x285d314, xLeft=192, yTop=0, xRight=224, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.248] DrawTextA (in: hdc=0x180106f6, lpchText="\x06\x06", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x06\x06", lprc=0x285d314) returned 16 [0167.248] SetRect (in: lprc=0x285d314, xLeft=224, yTop=0, xRight=256, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.248] DrawTextA (in: hdc=0x180106f6, lpchText="\x07\x07", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x07\x07", lprc=0x285d314) returned 16 [0167.249] SetRect (in: lprc=0x285d314, xLeft=256, yTop=0, xRight=288, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.249] DrawTextA (in: hdc=0x180106f6, lpchText="\x08\x08", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x08\x08", lprc=0x285d314) returned 16 [0167.250] SetRect (in: lprc=0x285d314, xLeft=288, yTop=0, xRight=320, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.250] DrawTextA (in: hdc=0x180106f6, lpchText="\x09\x09", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x09\x09", lprc=0x285d314) returned 16 [0167.250] SetRect (in: lprc=0x285d314, xLeft=320, yTop=0, xRight=352, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.250] DrawTextA (in: hdc=0x180106f6, lpchText="\n\n", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\n\n", lprc=0x285d314) returned 32 [0167.250] SetRect (in: lprc=0x285d314, xLeft=352, yTop=0, xRight=384, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.250] DrawTextA (in: hdc=0x180106f6, lpchText="\x0b\x0b", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x0b\x0b", lprc=0x285d314) returned 16 [0167.251] SetRect (in: lprc=0x285d314, xLeft=384, yTop=0, xRight=416, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.251] DrawTextA (in: hdc=0x180106f6, lpchText="\x0c\x0c", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x0c\x0c", lprc=0x285d314) returned 16 [0167.252] SetRect (in: lprc=0x285d314, xLeft=416, yTop=0, xRight=448, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.252] DrawTextA (in: hdc=0x180106f6, lpchText="\r\r", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\r\r", lprc=0x285d314) returned 32 [0167.252] SetRect (in: lprc=0x285d314, xLeft=448, yTop=0, xRight=480, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.252] DrawTextA (in: hdc=0x180106f6, lpchText="\x0e\x0e", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x0e\x0e", lprc=0x285d314) returned 16 [0167.252] SetRect (in: lprc=0x285d314, xLeft=480, yTop=0, xRight=512, yBottom=32 | out: lprc=0x285d314) returned 1 [0167.252] DrawTextA (in: hdc=0x180106f6, lpchText="\x0f\x0f", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x0f\x0f", lprc=0x285d314) returned 16 [0167.253] SetRect (in: lprc=0x285d314, xLeft=0, yTop=32, xRight=32, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.253] DrawTextA (in: hdc=0x180106f6, lpchText="\x10\x10", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x10\x10", lprc=0x285d314) returned 16 [0167.253] SetRect (in: lprc=0x285d314, xLeft=32, yTop=32, xRight=64, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.253] DrawTextA (in: hdc=0x180106f6, lpchText="\x11\x11", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x11\x11", lprc=0x285d314) returned 16 [0167.254] SetRect (in: lprc=0x285d314, xLeft=64, yTop=32, xRight=96, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.254] DrawTextA (in: hdc=0x180106f6, lpchText="\x12\x12", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x12\x12", lprc=0x285d314) returned 16 [0167.255] SetRect (in: lprc=0x285d314, xLeft=96, yTop=32, xRight=128, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.255] DrawTextA (in: hdc=0x180106f6, lpchText="\x13\x13", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x13\x13", lprc=0x285d314) returned 16 [0167.255] SetRect (in: lprc=0x285d314, xLeft=128, yTop=32, xRight=160, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.255] DrawTextA (in: hdc=0x180106f6, lpchText="\x14\x14", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x14\x14", lprc=0x285d314) returned 16 [0167.256] SetRect (in: lprc=0x285d314, xLeft=160, yTop=32, xRight=192, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.256] DrawTextA (in: hdc=0x180106f6, lpchText="\x15\x15", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x15\x15", lprc=0x285d314) returned 16 [0167.256] SetRect (in: lprc=0x285d314, xLeft=192, yTop=32, xRight=224, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.256] DrawTextA (in: hdc=0x180106f6, lpchText="\x16\x16", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x16\x16", lprc=0x285d314) returned 16 [0167.257] SetRect (in: lprc=0x285d314, xLeft=224, yTop=32, xRight=256, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.257] DrawTextA (in: hdc=0x180106f6, lpchText="\x17\x17", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x17\x17", lprc=0x285d314) returned 16 [0167.258] SetRect (in: lprc=0x285d314, xLeft=256, yTop=32, xRight=288, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.258] DrawTextA (in: hdc=0x180106f6, lpchText="\x18\x18", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x18\x18", lprc=0x285d314) returned 16 [0167.258] SetRect (in: lprc=0x285d314, xLeft=288, yTop=32, xRight=320, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.258] DrawTextA (in: hdc=0x180106f6, lpchText="\x19\x19", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x19\x19", lprc=0x285d314) returned 16 [0167.259] SetRect (in: lprc=0x285d314, xLeft=320, yTop=32, xRight=352, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.259] DrawTextA (in: hdc=0x180106f6, lpchText="\x1a\x1a", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x1a\x1a", lprc=0x285d314) returned 16 [0167.260] SetRect (in: lprc=0x285d314, xLeft=352, yTop=32, xRight=384, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.260] DrawTextA (in: hdc=0x180106f6, lpchText="\x1b\x1b", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x1b\x1b", lprc=0x285d314) returned 16 [0167.261] SetRect (in: lprc=0x285d314, xLeft=384, yTop=32, xRight=416, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.261] DrawTextA (in: hdc=0x180106f6, lpchText="\x1c\x1c", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x1c\x1c", lprc=0x285d314) returned 16 [0167.271] SetRect (in: lprc=0x285d314, xLeft=416, yTop=32, xRight=448, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.271] DrawTextA (in: hdc=0x180106f6, lpchText="\x1d\x1d", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x1d\x1d", lprc=0x285d314) returned 16 [0167.272] SetRect (in: lprc=0x285d314, xLeft=448, yTop=32, xRight=480, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.272] DrawTextA (in: hdc=0x180106f6, lpchText="\x1e\x1e", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x1e\x1e", lprc=0x285d314) returned 16 [0167.272] SetRect (in: lprc=0x285d314, xLeft=480, yTop=32, xRight=512, yBottom=64 | out: lprc=0x285d314) returned 1 [0167.272] DrawTextA (in: hdc=0x180106f6, lpchText="\x1f\x1f", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x1f\x1f", lprc=0x285d314) returned 16 [0167.272] SetRect (in: lprc=0x285d314, xLeft=0, yTop=64, xRight=32, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.272] DrawTextA (in: hdc=0x180106f6, lpchText=" ", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText=" ", lprc=0x285d314) returned 16 [0167.272] SetRect (in: lprc=0x285d314, xLeft=32, yTop=64, xRight=64, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.272] DrawTextA (in: hdc=0x180106f6, lpchText="!!", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="!!", lprc=0x285d314) returned 16 [0167.273] SetRect (in: lprc=0x285d314, xLeft=64, yTop=64, xRight=96, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.273] DrawTextA (in: hdc=0x180106f6, lpchText="\"\"", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\"\"", lprc=0x285d314) returned 16 [0167.273] SetRect (in: lprc=0x285d314, xLeft=96, yTop=64, xRight=128, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.273] DrawTextA (in: hdc=0x180106f6, lpchText="##", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="##", lprc=0x285d314) returned 16 [0167.273] SetRect (in: lprc=0x285d314, xLeft=128, yTop=64, xRight=160, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.273] DrawTextA (in: hdc=0x180106f6, lpchText="$$", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="$$", lprc=0x285d314) returned 16 [0167.273] SetRect (in: lprc=0x285d314, xLeft=160, yTop=64, xRight=192, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.273] DrawTextA (in: hdc=0x180106f6, lpchText="%%", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="%%", lprc=0x285d314) returned 16 [0167.274] SetRect (in: lprc=0x285d314, xLeft=192, yTop=64, xRight=224, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.274] DrawTextA (in: hdc=0x180106f6, lpchText="&&", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="&&", lprc=0x285d314) returned 16 [0167.274] SetRect (in: lprc=0x285d314, xLeft=224, yTop=64, xRight=256, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.274] DrawTextA (in: hdc=0x180106f6, lpchText="''", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="''", lprc=0x285d314) returned 16 [0167.274] SetRect (in: lprc=0x285d314, xLeft=256, yTop=64, xRight=288, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.274] DrawTextA (in: hdc=0x180106f6, lpchText="((", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="((", lprc=0x285d314) returned 16 [0167.274] SetRect (in: lprc=0x285d314, xLeft=288, yTop=64, xRight=320, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.274] DrawTextA (in: hdc=0x180106f6, lpchText="))", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="))", lprc=0x285d314) returned 16 [0167.274] SetRect (in: lprc=0x285d314, xLeft=320, yTop=64, xRight=352, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.274] DrawTextA (in: hdc=0x180106f6, lpchText="**", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="**", lprc=0x285d314) returned 16 [0167.275] SetRect (in: lprc=0x285d314, xLeft=352, yTop=64, xRight=384, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.275] DrawTextA (in: hdc=0x180106f6, lpchText="++", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="++", lprc=0x285d314) returned 16 [0167.275] SetRect (in: lprc=0x285d314, xLeft=384, yTop=64, xRight=416, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.275] DrawTextA (in: hdc=0x180106f6, lpchText=",,", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText=",,", lprc=0x285d314) returned 16 [0167.275] SetRect (in: lprc=0x285d314, xLeft=416, yTop=64, xRight=448, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.275] DrawTextA (in: hdc=0x180106f6, lpchText="--", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="--", lprc=0x285d314) returned 16 [0167.275] SetRect (in: lprc=0x285d314, xLeft=448, yTop=64, xRight=480, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.275] DrawTextA (in: hdc=0x180106f6, lpchText="..", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="..", lprc=0x285d314) returned 16 [0167.276] SetRect (in: lprc=0x285d314, xLeft=480, yTop=64, xRight=512, yBottom=96 | out: lprc=0x285d314) returned 1 [0167.276] DrawTextA (in: hdc=0x180106f6, lpchText="//", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="//", lprc=0x285d314) returned 16 [0167.276] SetRect (in: lprc=0x285d314, xLeft=0, yTop=96, xRight=32, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.276] DrawTextA (in: hdc=0x180106f6, lpchText="00", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="00", lprc=0x285d314) returned 16 [0167.276] SetRect (in: lprc=0x285d314, xLeft=32, yTop=96, xRight=64, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.276] DrawTextA (in: hdc=0x180106f6, lpchText="11", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="11", lprc=0x285d314) returned 16 [0167.276] SetRect (in: lprc=0x285d314, xLeft=64, yTop=96, xRight=96, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.276] DrawTextA (in: hdc=0x180106f6, lpchText="22", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="22", lprc=0x285d314) returned 16 [0167.276] SetRect (in: lprc=0x285d314, xLeft=96, yTop=96, xRight=128, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.276] DrawTextA (in: hdc=0x180106f6, lpchText="33", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="33", lprc=0x285d314) returned 16 [0167.277] SetRect (in: lprc=0x285d314, xLeft=128, yTop=96, xRight=160, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.277] DrawTextA (in: hdc=0x180106f6, lpchText="44", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="44", lprc=0x285d314) returned 16 [0167.277] SetRect (in: lprc=0x285d314, xLeft=160, yTop=96, xRight=192, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.277] DrawTextA (in: hdc=0x180106f6, lpchText="55", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="55", lprc=0x285d314) returned 16 [0167.277] SetRect (in: lprc=0x285d314, xLeft=192, yTop=96, xRight=224, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.277] DrawTextA (in: hdc=0x180106f6, lpchText="66", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="66", lprc=0x285d314) returned 16 [0167.277] SetRect (in: lprc=0x285d314, xLeft=224, yTop=96, xRight=256, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.277] DrawTextA (in: hdc=0x180106f6, lpchText="77", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="77", lprc=0x285d314) returned 16 [0167.278] SetRect (in: lprc=0x285d314, xLeft=256, yTop=96, xRight=288, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.278] DrawTextA (in: hdc=0x180106f6, lpchText="88", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="88", lprc=0x285d314) returned 16 [0167.278] SetRect (in: lprc=0x285d314, xLeft=288, yTop=96, xRight=320, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.278] DrawTextA (in: hdc=0x180106f6, lpchText="99", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="99", lprc=0x285d314) returned 16 [0167.278] SetRect (in: lprc=0x285d314, xLeft=320, yTop=96, xRight=352, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.278] DrawTextA (in: hdc=0x180106f6, lpchText="::", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="::", lprc=0x285d314) returned 16 [0167.278] SetRect (in: lprc=0x285d314, xLeft=352, yTop=96, xRight=384, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.278] DrawTextA (in: hdc=0x180106f6, lpchText=";;", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText=";;", lprc=0x285d314) returned 16 [0167.279] SetRect (in: lprc=0x285d314, xLeft=384, yTop=96, xRight=416, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.279] DrawTextA (in: hdc=0x180106f6, lpchText="<<", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="<<", lprc=0x285d314) returned 16 [0167.279] SetRect (in: lprc=0x285d314, xLeft=416, yTop=96, xRight=448, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.279] DrawTextA (in: hdc=0x180106f6, lpchText="==", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="==", lprc=0x285d314) returned 16 [0167.279] SetRect (in: lprc=0x285d314, xLeft=448, yTop=96, xRight=480, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.279] DrawTextA (in: hdc=0x180106f6, lpchText=">>", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText=">>", lprc=0x285d314) returned 16 [0167.279] SetRect (in: lprc=0x285d314, xLeft=480, yTop=96, xRight=512, yBottom=128 | out: lprc=0x285d314) returned 1 [0167.279] DrawTextA (in: hdc=0x180106f6, lpchText="??", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="??", lprc=0x285d314) returned 16 [0167.279] SetRect (in: lprc=0x285d314, xLeft=0, yTop=128, xRight=32, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.279] DrawTextA (in: hdc=0x180106f6, lpchText="@@", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="@@", lprc=0x285d314) returned 16 [0167.280] SetRect (in: lprc=0x285d314, xLeft=32, yTop=128, xRight=64, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.280] DrawTextA (in: hdc=0x180106f6, lpchText="AA", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="AA", lprc=0x285d314) returned 16 [0167.280] SetRect (in: lprc=0x285d314, xLeft=64, yTop=128, xRight=96, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.280] DrawTextA (in: hdc=0x180106f6, lpchText="BB", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="BB", lprc=0x285d314) returned 16 [0167.280] SetRect (in: lprc=0x285d314, xLeft=96, yTop=128, xRight=128, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.280] DrawTextA (in: hdc=0x180106f6, lpchText="CC", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="CC", lprc=0x285d314) returned 16 [0167.280] SetRect (in: lprc=0x285d314, xLeft=128, yTop=128, xRight=160, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.280] DrawTextA (in: hdc=0x180106f6, lpchText="DD", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="DD", lprc=0x285d314) returned 16 [0167.280] SetRect (in: lprc=0x285d314, xLeft=160, yTop=128, xRight=192, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.281] DrawTextA (in: hdc=0x180106f6, lpchText="EE", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="EE", lprc=0x285d314) returned 16 [0167.281] SetRect (in: lprc=0x285d314, xLeft=192, yTop=128, xRight=224, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.281] DrawTextA (in: hdc=0x180106f6, lpchText="FF", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="FF", lprc=0x285d314) returned 16 [0167.281] SetRect (in: lprc=0x285d314, xLeft=224, yTop=128, xRight=256, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.281] DrawTextA (in: hdc=0x180106f6, lpchText="GG", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="GG", lprc=0x285d314) returned 16 [0167.281] SetRect (in: lprc=0x285d314, xLeft=256, yTop=128, xRight=288, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.281] DrawTextA (in: hdc=0x180106f6, lpchText="HH", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="HH", lprc=0x285d314) returned 16 [0167.281] SetRect (in: lprc=0x285d314, xLeft=288, yTop=128, xRight=320, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.281] DrawTextA (in: hdc=0x180106f6, lpchText="II", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="II", lprc=0x285d314) returned 16 [0167.282] SetRect (in: lprc=0x285d314, xLeft=320, yTop=128, xRight=352, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.282] DrawTextA (in: hdc=0x180106f6, lpchText="JJ", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="JJ", lprc=0x285d314) returned 16 [0167.282] SetRect (in: lprc=0x285d314, xLeft=352, yTop=128, xRight=384, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.282] DrawTextA (in: hdc=0x180106f6, lpchText="KK", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="KK", lprc=0x285d314) returned 16 [0167.282] SetRect (in: lprc=0x285d314, xLeft=384, yTop=128, xRight=416, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.282] DrawTextA (in: hdc=0x180106f6, lpchText="LL", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="LL", lprc=0x285d314) returned 16 [0167.282] SetRect (in: lprc=0x285d314, xLeft=416, yTop=128, xRight=448, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.282] DrawTextA (in: hdc=0x180106f6, lpchText="MM", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="MM", lprc=0x285d314) returned 16 [0167.282] SetRect (in: lprc=0x285d314, xLeft=448, yTop=128, xRight=480, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.282] DrawTextA (in: hdc=0x180106f6, lpchText="NN", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="NN", lprc=0x285d314) returned 16 [0167.283] SetRect (in: lprc=0x285d314, xLeft=480, yTop=128, xRight=512, yBottom=160 | out: lprc=0x285d314) returned 1 [0167.283] DrawTextA (in: hdc=0x180106f6, lpchText="OO", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="OO", lprc=0x285d314) returned 16 [0167.283] SetRect (in: lprc=0x285d314, xLeft=0, yTop=160, xRight=32, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.283] DrawTextA (in: hdc=0x180106f6, lpchText="PP", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="PP", lprc=0x285d314) returned 16 [0167.283] SetRect (in: lprc=0x285d314, xLeft=32, yTop=160, xRight=64, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.283] DrawTextA (in: hdc=0x180106f6, lpchText="QQ", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="QQ", lprc=0x285d314) returned 16 [0167.283] SetRect (in: lprc=0x285d314, xLeft=64, yTop=160, xRight=96, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.283] DrawTextA (in: hdc=0x180106f6, lpchText="RR", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="RR", lprc=0x285d314) returned 16 [0167.284] SetRect (in: lprc=0x285d314, xLeft=96, yTop=160, xRight=128, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.284] DrawTextA (in: hdc=0x180106f6, lpchText="SS", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="SS", lprc=0x285d314) returned 16 [0167.284] SetRect (in: lprc=0x285d314, xLeft=128, yTop=160, xRight=160, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.284] DrawTextA (in: hdc=0x180106f6, lpchText="TT", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="TT", lprc=0x285d314) returned 16 [0167.284] SetRect (in: lprc=0x285d314, xLeft=160, yTop=160, xRight=192, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.284] DrawTextA (in: hdc=0x180106f6, lpchText="UU", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="UU", lprc=0x285d314) returned 16 [0167.284] SetRect (in: lprc=0x285d314, xLeft=192, yTop=160, xRight=224, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.284] DrawTextA (in: hdc=0x180106f6, lpchText="VV", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="VV", lprc=0x285d314) returned 16 [0167.284] SetRect (in: lprc=0x285d314, xLeft=224, yTop=160, xRight=256, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.284] DrawTextA (in: hdc=0x180106f6, lpchText="WW", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="WW", lprc=0x285d314) returned 16 [0167.285] SetRect (in: lprc=0x285d314, xLeft=256, yTop=160, xRight=288, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.285] DrawTextA (in: hdc=0x180106f6, lpchText="XX", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="XX", lprc=0x285d314) returned 16 [0167.285] SetRect (in: lprc=0x285d314, xLeft=288, yTop=160, xRight=320, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.285] DrawTextA (in: hdc=0x180106f6, lpchText="YY", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="YY", lprc=0x285d314) returned 16 [0167.285] SetRect (in: lprc=0x285d314, xLeft=320, yTop=160, xRight=352, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.285] DrawTextA (in: hdc=0x180106f6, lpchText="ZZ", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ZZ", lprc=0x285d314) returned 16 [0167.285] SetRect (in: lprc=0x285d314, xLeft=352, yTop=160, xRight=384, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.285] DrawTextA (in: hdc=0x180106f6, lpchText="[[", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="[[", lprc=0x285d314) returned 16 [0167.286] SetRect (in: lprc=0x285d314, xLeft=384, yTop=160, xRight=416, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.286] DrawTextA (in: hdc=0x180106f6, lpchText="\\\\", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\\\\", lprc=0x285d314) returned 16 [0167.286] SetRect (in: lprc=0x285d314, xLeft=416, yTop=160, xRight=448, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.286] DrawTextA (in: hdc=0x180106f6, lpchText="]]", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="]]", lprc=0x285d314) returned 16 [0167.286] SetRect (in: lprc=0x285d314, xLeft=448, yTop=160, xRight=480, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.286] DrawTextA (in: hdc=0x180106f6, lpchText="^^", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="^^", lprc=0x285d314) returned 16 [0167.286] SetRect (in: lprc=0x285d314, xLeft=480, yTop=160, xRight=512, yBottom=192 | out: lprc=0x285d314) returned 1 [0167.286] DrawTextA (in: hdc=0x180106f6, lpchText="__", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="__", lprc=0x285d314) returned 16 [0167.286] SetRect (in: lprc=0x285d314, xLeft=0, yTop=192, xRight=32, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.286] DrawTextA (in: hdc=0x180106f6, lpchText="``", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="``", lprc=0x285d314) returned 16 [0167.287] SetRect (in: lprc=0x285d314, xLeft=32, yTop=192, xRight=64, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.287] DrawTextA (in: hdc=0x180106f6, lpchText="aa", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="aa", lprc=0x285d314) returned 16 [0167.287] SetRect (in: lprc=0x285d314, xLeft=64, yTop=192, xRight=96, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.287] DrawTextA (in: hdc=0x180106f6, lpchText="bb", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="bb", lprc=0x285d314) returned 16 [0167.287] SetRect (in: lprc=0x285d314, xLeft=96, yTop=192, xRight=128, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.287] DrawTextA (in: hdc=0x180106f6, lpchText="cc", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="cc", lprc=0x285d314) returned 16 [0167.287] SetRect (in: lprc=0x285d314, xLeft=128, yTop=192, xRight=160, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.287] DrawTextA (in: hdc=0x180106f6, lpchText="dd", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="dd", lprc=0x285d314) returned 16 [0167.288] SetRect (in: lprc=0x285d314, xLeft=160, yTop=192, xRight=192, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.288] DrawTextA (in: hdc=0x180106f6, lpchText="ee", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ee", lprc=0x285d314) returned 16 [0167.288] SetRect (in: lprc=0x285d314, xLeft=192, yTop=192, xRight=224, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.288] DrawTextA (in: hdc=0x180106f6, lpchText="ff", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ff", lprc=0x285d314) returned 16 [0167.288] SetRect (in: lprc=0x285d314, xLeft=224, yTop=192, xRight=256, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.288] DrawTextA (in: hdc=0x180106f6, lpchText="gg", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="gg", lprc=0x285d314) returned 16 [0167.288] SetRect (in: lprc=0x285d314, xLeft=256, yTop=192, xRight=288, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.288] DrawTextA (in: hdc=0x180106f6, lpchText="hh", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="hh", lprc=0x285d314) returned 16 [0167.288] SetRect (in: lprc=0x285d314, xLeft=288, yTop=192, xRight=320, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.288] DrawTextA (in: hdc=0x180106f6, lpchText="ii", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ii", lprc=0x285d314) returned 16 [0167.289] SetRect (in: lprc=0x285d314, xLeft=320, yTop=192, xRight=352, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.289] DrawTextA (in: hdc=0x180106f6, lpchText="jj", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="jj", lprc=0x285d314) returned 16 [0167.289] SetRect (in: lprc=0x285d314, xLeft=352, yTop=192, xRight=384, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.289] DrawTextA (in: hdc=0x180106f6, lpchText="kk", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="kk", lprc=0x285d314) returned 16 [0167.289] SetRect (in: lprc=0x285d314, xLeft=384, yTop=192, xRight=416, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.289] DrawTextA (in: hdc=0x180106f6, lpchText="ll", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ll", lprc=0x285d314) returned 16 [0167.289] SetRect (in: lprc=0x285d314, xLeft=416, yTop=192, xRight=448, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.289] DrawTextA (in: hdc=0x180106f6, lpchText="mm", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="mm", lprc=0x285d314) returned 16 [0167.289] SetRect (in: lprc=0x285d314, xLeft=448, yTop=192, xRight=480, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.290] DrawTextA (in: hdc=0x180106f6, lpchText="nn", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="nn", lprc=0x285d314) returned 16 [0167.290] SetRect (in: lprc=0x285d314, xLeft=480, yTop=192, xRight=512, yBottom=224 | out: lprc=0x285d314) returned 1 [0167.290] DrawTextA (in: hdc=0x180106f6, lpchText="oo", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="oo", lprc=0x285d314) returned 16 [0167.290] SetRect (in: lprc=0x285d314, xLeft=0, yTop=224, xRight=32, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.290] DrawTextA (in: hdc=0x180106f6, lpchText="pp", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="pp", lprc=0x285d314) returned 16 [0167.290] SetRect (in: lprc=0x285d314, xLeft=32, yTop=224, xRight=64, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.290] DrawTextA (in: hdc=0x180106f6, lpchText="qq", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="qq", lprc=0x285d314) returned 16 [0167.290] SetRect (in: lprc=0x285d314, xLeft=64, yTop=224, xRight=96, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.290] DrawTextA (in: hdc=0x180106f6, lpchText="rr", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="rr", lprc=0x285d314) returned 16 [0167.291] SetRect (in: lprc=0x285d314, xLeft=96, yTop=224, xRight=128, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.291] DrawTextA (in: hdc=0x180106f6, lpchText="ss", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ss", lprc=0x285d314) returned 16 [0167.291] SetRect (in: lprc=0x285d314, xLeft=128, yTop=224, xRight=160, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.291] DrawTextA (in: hdc=0x180106f6, lpchText="tt", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="tt", lprc=0x285d314) returned 16 [0167.291] SetRect (in: lprc=0x285d314, xLeft=160, yTop=224, xRight=192, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.291] DrawTextA (in: hdc=0x180106f6, lpchText="uu", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="uu", lprc=0x285d314) returned 16 [0167.291] SetRect (in: lprc=0x285d314, xLeft=192, yTop=224, xRight=224, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.291] DrawTextA (in: hdc=0x180106f6, lpchText="vv", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="vv", lprc=0x285d314) returned 16 [0167.291] SetRect (in: lprc=0x285d314, xLeft=224, yTop=224, xRight=256, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.291] DrawTextA (in: hdc=0x180106f6, lpchText="ww", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="ww", lprc=0x285d314) returned 16 [0167.292] SetRect (in: lprc=0x285d314, xLeft=256, yTop=224, xRight=288, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.292] DrawTextA (in: hdc=0x180106f6, lpchText="xx", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="xx", lprc=0x285d314) returned 16 [0167.292] SetRect (in: lprc=0x285d314, xLeft=288, yTop=224, xRight=320, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.292] DrawTextA (in: hdc=0x180106f6, lpchText="yy", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="yy", lprc=0x285d314) returned 16 [0167.296] SetRect (in: lprc=0x285d314, xLeft=320, yTop=224, xRight=352, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.296] DrawTextA (in: hdc=0x180106f6, lpchText="zz", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="zz", lprc=0x285d314) returned 16 [0167.297] SetRect (in: lprc=0x285d314, xLeft=352, yTop=224, xRight=384, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.297] DrawTextA (in: hdc=0x180106f6, lpchText="{{", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="{{", lprc=0x285d314) returned 16 [0167.297] SetRect (in: lprc=0x285d314, xLeft=384, yTop=224, xRight=416, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.297] DrawTextA (in: hdc=0x180106f6, lpchText="||", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="||", lprc=0x285d314) returned 16 [0167.297] SetRect (in: lprc=0x285d314, xLeft=416, yTop=224, xRight=448, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.297] DrawTextA (in: hdc=0x180106f6, lpchText="}}", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="}}", lprc=0x285d314) returned 16 [0167.297] SetRect (in: lprc=0x285d314, xLeft=448, yTop=224, xRight=480, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.297] DrawTextA (in: hdc=0x180106f6, lpchText="~~", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="~~", lprc=0x285d314) returned 16 [0167.297] SetRect (in: lprc=0x285d314, xLeft=480, yTop=224, xRight=512, yBottom=256 | out: lprc=0x285d314) returned 1 [0167.297] DrawTextA (in: hdc=0x180106f6, lpchText="\x7f\x7f", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x7f\x7f", lprc=0x285d314) returned 16 [0167.298] SetRect (in: lprc=0x285d314, xLeft=0, yTop=256, xRight=32, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.298] DrawTextA (in: hdc=0x180106f6, lpchText="\x80\x80", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x80\x80", lprc=0x285d314) returned 16 [0167.298] SetRect (in: lprc=0x285d314, xLeft=32, yTop=256, xRight=64, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.298] DrawTextA (in: hdc=0x180106f6, lpchText="\x81\x81", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x81\x81", lprc=0x285d314) returned 16 [0167.299] SetRect (in: lprc=0x285d314, xLeft=64, yTop=256, xRight=96, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.299] DrawTextA (in: hdc=0x180106f6, lpchText="\x82\x82", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x82\x82", lprc=0x285d314) returned 16 [0167.299] SetRect (in: lprc=0x285d314, xLeft=96, yTop=256, xRight=128, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.299] DrawTextA (in: hdc=0x180106f6, lpchText="\x83\x83", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x83\x83", lprc=0x285d314) returned 16 [0167.299] SetRect (in: lprc=0x285d314, xLeft=128, yTop=256, xRight=160, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.299] DrawTextA (in: hdc=0x180106f6, lpchText="\x84\x84", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x84\x84", lprc=0x285d314) returned 16 [0167.299] SetRect (in: lprc=0x285d314, xLeft=160, yTop=256, xRight=192, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.299] DrawTextA (in: hdc=0x180106f6, lpchText="\x85\x85", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x85\x85", lprc=0x285d314) returned 16 [0167.299] SetRect (in: lprc=0x285d314, xLeft=192, yTop=256, xRight=224, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.299] DrawTextA (in: hdc=0x180106f6, lpchText="\x86\x86", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x86\x86", lprc=0x285d314) returned 16 [0167.300] SetRect (in: lprc=0x285d314, xLeft=224, yTop=256, xRight=256, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.300] DrawTextA (in: hdc=0x180106f6, lpchText="\x87\x87", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x87\x87", lprc=0x285d314) returned 16 [0167.300] SetRect (in: lprc=0x285d314, xLeft=256, yTop=256, xRight=288, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.300] DrawTextA (in: hdc=0x180106f6, lpchText="\x88\x88", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x88\x88", lprc=0x285d314) returned 16 [0167.300] SetRect (in: lprc=0x285d314, xLeft=288, yTop=256, xRight=320, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.300] DrawTextA (in: hdc=0x180106f6, lpchText="\x89\x89", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x89\x89", lprc=0x285d314) returned 16 [0167.300] SetRect (in: lprc=0x285d314, xLeft=320, yTop=256, xRight=352, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.300] DrawTextA (in: hdc=0x180106f6, lpchText="\x8a\x8a", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x8a\x8a", lprc=0x285d314) returned 16 [0167.301] SetRect (in: lprc=0x285d314, xLeft=352, yTop=256, xRight=384, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.301] DrawTextA (in: hdc=0x180106f6, lpchText="\x8b\x8b", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x8b\x8b", lprc=0x285d314) returned 16 [0167.301] SetRect (in: lprc=0x285d314, xLeft=384, yTop=256, xRight=416, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.301] DrawTextA (in: hdc=0x180106f6, lpchText="\x8c\x8c", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x8c\x8c", lprc=0x285d314) returned 16 [0167.301] SetRect (in: lprc=0x285d314, xLeft=416, yTop=256, xRight=448, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.301] DrawTextA (in: hdc=0x180106f6, lpchText="\x8d\x8d", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x8d\x8d", lprc=0x285d314) returned 16 [0167.301] SetRect (in: lprc=0x285d314, xLeft=448, yTop=256, xRight=480, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.301] DrawTextA (in: hdc=0x180106f6, lpchText="\x8e\x8e", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x8e\x8e", lprc=0x285d314) returned 16 [0167.302] SetRect (in: lprc=0x285d314, xLeft=480, yTop=256, xRight=512, yBottom=288 | out: lprc=0x285d314) returned 1 [0167.302] DrawTextA (in: hdc=0x180106f6, lpchText="\x8f\x8f", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x8f\x8f", lprc=0x285d314) returned 16 [0167.302] SetRect (in: lprc=0x285d314, xLeft=0, yTop=288, xRight=32, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.302] DrawTextA (in: hdc=0x180106f6, lpchText="\x90\x90", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x90\x90", lprc=0x285d314) returned 16 [0167.302] SetRect (in: lprc=0x285d314, xLeft=32, yTop=288, xRight=64, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.302] DrawTextA (in: hdc=0x180106f6, lpchText="\x91\x91", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x91\x91", lprc=0x285d314) returned 16 [0167.302] SetRect (in: lprc=0x285d314, xLeft=64, yTop=288, xRight=96, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.302] DrawTextA (in: hdc=0x180106f6, lpchText="\x92\x92", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x92\x92", lprc=0x285d314) returned 16 [0167.303] SetRect (in: lprc=0x285d314, xLeft=96, yTop=288, xRight=128, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.303] DrawTextA (in: hdc=0x180106f6, lpchText="\x93\x93", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x93\x93", lprc=0x285d314) returned 16 [0167.303] SetRect (in: lprc=0x285d314, xLeft=128, yTop=288, xRight=160, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.303] DrawTextA (in: hdc=0x180106f6, lpchText="\x94\x94", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x94\x94", lprc=0x285d314) returned 16 [0167.303] SetRect (in: lprc=0x285d314, xLeft=160, yTop=288, xRight=192, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.303] DrawTextA (in: hdc=0x180106f6, lpchText="\x95\x95", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x95\x95", lprc=0x285d314) returned 16 [0167.303] SetRect (in: lprc=0x285d314, xLeft=192, yTop=288, xRight=224, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.303] DrawTextA (in: hdc=0x180106f6, lpchText="\x96\x96", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x96\x96", lprc=0x285d314) returned 16 [0167.304] SetRect (in: lprc=0x285d314, xLeft=224, yTop=288, xRight=256, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.304] DrawTextA (in: hdc=0x180106f6, lpchText="\x97\x97", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x97\x97", lprc=0x285d314) returned 16 [0167.304] SetRect (in: lprc=0x285d314, xLeft=256, yTop=288, xRight=288, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.304] DrawTextA (in: hdc=0x180106f6, lpchText="\x98\x98", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x98\x98", lprc=0x285d314) returned 16 [0167.304] SetRect (in: lprc=0x285d314, xLeft=288, yTop=288, xRight=320, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.304] DrawTextA (in: hdc=0x180106f6, lpchText="\x99\x99", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x99\x99", lprc=0x285d314) returned 16 [0167.304] SetRect (in: lprc=0x285d314, xLeft=320, yTop=288, xRight=352, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.304] DrawTextA (in: hdc=0x180106f6, lpchText="\x9a\x9a", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x9a\x9a", lprc=0x285d314) returned 16 [0167.305] SetRect (in: lprc=0x285d314, xLeft=352, yTop=288, xRight=384, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.305] DrawTextA (in: hdc=0x180106f6, lpchText="\x9b\x9b", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x9b\x9b", lprc=0x285d314) returned 16 [0167.305] SetRect (in: lprc=0x285d314, xLeft=384, yTop=288, xRight=416, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.305] DrawTextA (in: hdc=0x180106f6, lpchText="\x9c\x9c", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x9c\x9c", lprc=0x285d314) returned 16 [0167.305] SetRect (in: lprc=0x285d314, xLeft=416, yTop=288, xRight=448, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.305] DrawTextA (in: hdc=0x180106f6, lpchText="\x9d\x9d", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x9d\x9d", lprc=0x285d314) returned 16 [0167.305] SetRect (in: lprc=0x285d314, xLeft=448, yTop=288, xRight=480, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.305] DrawTextA (in: hdc=0x180106f6, lpchText="\x9e\x9e", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x9e\x9e", lprc=0x285d314) returned 16 [0167.306] SetRect (in: lprc=0x285d314, xLeft=480, yTop=288, xRight=512, yBottom=320 | out: lprc=0x285d314) returned 1 [0167.306] DrawTextA (in: hdc=0x180106f6, lpchText="\x9f\x9f", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\x9f\x9f", lprc=0x285d314) returned 16 [0167.306] SetRect (in: lprc=0x285d314, xLeft=0, yTop=320, xRight=32, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.306] DrawTextA (in: hdc=0x180106f6, lpchText="\xa0\xa0", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa0\xa0", lprc=0x285d314) returned 16 [0167.306] SetRect (in: lprc=0x285d314, xLeft=32, yTop=320, xRight=64, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.306] DrawTextA (in: hdc=0x180106f6, lpchText="\xa1\xa1", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa1\xa1", lprc=0x285d314) returned 16 [0167.306] SetRect (in: lprc=0x285d314, xLeft=64, yTop=320, xRight=96, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.306] DrawTextA (in: hdc=0x180106f6, lpchText="\xa2\xa2", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa2\xa2", lprc=0x285d314) returned 16 [0167.306] SetRect (in: lprc=0x285d314, xLeft=96, yTop=320, xRight=128, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.306] DrawTextA (in: hdc=0x180106f6, lpchText="\xa3\xa3", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa3\xa3", lprc=0x285d314) returned 16 [0167.307] SetRect (in: lprc=0x285d314, xLeft=128, yTop=320, xRight=160, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.307] DrawTextA (in: hdc=0x180106f6, lpchText="\xa4\xa4", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa4\xa4", lprc=0x285d314) returned 16 [0167.307] SetRect (in: lprc=0x285d314, xLeft=160, yTop=320, xRight=192, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.307] DrawTextA (in: hdc=0x180106f6, lpchText="\xa5\xa5", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa5\xa5", lprc=0x285d314) returned 16 [0167.307] SetRect (in: lprc=0x285d314, xLeft=192, yTop=320, xRight=224, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.307] DrawTextA (in: hdc=0x180106f6, lpchText="\xa6\xa6", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa6\xa6", lprc=0x285d314) returned 16 [0167.307] SetRect (in: lprc=0x285d314, xLeft=224, yTop=320, xRight=256, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.307] DrawTextA (in: hdc=0x180106f6, lpchText="\xa7\xa7", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa7\xa7", lprc=0x285d314) returned 16 [0167.308] SetRect (in: lprc=0x285d314, xLeft=256, yTop=320, xRight=288, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.308] DrawTextA (in: hdc=0x180106f6, lpchText="\xa8\xa8", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa8\xa8", lprc=0x285d314) returned 16 [0167.308] SetRect (in: lprc=0x285d314, xLeft=288, yTop=320, xRight=320, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.308] DrawTextA (in: hdc=0x180106f6, lpchText="\xa9\xa9", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xa9\xa9", lprc=0x285d314) returned 16 [0167.309] SetRect (in: lprc=0x285d314, xLeft=320, yTop=320, xRight=352, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.309] DrawTextA (in: hdc=0x180106f6, lpchText="\xaa\xaa", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xaa\xaa", lprc=0x285d314) returned 16 [0167.309] SetRect (in: lprc=0x285d314, xLeft=352, yTop=320, xRight=384, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.309] DrawTextA (in: hdc=0x180106f6, lpchText="\xab\xab", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xab\xab", lprc=0x285d314) returned 16 [0167.309] SetRect (in: lprc=0x285d314, xLeft=384, yTop=320, xRight=416, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.309] DrawTextA (in: hdc=0x180106f6, lpchText="\xac\xac", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xac\xac", lprc=0x285d314) returned 16 [0167.309] SetRect (in: lprc=0x285d314, xLeft=416, yTop=320, xRight=448, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.309] DrawTextA (in: hdc=0x180106f6, lpchText="\xad\xad", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xad\xad", lprc=0x285d314) returned 16 [0167.310] SetRect (in: lprc=0x285d314, xLeft=448, yTop=320, xRight=480, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.310] DrawTextA (in: hdc=0x180106f6, lpchText="\xae\xae", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xae\xae", lprc=0x285d314) returned 16 [0167.310] SetRect (in: lprc=0x285d314, xLeft=480, yTop=320, xRight=512, yBottom=352 | out: lprc=0x285d314) returned 1 [0167.310] DrawTextA (in: hdc=0x180106f6, lpchText="\xaf\xaf", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xaf\xaf", lprc=0x285d314) returned 16 [0167.310] SetRect (in: lprc=0x285d314, xLeft=0, yTop=352, xRight=32, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.310] DrawTextA (in: hdc=0x180106f6, lpchText="\xb0\xb0", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb0\xb0", lprc=0x285d314) returned 16 [0167.310] SetRect (in: lprc=0x285d314, xLeft=32, yTop=352, xRight=64, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.310] DrawTextA (in: hdc=0x180106f6, lpchText="\xb1\xb1", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb1\xb1", lprc=0x285d314) returned 16 [0167.310] SetRect (in: lprc=0x285d314, xLeft=64, yTop=352, xRight=96, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.310] DrawTextA (in: hdc=0x180106f6, lpchText="\xb2\xb2", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb2\xb2", lprc=0x285d314) returned 16 [0167.311] SetRect (in: lprc=0x285d314, xLeft=96, yTop=352, xRight=128, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.311] DrawTextA (in: hdc=0x180106f6, lpchText="\xb3\xb3", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb3\xb3", lprc=0x285d314) returned 16 [0167.311] SetRect (in: lprc=0x285d314, xLeft=128, yTop=352, xRight=160, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.311] DrawTextA (in: hdc=0x180106f6, lpchText="\xb4\xb4", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb4\xb4", lprc=0x285d314) returned 16 [0167.311] SetRect (in: lprc=0x285d314, xLeft=160, yTop=352, xRight=192, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.311] DrawTextA (in: hdc=0x180106f6, lpchText="\xb5\xb5", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb5\xb5", lprc=0x285d314) returned 16 [0167.311] SetRect (in: lprc=0x285d314, xLeft=192, yTop=352, xRight=224, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.311] DrawTextA (in: hdc=0x180106f6, lpchText="\xb6\xb6", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb6\xb6", lprc=0x285d314) returned 16 [0167.311] SetRect (in: lprc=0x285d314, xLeft=224, yTop=352, xRight=256, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.312] DrawTextA (in: hdc=0x180106f6, lpchText="\xb7\xb7", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb7\xb7", lprc=0x285d314) returned 16 [0167.312] SetRect (in: lprc=0x285d314, xLeft=256, yTop=352, xRight=288, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.312] DrawTextA (in: hdc=0x180106f6, lpchText="\xb8\xb8", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb8\xb8", lprc=0x285d314) returned 16 [0167.312] SetRect (in: lprc=0x285d314, xLeft=288, yTop=352, xRight=320, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.312] DrawTextA (in: hdc=0x180106f6, lpchText="\xb9\xb9", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xb9\xb9", lprc=0x285d314) returned 16 [0167.312] SetRect (in: lprc=0x285d314, xLeft=320, yTop=352, xRight=352, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.312] DrawTextA (in: hdc=0x180106f6, lpchText="\xba\xba", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xba\xba", lprc=0x285d314) returned 16 [0167.312] SetRect (in: lprc=0x285d314, xLeft=352, yTop=352, xRight=384, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.312] DrawTextA (in: hdc=0x180106f6, lpchText="\xbb\xbb", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xbb\xbb", lprc=0x285d314) returned 16 [0167.313] SetRect (in: lprc=0x285d314, xLeft=384, yTop=352, xRight=416, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.313] DrawTextA (in: hdc=0x180106f6, lpchText="\xbc\xbc", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xbc\xbc", lprc=0x285d314) returned 16 [0167.313] SetRect (in: lprc=0x285d314, xLeft=416, yTop=352, xRight=448, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.313] DrawTextA (in: hdc=0x180106f6, lpchText="\xbd\xbd", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xbd\xbd", lprc=0x285d314) returned 16 [0167.313] SetRect (in: lprc=0x285d314, xLeft=448, yTop=352, xRight=480, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.313] DrawTextA (in: hdc=0x180106f6, lpchText="\xbe\xbe", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xbe\xbe", lprc=0x285d314) returned 16 [0167.313] SetRect (in: lprc=0x285d314, xLeft=480, yTop=352, xRight=512, yBottom=384 | out: lprc=0x285d314) returned 1 [0167.313] DrawTextA (in: hdc=0x180106f6, lpchText="\xbf\xbf", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xbf\xbf", lprc=0x285d314) returned 16 [0167.313] SetRect (in: lprc=0x285d314, xLeft=0, yTop=384, xRight=32, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.313] DrawTextA (in: hdc=0x180106f6, lpchText="\xc0\xc0", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc0\xc0", lprc=0x285d314) returned 16 [0167.314] SetRect (in: lprc=0x285d314, xLeft=32, yTop=384, xRight=64, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.314] DrawTextA (in: hdc=0x180106f6, lpchText="\xc1\xc1", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc1\xc1", lprc=0x285d314) returned 16 [0167.314] SetRect (in: lprc=0x285d314, xLeft=64, yTop=384, xRight=96, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.314] DrawTextA (in: hdc=0x180106f6, lpchText="\xc2\xc2", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc2\xc2", lprc=0x285d314) returned 16 [0167.314] SetRect (in: lprc=0x285d314, xLeft=96, yTop=384, xRight=128, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.314] DrawTextA (in: hdc=0x180106f6, lpchText="\xc3\xc3", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc3\xc3", lprc=0x285d314) returned 16 [0167.314] SetRect (in: lprc=0x285d314, xLeft=128, yTop=384, xRight=160, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.314] DrawTextA (in: hdc=0x180106f6, lpchText="\xc4\xc4", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc4\xc4", lprc=0x285d314) returned 16 [0167.315] SetRect (in: lprc=0x285d314, xLeft=160, yTop=384, xRight=192, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.315] DrawTextA (in: hdc=0x180106f6, lpchText="\xc5\xc5", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc5\xc5", lprc=0x285d314) returned 16 [0167.315] SetRect (in: lprc=0x285d314, xLeft=192, yTop=384, xRight=224, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.315] DrawTextA (in: hdc=0x180106f6, lpchText="\xc6\xc6", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc6\xc6", lprc=0x285d314) returned 16 [0167.315] SetRect (in: lprc=0x285d314, xLeft=224, yTop=384, xRight=256, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.315] DrawTextA (in: hdc=0x180106f6, lpchText="\xc7\xc7", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc7\xc7", lprc=0x285d314) returned 16 [0167.315] SetRect (in: lprc=0x285d314, xLeft=256, yTop=384, xRight=288, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.315] DrawTextA (in: hdc=0x180106f6, lpchText="\xc8\xc8", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc8\xc8", lprc=0x285d314) returned 16 [0167.315] SetRect (in: lprc=0x285d314, xLeft=288, yTop=384, xRight=320, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.315] DrawTextA (in: hdc=0x180106f6, lpchText="\xc9\xc9", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xc9\xc9", lprc=0x285d314) returned 16 [0167.316] SetRect (in: lprc=0x285d314, xLeft=320, yTop=384, xRight=352, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.316] DrawTextA (in: hdc=0x180106f6, lpchText="\xca\xca", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xca\xca", lprc=0x285d314) returned 16 [0167.316] SetRect (in: lprc=0x285d314, xLeft=352, yTop=384, xRight=384, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.316] DrawTextA (in: hdc=0x180106f6, lpchText="\xcb\xcb", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xcb\xcb", lprc=0x285d314) returned 16 [0167.316] SetRect (in: lprc=0x285d314, xLeft=384, yTop=384, xRight=416, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.316] DrawTextA (in: hdc=0x180106f6, lpchText="\xcc\xcc", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xcc\xcc", lprc=0x285d314) returned 16 [0167.316] SetRect (in: lprc=0x285d314, xLeft=416, yTop=384, xRight=448, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.316] DrawTextA (in: hdc=0x180106f6, lpchText="\xcd\xcd", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xcd\xcd", lprc=0x285d314) returned 16 [0167.317] SetRect (in: lprc=0x285d314, xLeft=448, yTop=384, xRight=480, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.317] DrawTextA (in: hdc=0x180106f6, lpchText="\xce\xce", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xce\xce", lprc=0x285d314) returned 16 [0167.317] SetRect (in: lprc=0x285d314, xLeft=480, yTop=384, xRight=512, yBottom=416 | out: lprc=0x285d314) returned 1 [0167.317] DrawTextA (in: hdc=0x180106f6, lpchText="\xcf\xcf", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xcf\xcf", lprc=0x285d314) returned 16 [0167.317] SetRect (in: lprc=0x285d314, xLeft=0, yTop=416, xRight=32, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.317] DrawTextA (in: hdc=0x180106f6, lpchText="\xd0\xd0", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd0\xd0", lprc=0x285d314) returned 16 [0167.317] SetRect (in: lprc=0x285d314, xLeft=32, yTop=416, xRight=64, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.317] DrawTextA (in: hdc=0x180106f6, lpchText="\xd1\xd1", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd1\xd1", lprc=0x285d314) returned 16 [0167.317] SetRect (in: lprc=0x285d314, xLeft=64, yTop=416, xRight=96, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.317] DrawTextA (in: hdc=0x180106f6, lpchText="\xd2\xd2", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd2\xd2", lprc=0x285d314) returned 16 [0167.318] SetRect (in: lprc=0x285d314, xLeft=96, yTop=416, xRight=128, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.318] DrawTextA (in: hdc=0x180106f6, lpchText="\xd3\xd3", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd3\xd3", lprc=0x285d314) returned 16 [0167.318] SetRect (in: lprc=0x285d314, xLeft=128, yTop=416, xRight=160, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.318] DrawTextA (in: hdc=0x180106f6, lpchText="\xd4\xd4", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd4\xd4", lprc=0x285d314) returned 16 [0167.318] SetRect (in: lprc=0x285d314, xLeft=160, yTop=416, xRight=192, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.318] DrawTextA (in: hdc=0x180106f6, lpchText="\xd5\xd5", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd5\xd5", lprc=0x285d314) returned 16 [0167.318] SetRect (in: lprc=0x285d314, xLeft=192, yTop=416, xRight=224, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.318] DrawTextA (in: hdc=0x180106f6, lpchText="\xd6\xd6", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd6\xd6", lprc=0x285d314) returned 16 [0167.319] SetRect (in: lprc=0x285d314, xLeft=224, yTop=416, xRight=256, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.319] DrawTextA (in: hdc=0x180106f6, lpchText="\xd7\xd7", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd7\xd7", lprc=0x285d314) returned 16 [0167.319] SetRect (in: lprc=0x285d314, xLeft=256, yTop=416, xRight=288, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.319] DrawTextA (in: hdc=0x180106f6, lpchText="\xd8\xd8", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd8\xd8", lprc=0x285d314) returned 16 [0167.319] SetRect (in: lprc=0x285d314, xLeft=288, yTop=416, xRight=320, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.319] DrawTextA (in: hdc=0x180106f6, lpchText="\xd9\xd9", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xd9\xd9", lprc=0x285d314) returned 16 [0167.319] SetRect (in: lprc=0x285d314, xLeft=320, yTop=416, xRight=352, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.319] DrawTextA (in: hdc=0x180106f6, lpchText="\xda\xda", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xda\xda", lprc=0x285d314) returned 16 [0167.319] SetRect (in: lprc=0x285d314, xLeft=352, yTop=416, xRight=384, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.319] DrawTextA (in: hdc=0x180106f6, lpchText="\xdb\xdb", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xdb\xdb", lprc=0x285d314) returned 16 [0167.320] SetRect (in: lprc=0x285d314, xLeft=384, yTop=416, xRight=416, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.320] DrawTextA (in: hdc=0x180106f6, lpchText="\xdc\xdc", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xdc\xdc", lprc=0x285d314) returned 16 [0167.320] SetRect (in: lprc=0x285d314, xLeft=416, yTop=416, xRight=448, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.320] DrawTextA (in: hdc=0x180106f6, lpchText="\xdd\xdd", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xdd\xdd", lprc=0x285d314) returned 16 [0167.320] SetRect (in: lprc=0x285d314, xLeft=448, yTop=416, xRight=480, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.320] DrawTextA (in: hdc=0x180106f6, lpchText="\xde\xde", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xde\xde", lprc=0x285d314) returned 16 [0167.320] SetRect (in: lprc=0x285d314, xLeft=480, yTop=416, xRight=512, yBottom=448 | out: lprc=0x285d314) returned 1 [0167.320] DrawTextA (in: hdc=0x180106f6, lpchText="\xdf\xdf", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xdf\xdf", lprc=0x285d314) returned 16 [0167.321] SetRect (in: lprc=0x285d314, xLeft=0, yTop=448, xRight=32, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.321] DrawTextA (in: hdc=0x180106f6, lpchText="\xe0\xe0", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe0\xe0", lprc=0x285d314) returned 16 [0167.321] SetRect (in: lprc=0x285d314, xLeft=32, yTop=448, xRight=64, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.321] DrawTextA (in: hdc=0x180106f6, lpchText="\xe1\xe1", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe1\xe1", lprc=0x285d314) returned 16 [0167.321] SetRect (in: lprc=0x285d314, xLeft=64, yTop=448, xRight=96, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.321] DrawTextA (in: hdc=0x180106f6, lpchText="\xe2\xe2", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe2\xe2", lprc=0x285d314) returned 16 [0167.321] SetRect (in: lprc=0x285d314, xLeft=96, yTop=448, xRight=128, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.321] DrawTextA (in: hdc=0x180106f6, lpchText="\xe3\xe3", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe3\xe3", lprc=0x285d314) returned 16 [0167.321] SetRect (in: lprc=0x285d314, xLeft=128, yTop=448, xRight=160, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.321] DrawTextA (in: hdc=0x180106f6, lpchText="\xe4\xe4", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe4\xe4", lprc=0x285d314) returned 16 [0167.322] SetRect (in: lprc=0x285d314, xLeft=160, yTop=448, xRight=192, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.322] DrawTextA (in: hdc=0x180106f6, lpchText="\xe5\xe5", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe5\xe5", lprc=0x285d314) returned 16 [0167.322] SetRect (in: lprc=0x285d314, xLeft=192, yTop=448, xRight=224, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.322] DrawTextA (in: hdc=0x180106f6, lpchText="\xe6\xe6", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe6\xe6", lprc=0x285d314) returned 16 [0167.322] SetRect (in: lprc=0x285d314, xLeft=224, yTop=448, xRight=256, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.322] DrawTextA (in: hdc=0x180106f6, lpchText="\xe7\xe7", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe7\xe7", lprc=0x285d314) returned 16 [0167.322] SetRect (in: lprc=0x285d314, xLeft=256, yTop=448, xRight=288, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.322] DrawTextA (in: hdc=0x180106f6, lpchText="\xe8\xe8", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe8\xe8", lprc=0x285d314) returned 16 [0167.323] SetRect (in: lprc=0x285d314, xLeft=288, yTop=448, xRight=320, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.323] DrawTextA (in: hdc=0x180106f6, lpchText="\xe9\xe9", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xe9\xe9", lprc=0x285d314) returned 16 [0167.323] SetRect (in: lprc=0x285d314, xLeft=320, yTop=448, xRight=352, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.323] DrawTextA (in: hdc=0x180106f6, lpchText="\xea\xea", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xea\xea", lprc=0x285d314) returned 16 [0167.323] SetRect (in: lprc=0x285d314, xLeft=352, yTop=448, xRight=384, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.323] DrawTextA (in: hdc=0x180106f6, lpchText="\xeb\xeb", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xeb\xeb", lprc=0x285d314) returned 16 [0167.326] SetRect (in: lprc=0x285d314, xLeft=384, yTop=448, xRight=416, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.326] DrawTextA (in: hdc=0x180106f6, lpchText="\xec\xec", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xec\xec", lprc=0x285d314) returned 16 [0167.326] SetRect (in: lprc=0x285d314, xLeft=416, yTop=448, xRight=448, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.326] DrawTextA (in: hdc=0x180106f6, lpchText="\xed\xed", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xed\xed", lprc=0x285d314) returned 16 [0167.326] SetRect (in: lprc=0x285d314, xLeft=448, yTop=448, xRight=480, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.326] DrawTextA (in: hdc=0x180106f6, lpchText="\xee\xee", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xee\xee", lprc=0x285d314) returned 16 [0167.326] SetRect (in: lprc=0x285d314, xLeft=480, yTop=448, xRight=512, yBottom=480 | out: lprc=0x285d314) returned 1 [0167.327] DrawTextA (in: hdc=0x180106f6, lpchText="\xef\xef", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xef\xef", lprc=0x285d314) returned 16 [0167.327] SetRect (in: lprc=0x285d314, xLeft=0, yTop=480, xRight=32, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.327] DrawTextA (in: hdc=0x180106f6, lpchText="\xf0\xf0", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf0\xf0", lprc=0x285d314) returned 16 [0167.327] SetRect (in: lprc=0x285d314, xLeft=32, yTop=480, xRight=64, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.327] DrawTextA (in: hdc=0x180106f6, lpchText="\xf1\xf1", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf1\xf1", lprc=0x285d314) returned 16 [0167.327] SetRect (in: lprc=0x285d314, xLeft=64, yTop=480, xRight=96, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.327] DrawTextA (in: hdc=0x180106f6, lpchText="\xf2\xf2", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf2\xf2", lprc=0x285d314) returned 16 [0167.327] SetRect (in: lprc=0x285d314, xLeft=96, yTop=480, xRight=128, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.327] DrawTextA (in: hdc=0x180106f6, lpchText="\xf3\xf3", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf3\xf3", lprc=0x285d314) returned 16 [0167.328] SetRect (in: lprc=0x285d314, xLeft=128, yTop=480, xRight=160, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.328] DrawTextA (in: hdc=0x180106f6, lpchText="\xf4\xf4", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf4\xf4", lprc=0x285d314) returned 16 [0167.328] SetRect (in: lprc=0x285d314, xLeft=160, yTop=480, xRight=192, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.328] DrawTextA (in: hdc=0x180106f6, lpchText="\xf5\xf5", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf5\xf5", lprc=0x285d314) returned 16 [0167.328] SetRect (in: lprc=0x285d314, xLeft=192, yTop=480, xRight=224, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.328] DrawTextA (in: hdc=0x180106f6, lpchText="\xf6\xf6", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf6\xf6", lprc=0x285d314) returned 16 [0167.328] SetRect (in: lprc=0x285d314, xLeft=224, yTop=480, xRight=256, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.328] DrawTextA (in: hdc=0x180106f6, lpchText="\xf7\xf7", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf7\xf7", lprc=0x285d314) returned 16 [0167.328] SetRect (in: lprc=0x285d314, xLeft=256, yTop=480, xRight=288, yBottom=512 | out: lprc=0x285d314) returned 1 [0167.328] DrawTextA (in: hdc=0x180106f6, lpchText="\xf8\xf8", cchText=1, lprc=0x285d314, format=0x5 | out: lpchText="\xf8\xf8", lprc=0x285d314) returned 16 [0167.330] ReleaseDC (hWnd=0x0, hDC=0x4f010742) returned 1 [0167.330] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x285cbe0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1 [0167.330] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x285cbe0, cbMultiByte=-1, lpWideCharStr=0x6d3994, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0167.330] CoInitialize (pvReserved=0x0) returned 0x0 [0167.332] CLSIDFromProgID (in: lpszProgID="WinHttp.WinHttpRequest.5.1", lpclsid=0x285cb90 | out: lpclsid=0x285cb90*(Data1=0x2087c2f4, Data2=0x2cef, Data3=0x4953, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x77, [4]=0x9b, [5]=0x67, [6]=0x4, [7]=0x95))) returned 0x0 [0167.336] CoCreateInstance (in: rclsid=0x285cb90*(Data1=0x2087c2f4, Data2=0x2cef, Data3=0x4953, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x77, [4]=0x9b, [5]=0x67, [6]=0x4, [7]=0x95)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x285cbd0*(Data1=0x6f29373, Data2=0x5c5a, Data3=0x4b54, Data4=([0]=0xb0, [1]=0x25, [2]=0x6e, [3]=0xf1, [4]=0xbf, [5]=0x8a, [6]=0xbf, [7]=0xe)), ppv=0x285cba4 | out: ppv=0x285cba4*=0x6d5c80) returned 0x0 [0167.342] GetLastError () returned 0x0 [0167.342] SetLastError (dwErrCode=0x0) [0167.342] GetLastError () returned 0x0 [0167.342] SetLastError (dwErrCode=0x0) [0167.342] GetLastError () returned 0x0 [0167.342] SetLastError (dwErrCode=0x0) [0167.342] GetLastError () returned 0x0 [0167.342] SetLastError (dwErrCode=0x0) [0167.342] CoUninitialize () [0167.346] CryptAcquireContextA (in: phProv=0x285b778, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x285b778*=0x6bfab8) returned 1 [0167.369] CryptGenRandom (in: hProv=0x6bfab8, dwLen=0x800, pbBuffer=0x285b7c0 | out: pbBuffer=0x285b7c0) returned 1 [0167.369] GetTextExtentPoint32A (in: hdc=0x0, lpString=0x0, c=42333239, psizl=0x285b744 | out: psizl=0x285b744) returned 0 [0167.369] glViewport () returned 0x0 [0167.369] glMatrixMode () returned 0x0 [0167.369] glLoadIdentity () returned 0x0 [0167.369] glOrtho () returned 0x0 [0167.369] gluLookAt () returned 0x0 [0167.369] glMatrixMode () returned 0x0 [0167.369] GetDC (hWnd=0x0) returned 0x4f010742 [0167.369] glViewport () returned 0x0 [0167.369] glMatrixMode () returned 0x0 [0167.369] glLoadIdentity () returned 0x0 [0167.369] glOrtho () returned 0x0 [0167.370] gluLookAt () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] GetDC (hWnd=0x0) returned 0xe010650 [0167.370] glViewport () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] glLoadIdentity () returned 0x0 [0167.370] glOrtho () returned 0x0 [0167.370] gluLookAt () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] GetDC (hWnd=0x0) returned 0x3501073a [0167.370] glViewport () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] glLoadIdentity () returned 0x0 [0167.370] glOrtho () returned 0x0 [0167.370] gluLookAt () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] GetDC (hWnd=0x0) returned 0x54010719 [0167.370] glViewport () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] glLoadIdentity () returned 0x0 [0167.370] glOrtho () returned 0x0 [0167.370] gluLookAt () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] GetDC (hWnd=0x0) returned 0xe010731 [0167.370] glViewport () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] glLoadIdentity () returned 0x0 [0167.370] glOrtho () returned 0x0 [0167.370] gluLookAt () returned 0x0 [0167.370] glMatrixMode () returned 0x0 [0167.370] GetDC (hWnd=0x0) returned 0x1a0106f6 [0167.371] glViewport () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] glLoadIdentity () returned 0x0 [0167.371] glOrtho () returned 0x0 [0167.371] gluLookAt () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] GetDC (hWnd=0x0) returned 0xa10106f7 [0167.371] glViewport () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] glLoadIdentity () returned 0x0 [0167.371] glOrtho () returned 0x0 [0167.371] gluLookAt () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] GetDC (hWnd=0x0) returned 0x2401052d [0167.371] glViewport () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] glLoadIdentity () returned 0x0 [0167.371] glOrtho () returned 0x0 [0167.371] gluLookAt () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] GetDC (hWnd=0x0) returned 0x220106af [0167.371] glViewport () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] glLoadIdentity () returned 0x0 [0167.371] glOrtho () returned 0x0 [0167.371] gluLookAt () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] GetDC (hWnd=0x0) returned 0x6301074f [0167.371] glViewport () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] glLoadIdentity () returned 0x0 [0167.371] glOrtho () returned 0x0 [0167.371] gluLookAt () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] GetDC (hWnd=0x0) returned 0x22010668 [0167.371] glViewport () returned 0x0 [0167.371] glMatrixMode () returned 0x0 [0167.371] glLoadIdentity () returned 0x0 [0167.372] glOrtho () returned 0x0 [0167.372] gluLookAt () returned 0x0 [0167.372] glMatrixMode () returned 0x0 [0167.372] GetDC (hWnd=0x0) returned 0x2e010689 [0167.372] glViewport () returned 0x0 [0167.372] glMatrixMode () returned 0x0 [0167.372] glLoadIdentity () returned 0x0 [0167.372] glOrtho () returned 0x0 [0167.372] gluLookAt () returned 0x0 [0167.372] glMatrixMode () returned 0x0 [0167.372] GetDC (hWnd=0x0) returned 0x59010711 [0167.372] FindFirstFileA (in: lpFileName="", lpFindFileData=0x285b5f8 | out: lpFindFileData=0x285b5f8) returned 0xffffffff [0167.372] CryptGenKey (in: hProv=0x6bfab8, Algid=0x6801, dwFlags=0x0, phKey=0x285bff8 | out: phKey=0x285bff8*=0x6ec6c8) returned 1 [0167.372] GetDeviceCaps (hdc=0x59010711, index=8) returned 1440 [0167.373] SelectObject (hdc=0x0, h=0x79e) returned 0x0 [0167.373] CryptReleaseContext (hProv=0x6bfab8, dwFlags=0x0) returned 1 [0167.373] GetDeviceCaps (hdc=0x59010711, index=10) returned 900 [0167.373] GetLastError () returned 0x6 [0167.373] SetLastError (dwErrCode=0x6) [0167.373] VirtualAlloc (lpAddress=0x0, dwSize=0x7000, flAllocationType=0x3000, flProtect=0x40) returned 0x2230000 [0167.376] GetStockObject (i=0) returned 0x1900010 [0167.376] RegisterClassA (lpWndClass=0x28595c8) returned 0x0 [0167.376] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0167.377] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0167.377] waveOutOpen (in: phwo=0x285917c, uDeviceID=0xffffffff, pwfx=0x2859148, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x285917c) returned 0x0 [0167.864] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2859134 | out: ppv=0x2859134*=0x732958) returned 0x0 [0167.866] waveOutOpen (in: phwo=0x285912c, uDeviceID=0xffffffff, pwfx=0x28590f4, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x285912c) returned 0x0 [0167.947] GetLastError () returned 0x0 [0167.947] SetLastError (dwErrCode=0x0) [0167.947] GetLastError () returned 0x0 [0167.947] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.948] GetLastError () returned 0x0 [0167.948] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.949] SetLastError (dwErrCode=0x0) [0167.949] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.950] SetLastError (dwErrCode=0x0) [0167.950] GetLastError () returned 0x0 [0167.951] SetLastError (dwErrCode=0x0) [0167.951] GetLastError () returned 0x0 [0167.951] SetLastError (dwErrCode=0x0) [0167.951] GetLastError () returned 0x0 [0167.951] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.952] GetLastError () returned 0x0 [0167.952] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.953] SetLastError (dwErrCode=0x0) [0167.953] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.954] SetLastError (dwErrCode=0x0) [0167.954] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.955] SetLastError (dwErrCode=0x0) [0167.955] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.956] SetLastError (dwErrCode=0x0) [0167.956] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.957] SetLastError (dwErrCode=0x0) [0167.957] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.958] SetLastError (dwErrCode=0x0) [0167.958] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.959] SetLastError (dwErrCode=0x0) [0167.959] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.960] SetLastError (dwErrCode=0x0) [0167.960] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.961] GetLastError () returned 0x0 [0167.961] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.962] SetLastError (dwErrCode=0x0) [0167.962] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.963] SetLastError (dwErrCode=0x0) [0167.963] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.964] SetLastError (dwErrCode=0x0) [0167.964] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.965] SetLastError (dwErrCode=0x0) [0167.965] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.966] SetLastError (dwErrCode=0x0) [0167.966] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.967] SetLastError (dwErrCode=0x0) [0167.967] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] GetLastError () returned 0x0 [0167.968] SetLastError (dwErrCode=0x0) [0167.968] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x28580e0 | out: ppv=0x28580e0*=0x732958) returned 0x0 [0167.969] glColor3f () returned 0x0 [0167.969] glBegin () returned 0x0 [0167.969] glVertex3f () returned 0x0 [0167.969] glVertex3f () returned 0x0 [0167.969] glVertex3f () returned 0x0 [0167.969] glEnd () returned 0x0 [0167.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28509fc | out: lpSystemTimeAsFileTime=0x28509fc*(dwLowDateTime=0x94214c5e, dwHighDateTime=0x1d471c9)) [0167.969] GetLastError () returned 0x36b7 [0167.969] SetLastError (dwErrCode=0x36b7) [0167.969] glClearColor () returned 0x0 [0167.969] glColor3f () returned 0x0 [0167.969] glPointSize () returned 0x0 [0167.970] CoInitialize (pvReserved=0x0) returned 0x0 [0167.972] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x285761c | out: ppv=0x285761c*=0x6e080c) returned 0x0 [0167.987] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x6e080c, retval=0x2857618 | out: retval=0x2857618*="") returned 0x80070534 [0167.990] GetClientRect (in: hWnd=0x0, lpRect=0x2856d64 | out: lpRect=0x2856d64) returned 0 [0167.990] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0167.990] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0167.990] GetSysColorBrush (nIndex=5) returned 0x110007b [0167.990] RegisterClassExA (param_1=0x2856d28) returned 0xc15e [0167.991] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2856c00 | out: ppv=0x2856c00*=0x732958) returned 0x0 [0167.991] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0167.991] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0167.991] GetSysColorBrush (nIndex=5) returned 0x110007b [0167.991] RegisterClassExA (param_1=0x2856bcc) returned 0x0 [0167.991] waveOutOpen (in: phwo=0x2856bc0, uDeviceID=0xffffffff, pwfx=0x2856b88, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x2856bc0) returned 0x0 [0168.026] GetLastError () returned 0x0 [0168.026] SetLastError (dwErrCode=0x0) [0168.026] GetLastError () returned 0x0 [0168.026] SetLastError (dwErrCode=0x0) [0168.026] GetLastError () returned 0x0 [0168.026] SetLastError (dwErrCode=0x0) [0168.026] GetLastError () returned 0x0 [0168.026] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.027] SetLastError (dwErrCode=0x0) [0168.027] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.028] GetLastError () returned 0x0 [0168.028] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.029] SetLastError (dwErrCode=0x0) [0168.029] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.030] GetLastError () returned 0x0 [0168.030] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.031] GetLastError () returned 0x0 [0168.031] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.032] SetLastError (dwErrCode=0x0) [0168.032] GetLastError () returned 0x0 [0168.033] SetLastError (dwErrCode=0x0) [0168.033] GetLastError () returned 0x0 [0168.033] SetLastError (dwErrCode=0x0) [0168.033] GetLastError () returned 0x0 [0168.033] SetLastError (dwErrCode=0x0) [0168.033] GetLastError () returned 0x0 [0168.033] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.034] SetLastError (dwErrCode=0x0) [0168.034] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.035] GetLastError () returned 0x0 [0168.035] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.036] SetLastError (dwErrCode=0x0) [0168.036] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.037] GetLastError () returned 0x0 [0168.037] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.038] GetLastError () returned 0x0 [0168.038] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.039] SetLastError (dwErrCode=0x0) [0168.039] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.040] GetLastError () returned 0x0 [0168.040] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] GetLastError () returned 0x0 [0168.041] SetLastError (dwErrCode=0x0) [0168.041] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0168.042] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0168.042] GetStockObject (i=0) returned 0x1900010 [0168.042] RegisterClassA (lpWndClass=0x2855b58) returned 0xc15d [0168.042] FileTimeToLocalFileTime (in: lpFileTime=0x2855b28, lpLocalFileTime=0x2855b28 | out: lpLocalFileTime=0x2855b28) returned 1 [0168.042] FileTimeToSystemTime (in: lpFileTime=0x2855b28, lpSystemTime=0x2855b14 | out: lpSystemTime=0x2855b14) returned 1 [0168.042] OpenEventLogA (lpUNCServerName=0x0, lpSourceName="") returned 0x0 [0168.042] GetOldestEventLogRecord (in: hEventLog=0x0, OldestRecord=0x2855b08 | out: OldestRecord=0x2855b08) returned 0 [0168.042] GetNumberOfEventLogRecords (in: hEventLog=0x0, NumberOfRecords=0x28558f4 | out: NumberOfRecords=0x28558f4) returned 0 [0168.043] GetDC (hWnd=0x0) returned 0x2b0106f9 [0168.043] SelectObject (hdc=0x2b0106f9, h=0x79e) returned 0x0 [0168.043] wsprintfA (in: param_1=0x28558ac, param_2="\x9e\x07" | out: param_1="\x9e\x07") returned 2 [0168.043] SelectObject (hdc=0x2b0106f9, h=0x0) returned 0x0 [0168.043] ReleaseDC (hWnd=0x0, hDC=0x2b0106f9) returned 1 [0168.043] CoInitialize (pvReserved=0x0) returned 0x1 [0168.043] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x2855658 | out: ppv=0x2855658*=0x6bbaa4) returned 0x0 [0168.043] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x6bbaa4, retval=0x2855654 | out: retval=0x2855654*="") returned 0x80070534 [0168.045] ADsGetObject (lpszPathName="", riid=0x453dc4*(Data1=0xfd8256d0, Data2=0xfd15, Data3=0x11ce, Data4=([0]=0xab, [1]=0xc4, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x9e, [6]=0x75, [7]=0x53)), ppObject=0x285567c) returned 0x80004005 [0168.046] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627d4) returned 0xb05073c [0168.046] CreatePatternBrush (hbm=0xb05073c) returned 0xffffffffef100696 [0168.046] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0168.046] SelectObject (hdc=0x79e, h=0xef100696) returned 0x0 [0168.046] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0168.046] glEnable () returned 0x0 [0168.046] glShadeModel () returned 0x0 [0168.046] glEnable () returned 0x0 [0168.046] glEnable () returned 0x0 [0168.046] glEnable () returned 0x0 [0168.046] glLightfv () returned 0x0 [0168.046] glLightfv () returned 0x0 [0168.046] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2855200 | out: ppv=0x2855200*=0x732958) returned 0x0 [0168.046] waveOutOpen (in: phwo=0x285517c, uDeviceID=0xffffffff, pwfx=0x2855148, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x285517c) returned 0x0 [0168.059] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2855134 | out: ppv=0x2855134*=0x732958) returned 0x0 [0168.059] GetDC (hWnd=0x0) returned 0x2b0106f9 [0168.059] SelectObject (hdc=0x2b0106f9, h=0x79e) returned 0x0 [0168.059] wsprintfA (in: param_1=0x28550f8, param_2="\x9e\x07" | out: param_1="\x9e\x07") returned 2 [0168.059] SelectObject (hdc=0x2b0106f9, h=0x0) returned 0x0 [0168.059] ReleaseDC (hWnd=0x0, hDC=0x2b0106f9) returned 1 [0168.059] glEnable () returned 0x0 [0168.059] glShadeModel () returned 0x0 [0168.059] glEnable () returned 0x0 [0168.060] glEnable () returned 0x0 [0168.060] glEnable () returned 0x0 [0168.060] glLightfv () returned 0x0 [0168.060] glLightfv () returned 0x0 [0168.071] waveInOpen (in: phwi=0x2854fd0, uDeviceID=0xffffffff, pwfx=0x2854f9c, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x2854fd0) returned 0x0 [0168.098] waveInPrepareHeader (in: hwi=0x6cee58, pwh=0x2854fb0, cbwh=0x20 | out: pwh=0x2854fb0) returned 0x0 [0168.099] waveInAddBuffer (in: hwi=0x6cee58, pwh=0x2854fb0, cbwh=0x20 | out: pwh=0x2854fb0) returned 0x0 [0168.099] glClear () returned 0x0 [0168.099] waveOutOpen (in: phwo=0x2854f10, uDeviceID=0xffffffff, pwfx=0x2854ed8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x2854f10) returned 0x0 [0168.134] GetLastError () returned 0x0 [0168.134] SetLastError (dwErrCode=0x0) [0168.134] GetLastError () returned 0x0 [0168.134] SetLastError (dwErrCode=0x0) [0168.134] GetLastError () returned 0x0 [0168.134] SetLastError (dwErrCode=0x0) [0168.134] GetLastError () returned 0x0 [0168.134] SetLastError (dwErrCode=0x0) [0168.134] GetLastError () returned 0x0 [0168.134] SetLastError (dwErrCode=0x0) [0168.134] GetLastError () returned 0x0 [0168.134] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.135] GetLastError () returned 0x0 [0168.135] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.136] GetLastError () returned 0x0 [0168.136] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.137] SetLastError (dwErrCode=0x0) [0168.137] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.138] SetLastError (dwErrCode=0x0) [0168.138] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.139] SetLastError (dwErrCode=0x0) [0168.139] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.141] GetLastError () returned 0x0 [0168.141] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.142] GetLastError () returned 0x0 [0168.142] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.143] SetLastError (dwErrCode=0x0) [0168.143] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.144] SetLastError (dwErrCode=0x0) [0168.144] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.145] GetLastError () returned 0x0 [0168.145] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.146] SetLastError (dwErrCode=0x0) [0168.146] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.147] GetLastError () returned 0x0 [0168.147] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.148] SetLastError (dwErrCode=0x0) [0168.148] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] GetLastError () returned 0x0 [0168.149] SetLastError (dwErrCode=0x0) [0168.149] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2853ec0 | out: ppv=0x2853ec0*=0x732958) returned 0x0 [0168.149] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0168.149] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0168.150] GetStockObject (i=0) returned 0x1900010 [0168.150] RegisterClassA (lpWndClass=0x2853db0) returned 0x0 [0168.150] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627e4) returned 0x68050664 [0168.150] CreatePatternBrush (hbm=0x68050664) returned 0x19100745 [0168.150] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0168.150] SelectObject (hdc=0x79e, h=0x19100745) returned 0x0 [0168.150] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0168.150] FileTimeToLocalFileTime (in: lpFileTime=0x2853668, lpLocalFileTime=0x2853668 | out: lpLocalFileTime=0x2853668) returned 1 [0168.150] FileTimeToSystemTime (in: lpFileTime=0x2853668, lpSystemTime=0x2853654 | out: lpSystemTime=0x2853654) returned 1 [0168.150] CoInitialize (pvReserved=0x0) returned 0x1 [0168.150] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x2853404 | out: ppv=0x2853404*=0x6fbc7c) returned 0x0 [0168.150] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x6fbc7c, retval=0x2853400 | out: retval=0x2853400*="") returned 0x80070534 [0168.153] GetAsyncKeyState (vKey=39) returned 0 [0168.153] waveOutOpen (in: phwo=0x285321c, uDeviceID=0xffffffff, pwfx=0x28531e8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x285321c) returned 0x0 [0168.166] GetAsyncKeyState (vKey=39) returned 0 [0168.166] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627f4) returned 0xf050733 [0168.166] CreatePatternBrush (hbm=0xf050733) returned 0x11100726 [0168.166] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0168.166] SelectObject (hdc=0x79e, h=0x11100726) returned 0x0 [0168.166] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0168.178] waveInOpen (in: phwi=0x2852df4, uDeviceID=0xffffffff, pwfx=0x2852dc0, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x2852df4) returned 0x0 [0168.188] waveInPrepareHeader (in: hwi=0x6fcea0, pwh=0x2852dd4, cbwh=0x20 | out: pwh=0x2852dd4) returned 0x0 [0168.188] waveInAddBuffer (in: hwi=0x6fcea0, pwh=0x2852dd4, cbwh=0x20 | out: pwh=0x2852dd4) returned 0x0 [0168.189] OpenEventLogA (lpUNCServerName=0x0, lpSourceName="") returned 0x0 [0168.189] GetOldestEventLogRecord (in: hEventLog=0x0, OldestRecord=0x2852db4 | out: OldestRecord=0x2852db4) returned 0 [0168.189] GetNumberOfEventLogRecords (in: hEventLog=0x0, NumberOfRecords=0x2852b9c | out: NumberOfRecords=0x2852b9c) returned 0 [0168.189] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2852b7c | out: ppv=0x2852b7c*=0x732958) returned 0x0 [0168.190] glEnable () returned 0x0 [0168.190] glShadeModel () returned 0x0 [0168.190] glEnable () returned 0x0 [0168.190] glEnable () returned 0x0 [0168.190] glEnable () returned 0x0 [0168.190] glLightfv () returned 0x0 [0168.190] glLightfv () returned 0x0 [0168.190] GetStockObject (i=0) returned 0x1900010 [0168.190] RegisterClassA (lpWndClass=0x2852ae0) returned 0xc16f [0168.190] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0168.190] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0168.190] waveOutOpen (in: phwo=0x2852974, uDeviceID=0xffffffff, pwfx=0x2852940, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x2852974) returned 0x0 [0168.215] CoInitialize (pvReserved=0x0) returned 0x1 [0168.215] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x285272c | out: ppv=0x285272c*=0x6fb9fc) returned 0x0 [0168.215] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x6fb9fc, retval=0x2852728 | out: retval=0x2852728*="") returned 0x80070534 [0168.216] glClear () returned 0x0 [0168.216] CoInitialize (pvReserved=0x0) returned 0x1 [0168.216] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x28523b4 | out: ppv=0x28523b4*=0x6fba4c) returned 0x0 [0168.216] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x6fba4c, retval=0x28523b0 | out: retval=0x28523b0*="") returned 0x80070534 [0168.218] glColor3f () returned 0x0 [0168.218] glBegin () returned 0x0 [0168.218] glVertex3f () returned 0x0 [0168.218] glVertex3f () returned 0x0 [0168.218] glVertex3f () returned 0x0 [0168.218] glEnd () returned 0x0 [0168.218] GetDlgItem (hDlg=0x0, nIDDlgItem=0) returned 0x0 [0168.218] GetClientRect (in: hWnd=0x0, lpRect=0x2852330 | out: lpRect=0x2852330) returned 0 [0168.218] GetSystemMetrics (nIndex=52) returned 22 [0168.218] GetSystemMetrics (nIndex=53) returned 22 [0168.218] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x28520f0 | out: ppv=0x28520f0*=0x732958) returned 0x0 [0168.219] glColor3f () returned 0x0 [0168.219] glBegin () returned 0x0 [0168.219] glVertex3f () returned 0x0 [0168.219] glVertex3f () returned 0x0 [0168.219] glVertex3f () returned 0x0 [0168.219] glEnd () returned 0x0 [0168.231] waveInOpen (in: phwi=0x28520dc, uDeviceID=0xffffffff, pwfx=0x28520a8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x28520dc) returned 0x0 [0168.241] waveInPrepareHeader (in: hwi=0x6fcef0, pwh=0x28520bc, cbwh=0x20 | out: pwh=0x28520bc) returned 0x0 [0168.241] waveInAddBuffer (in: hwi=0x6fcef0, pwh=0x28520bc, cbwh=0x20 | out: pwh=0x28520bc) returned 0x0 [0168.242] GetClientRect (in: hWnd=0x0, lpRect=0x2852018 | out: lpRect=0x2852018) returned 0 [0168.242] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x462804) returned 0x2c0506fa [0168.242] CreatePatternBrush (hbm=0x2c0506fa) returned 0x2310054d [0168.242] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0168.242] SelectObject (hdc=0x79e, h=0x2310054d) returned 0x0 [0168.242] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0168.242] GetStockObject (i=0) returned 0x1900010 [0168.242] RegisterClassA (lpWndClass=0x2851c70) returned 0x0 [0168.242] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0168.242] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0168.243] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0168.243] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0168.243] GetSysColorBrush (nIndex=5) returned 0x110007b [0168.243] RegisterClassExA (param_1=0x28512c8) returned 0x0 [0168.243] FileTimeToLocalFileTime (in: lpFileTime=0x28512b0, lpLocalFileTime=0x28512b0 | out: lpLocalFileTime=0x28512b0) returned 1 [0168.243] FileTimeToSystemTime (in: lpFileTime=0x28512b0, lpSystemTime=0x285129c | out: lpSystemTime=0x285129c) returned 1 [0168.253] waveInOpen (in: phwi=0x2850bac, uDeviceID=0xffffffff, pwfx=0x2850b78, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x2850bac) returned 0x0 [0168.265] waveInPrepareHeader (in: hwi=0x6fcc70, pwh=0x2850b8c, cbwh=0x20 | out: pwh=0x2850b8c) returned 0x0 [0168.265] waveInAddBuffer (in: hwi=0x6fcc70, pwh=0x2850b8c, cbwh=0x20 | out: pwh=0x2850b8c) returned 0x0 [0168.266] InsertMenuItemA (hmenu=0x79e, item=0x79e, fByPosition=1, lpmi=0x285b410) returned 0 [0168.266] PdhOpenQueryA (in: szDataSource="", dwUserData=0x0, phQuery=0x285b450 | out: phQuery=0x285b450) returned 0xc0000bbd [0168.266] PdhAddCounterW (in: hQuery=0x0, szFullCounterPath="\\Processor(0)\\% Processor Time", dwUserData=0x0, phCounter=0x285b458 | out: phCounter=0x285b458) returned 0xc0000bbc [0168.267] PdhCollectQueryData (in: hQuery=0x0 | out: hQuery=0x0) returned 0xc0000bbc [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.267] SetLastError (dwErrCode=0x579) [0168.267] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.268] GetLastError () returned 0x579 [0168.268] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.269] GetLastError () returned 0x579 [0168.269] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.270] SetLastError (dwErrCode=0x579) [0168.270] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.271] SetLastError (dwErrCode=0x579) [0168.271] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.272] GetLastError () returned 0x579 [0168.272] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.273] SetLastError (dwErrCode=0x579) [0168.273] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.274] GetLastError () returned 0x579 [0168.274] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.275] SetLastError (dwErrCode=0x579) [0168.275] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.276] SetLastError (dwErrCode=0x579) [0168.276] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.277] GetLastError () returned 0x579 [0168.277] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.278] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.278] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.278] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.278] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.278] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.278] SetLastError (dwErrCode=0x579) [0168.278] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.279] GetLastError () returned 0x579 [0168.279] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.280] SetLastError (dwErrCode=0x579) [0168.280] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.281] GetLastError () returned 0x579 [0168.281] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.282] GetLastError () returned 0x579 [0168.282] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.283] GetLastError () returned 0x579 [0168.283] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.284] GetLastError () returned 0x579 [0168.284] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.285] GetLastError () returned 0x579 [0168.285] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.286] SetLastError (dwErrCode=0x579) [0168.286] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.287] GetLastError () returned 0x579 [0168.287] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.288] GetLastError () returned 0x579 [0168.288] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.289] SetLastError (dwErrCode=0x579) [0168.289] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.290] GetLastError () returned 0x579 [0168.290] SetLastError (dwErrCode=0x579) [0168.291] GetLastError () returned 0x579 [0168.291] SetLastError (dwErrCode=0x579) [0168.291] GetLastError () returned 0x579 [0168.291] SetLastError (dwErrCode=0x579) [0168.291] GetLastError () returned 0x579 [0168.291] SetLastError (dwErrCode=0x579) [0168.291] GetLastError () returned 0x579 [0168.291] SetLastError (dwErrCode=0x579) [0168.291] GetLastError () returned 0x579 [0168.291] SetLastError (dwErrCode=0x579) [0168.310] InsertMenuItemA (hmenu=0x79e, item=0x0, fByPosition=1, lpmi=0x285b410) returned 0 [0168.310] GetCursorPos (in: lpPoint=0x285b4ac | out: lpPoint=0x285b4ac*(x=726, y=383)) returned 1 [0168.310] TrackPopupMenuEx (param_1=0x79e, param_2=0x0, param_3=726, param_4=383, param_5=0x0, param_6=0x0) returned 0 [0168.311] SQLAllocHandle () returned 0x0 [0168.312] SQLSetEnvAttr () returned 0x0 [0168.312] SQLAllocHandle () returned 0x74b30000 [0168.312] SQLDriverConnectA () returned 0xffff [0168.313] SQLAllocHandle () returned 0x74b3ffff [0168.313] SQLPrepareA () returned 0x74b3fffe [0168.313] SQLBindParameter () returned 0x74b3fffe [0168.313] SQLExecute () returned 0xfffe [0168.313] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.314] SQLFreeHandle () returned 0x74b3fffe [0168.314] SQLAllocHandle () returned 0x74b3ffff [0168.314] SQLPrepareA () returned 0x74b3fffe [0168.314] SQLBindParameter () returned 0x74b3fffe [0168.314] SQLExecute () returned 0xfffe [0168.314] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.315] SQLExecute () returned 0xfffe [0168.315] SQLCloseCursor () returned 0x74b3fffe [0168.315] SQLFreeHandle () returned 0x74b3fffe [0168.315] SQLAllocHandle () returned 0x74b3ffff [0168.315] SQLPrepareA () returned 0x74b3fffe [0168.315] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.316] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.316] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.316] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.316] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.316] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.316] SQLBindParameter () returned 0x74b3fffe [0168.316] SQLExecute () returned 0xfffe [0168.316] SQLCloseCursor () returned 0x74b3fffe [0168.316] SQLFreeHandle () returned 0x74b3fffe [0168.316] SQLAllocHandle () returned 0x74b3ffff [0168.316] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.317] SQLPrepareA () returned 0x74b3fffe [0168.317] SQLBindParameter () returned 0x74b3fffe [0168.317] SQLExecute () returned 0xfffe [0168.317] SQLCloseCursor () returned 0x74b3fffe [0168.317] SQLFreeHandle () returned 0x74b3fffe [0168.317] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.318] SQLAllocHandle () returned 0x74b3ffff [0168.318] SQLPrepareA () returned 0x74b3fffe [0168.318] SQLBindParameter () returned 0x74b3fffe [0168.318] SQLExecute () returned 0xfffe [0168.318] SQLCloseCursor () returned 0x74b3fffe [0168.318] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.319] SQLPrepareA () returned 0x74b3fffe [0168.319] SQLBindParameter () returned 0x74b3fffe [0168.319] SQLExecute () returned 0xfffe [0168.319] SQLCloseCursor () returned 0x74b3fffe [0168.319] SQLFreeHandle () returned 0x74b3fffe [0168.319] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.320] SQLFreeHandle () returned 0x74b3fffe [0168.320] SQLAllocHandle () returned 0x74b3ffff [0168.320] SQLPrepareA () returned 0x74b3fffe [0168.320] SQLBindParameter () returned 0x74b3fffe [0168.320] SQLExecute () returned 0xfffe [0168.320] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.321] SQLFreeHandle () returned 0x74b3fffe [0168.321] SQLAllocHandle () returned 0x74b3ffff [0168.321] SQLPrepareA () returned 0x74b3fffe [0168.321] SQLBindParameter () returned 0x74b3fffe [0168.321] SQLExecute () returned 0xfffe [0168.321] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.322] SQLExecute () returned 0xfffe [0168.322] SQLCloseCursor () returned 0x74b3fffe [0168.322] SQLFreeHandle () returned 0x74b3fffe [0168.322] SQLAllocHandle () returned 0x74b3ffff [0168.322] SQLPrepareA () returned 0x74b3fffe [0168.322] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.323] SQLPrepareA () returned 0x74b3fffe [0168.323] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.323] SQLPrepareA () returned 0x74b3fffe [0168.323] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.323] SQLPrepareA () returned 0x74b3fffe [0168.323] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.323] SQLPrepareA () returned 0x74b3fffe [0168.323] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.323] SQLPrepareA () returned 0x74b3fffe [0168.323] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.323] SQLPrepareA () returned 0x74b3fffe [0168.323] SQLBindParameter () returned 0x74b3fffe [0168.323] SQLExecute () returned 0xfffe [0168.323] SQLCloseCursor () returned 0x74b3fffe [0168.323] SQLFreeHandle () returned 0x74b3fffe [0168.323] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.324] SQLFreeHandle () returned 0x74b3fffe [0168.324] SQLAllocHandle () returned 0x74b3ffff [0168.324] SQLPrepareA () returned 0x74b3fffe [0168.324] SQLBindParameter () returned 0x74b3fffe [0168.324] SQLExecute () returned 0xfffe [0168.324] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.325] SQLExecute () returned 0xfffe [0168.325] SQLCloseCursor () returned 0x74b3fffe [0168.325] SQLFreeHandle () returned 0x74b3fffe [0168.325] SQLAllocHandle () returned 0x74b3ffff [0168.325] SQLPrepareA () returned 0x74b3fffe [0168.325] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.326] SQLPrepareA () returned 0x74b3fffe [0168.326] SQLBindParameter () returned 0x74b3fffe [0168.326] SQLExecute () returned 0xfffe [0168.326] SQLCloseCursor () returned 0x74b3fffe [0168.326] SQLFreeHandle () returned 0x74b3fffe [0168.326] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.327] SQLFreeHandle () returned 0x74b3fffe [0168.327] SQLAllocHandle () returned 0x74b3ffff [0168.327] SQLPrepareA () returned 0x74b3fffe [0168.327] SQLBindParameter () returned 0x74b3fffe [0168.327] SQLExecute () returned 0xfffe [0168.327] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.328] SQLBindParameter () returned 0x74b3fffe [0168.328] SQLExecute () returned 0xfffe [0168.328] SQLCloseCursor () returned 0x74b3fffe [0168.328] SQLFreeHandle () returned 0x74b3fffe [0168.328] SQLAllocHandle () returned 0x74b3ffff [0168.328] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.329] SQLBindParameter () returned 0x74b3fffe [0168.329] SQLExecute () returned 0xfffe [0168.329] SQLCloseCursor () returned 0x74b3fffe [0168.329] SQLFreeHandle () returned 0x74b3fffe [0168.329] SQLAllocHandle () returned 0x74b3ffff [0168.329] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.330] SQLAllocHandle () returned 0x74b3ffff [0168.330] SQLPrepareA () returned 0x74b3fffe [0168.330] SQLBindParameter () returned 0x74b3fffe [0168.330] SQLExecute () returned 0xfffe [0168.330] SQLCloseCursor () returned 0x74b3fffe [0168.330] SQLFreeHandle () returned 0x74b3fffe [0168.331] SQLAllocHandle () returned 0x74b3ffff [0168.331] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.332] SQLAllocHandle () returned 0x74b3ffff [0168.332] SQLPrepareA () returned 0x74b3fffe [0168.332] SQLBindParameter () returned 0x74b3fffe [0168.332] SQLExecute () returned 0xfffe [0168.332] SQLCloseCursor () returned 0x74b3fffe [0168.332] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.333] SQLCloseCursor () returned 0x74b3fffe [0168.333] SQLFreeHandle () returned 0x74b3fffe [0168.333] SQLAllocHandle () returned 0x74b3ffff [0168.333] SQLPrepareA () returned 0x74b3fffe [0168.333] SQLBindParameter () returned 0x74b3fffe [0168.333] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.334] SQLBindParameter () returned 0x74b3fffe [0168.334] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.334] SQLBindParameter () returned 0x74b3fffe [0168.334] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.334] SQLBindParameter () returned 0x74b3fffe [0168.334] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.334] SQLBindParameter () returned 0x74b3fffe [0168.334] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.334] SQLBindParameter () returned 0x74b3fffe [0168.334] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.334] SQLBindParameter () returned 0x74b3fffe [0168.334] SQLExecute () returned 0xfffe [0168.334] SQLCloseCursor () returned 0x74b3fffe [0168.334] SQLFreeHandle () returned 0x74b3fffe [0168.334] SQLAllocHandle () returned 0x74b3ffff [0168.334] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.335] SQLAllocHandle () returned 0x74b3ffff [0168.335] SQLPrepareA () returned 0x74b3fffe [0168.335] SQLBindParameter () returned 0x74b3fffe [0168.335] SQLExecute () returned 0xfffe [0168.335] SQLCloseCursor () returned 0x74b3fffe [0168.335] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.336] SQLExecute () returned 0xfffe [0168.336] SQLCloseCursor () returned 0x74b3fffe [0168.336] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.336] SQLExecute () returned 0xfffe [0168.336] SQLCloseCursor () returned 0x74b3fffe [0168.336] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.336] SQLExecute () returned 0xfffe [0168.336] SQLCloseCursor () returned 0x74b3fffe [0168.336] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.336] SQLExecute () returned 0xfffe [0168.336] SQLCloseCursor () returned 0x74b3fffe [0168.336] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.336] SQLExecute () returned 0xfffe [0168.336] SQLCloseCursor () returned 0x74b3fffe [0168.336] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.336] SQLExecute () returned 0xfffe [0168.336] SQLCloseCursor () returned 0x74b3fffe [0168.336] SQLFreeHandle () returned 0x74b3fffe [0168.336] SQLAllocHandle () returned 0x74b3ffff [0168.336] SQLPrepareA () returned 0x74b3fffe [0168.336] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.337] SQLPrepareA () returned 0x74b3fffe [0168.337] SQLBindParameter () returned 0x74b3fffe [0168.337] SQLExecute () returned 0xfffe [0168.337] SQLCloseCursor () returned 0x74b3fffe [0168.337] SQLFreeHandle () returned 0x74b3fffe [0168.337] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.338] SQLFreeHandle () returned 0x74b3fffe [0168.338] SQLAllocHandle () returned 0x74b3ffff [0168.338] SQLPrepareA () returned 0x74b3fffe [0168.338] SQLBindParameter () returned 0x74b3fffe [0168.338] SQLExecute () returned 0xfffe [0168.338] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.339] SQLFreeHandle () returned 0x74b3fffe [0168.339] SQLAllocHandle () returned 0x74b3ffff [0168.339] SQLPrepareA () returned 0x74b3fffe [0168.339] SQLBindParameter () returned 0x74b3fffe [0168.339] SQLExecute () returned 0xfffe [0168.339] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.340] SQLExecute () returned 0xfffe [0168.340] SQLCloseCursor () returned 0x74b3fffe [0168.340] SQLFreeHandle () returned 0x74b3fffe [0168.340] SQLAllocHandle () returned 0x74b3ffff [0168.340] SQLPrepareA () returned 0x74b3fffe [0168.340] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.341] SQLExecute () returned 0xfffe [0168.341] SQLCloseCursor () returned 0x74b3fffe [0168.341] SQLFreeHandle () returned 0x74b3fffe [0168.341] SQLAllocHandle () returned 0x74b3ffff [0168.341] SQLPrepareA () returned 0x74b3fffe [0168.341] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.342] SQLCloseCursor () returned 0x74b3fffe [0168.342] SQLFreeHandle () returned 0x74b3fffe [0168.342] SQLAllocHandle () returned 0x74b3ffff [0168.342] SQLPrepareA () returned 0x74b3fffe [0168.342] SQLBindParameter () returned 0x74b3fffe [0168.342] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.343] SQLExecute () returned 0xfffe [0168.343] SQLCloseCursor () returned 0x74b3fffe [0168.343] SQLFreeHandle () returned 0x74b3fffe [0168.343] SQLAllocHandle () returned 0x74b3ffff [0168.343] SQLPrepareA () returned 0x74b3fffe [0168.343] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.344] SQLPrepareA () returned 0x74b3fffe [0168.344] SQLBindParameter () returned 0x74b3fffe [0168.344] SQLExecute () returned 0xfffe [0168.344] SQLCloseCursor () returned 0x74b3fffe [0168.344] SQLFreeHandle () returned 0x74b3fffe [0168.344] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.345] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.345] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.345] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.345] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.345] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.345] SQLAllocHandle () returned 0x74b3ffff [0168.345] SQLPrepareA () returned 0x74b3fffe [0168.345] SQLBindParameter () returned 0x74b3fffe [0168.345] SQLExecute () returned 0xfffe [0168.345] SQLCloseCursor () returned 0x74b3fffe [0168.345] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.346] SQLFreeHandle () returned 0x74b3fffe [0168.346] SQLAllocHandle () returned 0x74b3ffff [0168.346] SQLPrepareA () returned 0x74b3fffe [0168.346] SQLBindParameter () returned 0x74b3fffe [0168.346] SQLExecute () returned 0xfffe [0168.346] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.347] SQLCloseCursor () returned 0x74b3fffe [0168.347] SQLFreeHandle () returned 0x74b3fffe [0168.347] SQLAllocHandle () returned 0x74b3ffff [0168.347] SQLPrepareA () returned 0x74b3fffe [0168.347] SQLBindParameter () returned 0x74b3fffe [0168.347] SQLExecute () returned 0xfffe [0168.348] SQLCloseCursor () returned 0x74b3fffe [0168.348] SQLFreeHandle () returned 0x74b3fffe [0168.348] SQLAllocHandle () returned 0x74b3ffff [0168.348] SQLPrepareA () returned 0x74b3fffe [0168.348] SQLBindParameter () returned 0x74b3fffe [0168.348] SQLExecute () returned 0xfffe [0168.348] SQLCloseCursor () returned 0x74b3fffe [0168.348] SQLFreeHandle () returned 0x74b3fffe [0168.348] SQLAllocHandle () returned 0x74b3ffff [0168.348] SQLPrepareA () returned 0x74b3fffe [0168.348] SQLBindParameter () returned 0x74b3fffe [0168.348] SQLExecute () returned 0xfffe [0168.348] SQLCloseCursor () returned 0x74b3fffe [0168.348] SQLFreeHandle () returned 0x74b3fffe [0168.348] SQLAllocHandle () returned 0x74b3ffff [0168.348] SQLPrepareA () returned 0x74b3fffe [0168.348] SQLBindParameter () returned 0x74b3fffe [0168.348] SQLExecute () returned 0xfffe [0168.348] SQLCloseCursor () returned 0x74b3fffe [0168.348] SQLFreeHandle () returned 0x74b3fffe [0168.376] SQLDisconnect () returned 0x74b3ffff [0168.376] SQLFreeHandle () returned 0x74b30000 [0168.376] SQLFreeHandle () returned 0x0 [0168.376] SQLGetDiagRecW () returned 0x74b3fffe [0168.376] HideCaret (hWnd=0x0) returned 0 [0168.376] DeviceIoControl (in: hDevice=0x0, dwIoControlCode=0x74080, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x2859b40, nOutBufferSize=0x4, lpBytesReturned=0x2859c48, lpOverlapped=0x0 | out: lpOutBuffer=0x2859b40, lpBytesReturned=0x2859c48, lpOverlapped=0x0) returned 0 [0168.376] ImmAssociateContext () returned 0x0 [0168.377] GetModuleHandleA (lpModuleName="ntdll") returned 0x77ca0000 [0168.377] GetModuleHandleA (lpModuleName="advapi32") returned 0x76a10000 [0168.393] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.415] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.419] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.440] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.444] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.464] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.469] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.488] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.494] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.514] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.518] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.537] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.542] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.561] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.565] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.587] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.592] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.618] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.622] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5910000 [0168.641] VirtualFree (lpAddress=0x5910000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.647] GetModuleHandleA (lpModuleName="ntdll") returned 0x77ca0000 [0168.647] GetModuleHandleA (lpModuleName="advapi32") returned 0x76a10000 [0168.663] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0168.678] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.701] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.705] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.727] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.731] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.754] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.759] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.782] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.786] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.811] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.815] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.838] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.842] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.888] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.893] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.919] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.926] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.949] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.953] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0168.975] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.980] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.008] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.012] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.035] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.039] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.059] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.063] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.084] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.087] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.117] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.122] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.144] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.148] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.168] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.173] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.193] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.197] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.218] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.222] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.241] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.245] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.264] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.268] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.286] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.291] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.313] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.317] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.335] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.339] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.358] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.362] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.383] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.387] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a10000 [0169.406] VirtualFree (lpAddress=0x5a10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.416] GetSystemTime (in: lpSystemTime=0x28598cc | out: lpSystemTime=0x28598cc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x4, wDay=0x1, wHour=0x9, wMinute=0x3b, wSecond=0x1e, wMilliseconds=0x107)) [0169.416] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x40c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x40d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x40e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x40f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x410000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x411000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x412000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x413000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x414000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x415000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x416000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.416] VirtualProtect (in: lpAddress=0x417000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x418000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x419000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x41a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x41b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x41c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x41d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x41e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x41f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x420000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x421000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x422000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x423000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x424000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x425000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x426000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x427000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x428000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x429000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x42a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x42b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x42c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x42d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x42e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x42f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x430000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.417] VirtualProtect (in: lpAddress=0x431000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x432000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x433000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x434000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x435000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x436000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x437000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x438000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x439000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x43a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x43b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x43c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x43d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x43e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x43f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x440000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x441000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x442000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x443000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x444000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x445000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x446000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x447000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x448000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x449000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x44a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x20) returned 1 [0169.418] VirtualProtect (in: lpAddress=0x44b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x44c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x44d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x44e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x44f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x450000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x451000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x452000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x453000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x454000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x455000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x456000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x457000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x458000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x459000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x45a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x45b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x45c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x45d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x45e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x45f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x460000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x461000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x4) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x462000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x4) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x463000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x4) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x464000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x4) returned 1 [0169.419] VirtualProtect (in: lpAddress=0x465000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x466000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x467000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x468000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x469000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x46a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x46b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.420] VirtualProtect (in: lpAddress=0x46c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.421] VirtualProtect (in: lpAddress=0x46d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.421] VirtualProtect (in: lpAddress=0x46e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.421] VirtualProtect (in: lpAddress=0x46f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.421] VirtualProtect (in: lpAddress=0x470000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x285989c | out: lpflOldProtect=0x285989c*=0x2) returned 1 [0169.630] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77ca0000 [0169.631] GetProcAddress (hModule=0x77ca0000, lpProcName="memset") returned 0x77d0ee50 [0169.631] GetProcAddress (hModule=0x77ca0000, lpProcName="strstr") returned 0x77d10010 [0169.632] GetProcAddress (hModule=0x77ca0000, lpProcName="mbstowcs") returned 0x77d0e610 [0169.632] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlNtStatusToDosError") returned 0x77cf3010 [0169.632] GetProcAddress (hModule=0x77ca0000, lpProcName="memcpy") returned 0x77d0e7b0 [0169.633] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlGetVersion") returned 0x77cffcd0 [0169.633] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlUnwind") returned 0x77cfaca0 [0169.633] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwQueryInformationProcess") returned 0x77d08d50 [0169.633] GetProcAddress (hModule=0x77ca0000, lpProcName="NtQuerySystemInformation") returned 0x77d08f40 [0169.634] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwOpenProcessToken") returned 0x77d09d20 [0169.634] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwQueryInformationToken") returned 0x77d08df0 [0169.634] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwClose") returned 0x77d08cb0 [0169.635] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwOpenProcess") returned 0x77d08e40 [0169.635] GetProcAddress (hModule=0x77ca0000, lpProcName="NtUnmapViewOfSection") returned 0x77d08e80 [0169.635] GetProcAddress (hModule=0x77ca0000, lpProcName="NtMapViewOfSection") returned 0x77d08e60 [0169.635] GetProcAddress (hModule=0x77ca0000, lpProcName="NtCreateSection") returned 0x77d09080 [0169.636] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlFreeUnicodeString") returned 0x77cdb940 [0169.636] GetProcAddress (hModule=0x77ca0000, lpProcName="RtlUpcaseUnicodeString") returned 0x77cee040 [0169.636] GetProcAddress (hModule=0x77ca0000, lpProcName="_aulldiv") returned 0x77d0c680 [0169.637] GetProcAddress (hModule=0x77ca0000, lpProcName="NtQueryVirtualMemory") returned 0x77d08e10 [0169.637] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x77290000 [0169.637] GetProcAddress (hModule=0x77290000, lpProcName="StrStrIA") returned 0x772acd10 [0169.637] GetProcAddress (hModule=0x77290000, lpProcName="StrChrW") returned 0x772a6a00 [0169.638] GetProcAddress (hModule=0x77290000, lpProcName="PathFindFileNameW") returned 0x772a80d0 [0169.638] GetProcAddress (hModule=0x77290000, lpProcName="PathCombineW") returned 0x772acd50 [0169.638] GetProcAddress (hModule=0x77290000, lpProcName="PathFindExtensionA") returned 0x772b1db0 [0169.639] GetProcAddress (hModule=0x77290000, lpProcName="StrChrA") returned 0x772b26c0 [0169.639] GetProcAddress (hModule=0x77290000, lpProcName="StrTrimW") returned 0x772a83a0 [0169.639] GetProcAddress (hModule=0x77290000, lpProcName="PathFindExtensionW") returned 0x772a7c40 [0169.639] GetProcAddress (hModule=0x77290000, lpProcName="StrRChrA") returned 0x772b2900 [0169.639] LoadLibraryA (lpLibFileName="SETUPAPI.dll") returned 0x76a90000 [0169.643] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiGetDeviceRegistryPropertyA") returned 0x76ae19a0 [0169.643] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiGetClassDevsA") returned 0x76ab8d10 [0169.643] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiEnumDeviceInfo") returned 0x76aa5620 [0169.644] GetProcAddress (hModule=0x76a90000, lpProcName="SetupDiDestroyDeviceInfoList") returned 0x76aa5340 [0169.644] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75260000 [0169.644] GetProcAddress (hModule=0x75260000, lpProcName="HeapFree") returned 0x752725e0 [0169.645] GetProcAddress (hModule=0x75260000, lpProcName="GetComputerNameA") returned 0x7527f4b0 [0169.645] GetProcAddress (hModule=0x75260000, lpProcName="ExitProcess") returned 0x752874f0 [0169.645] GetProcAddress (hModule=0x75260000, lpProcName="GetModuleHandleA") returned 0x75279640 [0169.645] GetProcAddress (hModule=0x75260000, lpProcName="GetCommandLineW") returned 0x7527a4b0 [0169.646] GetProcAddress (hModule=0x75260000, lpProcName="ExitThread") returned 0x77d02570 [0169.646] GetProcAddress (hModule=0x75260000, lpProcName="CloseHandle") returned 0x75285f20 [0169.646] GetProcAddress (hModule=0x75260000, lpProcName="CreateThread") returned 0x75279700 [0169.647] GetProcAddress (hModule=0x75260000, lpProcName="HeapDestroy") returned 0x7527d940 [0169.647] GetProcAddress (hModule=0x75260000, lpProcName="HeapCreate") returned 0x75279950 [0169.647] GetProcAddress (hModule=0x75260000, lpProcName="SetEvent") returned 0x752860c0 [0169.647] GetProcAddress (hModule=0x75260000, lpProcName="lstrcpyW") returned 0x7529d410 [0169.648] GetProcAddress (hModule=0x75260000, lpProcName="SetFileAttributesW") returned 0x75286510 [0169.648] GetProcAddress (hModule=0x75260000, lpProcName="lstrlenW") returned 0x75272d80 [0169.648] GetProcAddress (hModule=0x75260000, lpProcName="lstrcpyA") returned 0x7527e320 [0169.648] GetProcAddress (hModule=0x75260000, lpProcName="SwitchToThread") returned 0x75279f30 [0169.649] GetProcAddress (hModule=0x75260000, lpProcName="SetEndOfFile") returned 0x752864f0 [0169.649] GetProcAddress (hModule=0x75260000, lpProcName="CreateEventA") returned 0x75285f70 [0169.649] GetProcAddress (hModule=0x75260000, lpProcName="FlushFileBuffers") returned 0x752862a0 [0169.650] GetProcAddress (hModule=0x75260000, lpProcName="GetTempPathA") returned 0x75286410 [0169.650] GetProcAddress (hModule=0x75260000, lpProcName="GetLastError") returned 0x75272db0 [0169.650] GetProcAddress (hModule=0x75260000, lpProcName="FindNextFileA") returned 0x75286270 [0169.650] GetProcAddress (hModule=0x75260000, lpProcName="HeapAlloc") returned 0x77cdda90 [0169.651] GetProcAddress (hModule=0x75260000, lpProcName="lstrcmpiW") returned 0x75277540 [0169.651] GetProcAddress (hModule=0x75260000, lpProcName="GetProcAddress") returned 0x75277940 [0169.651] GetProcAddress (hModule=0x75260000, lpProcName="SetWaitableTimer") returned 0x752860d0 [0169.651] GetProcAddress (hModule=0x75260000, lpProcName="GetTickCount") returned 0x752857f0 [0169.652] GetProcAddress (hModule=0x75260000, lpProcName="lstrcatW") returned 0x7529d320 [0169.652] GetProcAddress (hModule=0x75260000, lpProcName="FindClose") returned 0x752861d0 [0169.652] GetProcAddress (hModule=0x75260000, lpProcName="CreateFileA") returned 0x75286170 [0169.653] GetProcAddress (hModule=0x75260000, lpProcName="CompareFileTime") returned 0x75286130 [0169.653] GetProcAddress (hModule=0x75260000, lpProcName="ResetEvent") returned 0x752860b0 [0169.653] GetProcAddress (hModule=0x75260000, lpProcName="WriteFile") returned 0x75286590 [0169.653] GetProcAddress (hModule=0x75260000, lpProcName="GetFileTime") returned 0x75286380 [0169.654] GetProcAddress (hModule=0x75260000, lpProcName="CreateProcessA") returned 0x752a0960 [0169.654] GetProcAddress (hModule=0x75260000, lpProcName="CreateDirectoryW") returned 0x75286150 [0169.654] GetProcAddress (hModule=0x75260000, lpProcName="DeleteFileW") returned 0x752861b0 [0169.654] GetProcAddress (hModule=0x75260000, lpProcName="CreateFileW") returned 0x75286180 [0169.655] GetProcAddress (hModule=0x75260000, lpProcName="CreateWaitableTimerA") returned 0x7527db30 [0169.655] GetProcAddress (hModule=0x75260000, lpProcName="ResumeThread") returned 0x7527a280 [0169.655] GetProcAddress (hModule=0x75260000, lpProcName="SuspendThread") returned 0x7527ed00 [0169.655] GetProcAddress (hModule=0x75260000, lpProcName="lstrcmpA") returned 0x7527c1f0 [0169.656] GetProcAddress (hModule=0x75260000, lpProcName="lstrcpynA") returned 0x7527f7b0 [0169.656] GetProcAddress (hModule=0x75260000, lpProcName="LocalFree") returned 0x752787c0 [0169.656] GetProcAddress (hModule=0x75260000, lpProcName="ExpandEnvironmentStringsA") returned 0x752a0da0 [0169.656] GetProcAddress (hModule=0x75260000, lpProcName="Sleep") returned 0x752777b0 [0169.657] GetProcAddress (hModule=0x75260000, lpProcName="lstrlenA") returned 0x75283a30 [0169.657] GetProcAddress (hModule=0x75260000, lpProcName="lstrcatA") returned 0x7527efc0 [0169.657] GetProcAddress (hModule=0x75260000, lpProcName="WaitForSingleObject") returned 0x75286110 [0169.658] GetProcAddress (hModule=0x75260000, lpProcName="ReadFile") returned 0x752864a0 [0169.658] GetProcAddress (hModule=0x75260000, lpProcName="ExpandEnvironmentStringsW") returned 0x7527c8c0 [0169.658] GetProcAddress (hModule=0x75260000, lpProcName="CreateDirectoryA") returned 0x75286140 [0169.658] GetProcAddress (hModule=0x75260000, lpProcName="VirtualProtectEx") returned 0x752a2a00 [0169.659] GetProcAddress (hModule=0x75260000, lpProcName="FindFirstFileA") returned 0x75286210 [0169.659] GetProcAddress (hModule=0x75260000, lpProcName="GetModuleFileNameA") returned 0x7527a040 [0169.659] GetProcAddress (hModule=0x75260000, lpProcName="GetModuleFileNameW") returned 0x75279560 [0169.659] GetProcAddress (hModule=0x75260000, lpProcName="GetFileSize") returned 0x75286360 [0169.660] GetProcAddress (hModule=0x75260000, lpProcName="OpenProcess") returned 0x752792b0 [0169.660] GetProcAddress (hModule=0x75260000, lpProcName="CreateRemoteThread") returned 0x752a0a00 [0169.660] GetProcAddress (hModule=0x75260000, lpProcName="VirtualAlloc") returned 0x75278b70 [0169.660] GetProcAddress (hModule=0x75260000, lpProcName="lstrcmpiA") returned 0x75277610 [0169.660] GetProcAddress (hModule=0x75260000, lpProcName="VirtualFree") returned 0x75278c70 [0169.661] GetProcAddress (hModule=0x75260000, lpProcName="SetLastError") returned 0x75272af0 [0169.661] GetProcAddress (hModule=0x75260000, lpProcName="GetCurrentProcessId") returned 0x75271d90 [0169.661] GetProcAddress (hModule=0x75260000, lpProcName="GetVersion") returned 0x7527a300 [0169.661] GetProcAddress (hModule=0x75260000, lpProcName="GetLongPathNameW") returned 0x752747c0 [0169.661] GetProcAddress (hModule=0x75260000, lpProcName="SetFilePointer") returned 0x75286530 [0169.662] GetProcAddress (hModule=0x75260000, lpProcName="GetTempFileNameA") returned 0x752863f0 [0169.662] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x77150000 [0169.662] GetProcAddress (hModule=0x77150000, lpProcName="wsprintfA") returned 0x7717ea00 [0169.662] GetProcAddress (hModule=0x77150000, lpProcName="CharUpperA") returned 0x771831c0 [0169.662] GetProcAddress (hModule=0x77150000, lpProcName="FindWindowA") returned 0x77180980 [0169.663] GetProcAddress (hModule=0x77150000, lpProcName="wsprintfW") returned 0x7717ddf0 [0169.663] GetProcAddress (hModule=0x77150000, lpProcName="MessageBoxA") returned 0x771ccf50 [0169.663] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x76a10000 [0169.663] GetProcAddress (hModule=0x76a10000, lpProcName="RegQueryValueExW") returned 0x76a2ed60 [0169.663] GetProcAddress (hModule=0x76a10000, lpProcName="RegEnumKeyExA") returned 0x76a32520 [0169.664] GetProcAddress (hModule=0x76a10000, lpProcName="RegOpenKeyW") returned 0x76a2f590 [0169.664] GetProcAddress (hModule=0x76a10000, lpProcName="RegDeleteValueW") returned 0x76a30ca0 [0169.664] GetProcAddress (hModule=0x76a10000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x76a5bda0 [0169.664] GetProcAddress (hModule=0x76a10000, lpProcName="RegSetValueExW") returned 0x76a2f0a0 [0169.664] GetProcAddress (hModule=0x76a10000, lpProcName="GetSidSubAuthorityCount") returned 0x76a30f50 [0169.665] GetProcAddress (hModule=0x76a10000, lpProcName="GetSidSubAuthority") returned 0x76a30ea0 [0169.665] GetProcAddress (hModule=0x76a10000, lpProcName="OpenProcessToken") returned 0x76a2ee90 [0169.665] GetProcAddress (hModule=0x76a10000, lpProcName="RegOpenKeyA") returned 0x76a331a0 [0169.665] GetProcAddress (hModule=0x76a10000, lpProcName="RegSetValueExA") returned 0x76a30750 [0169.665] GetProcAddress (hModule=0x76a10000, lpProcName="RegCreateKeyA") returned 0x76a33150 [0169.666] GetProcAddress (hModule=0x76a10000, lpProcName="GetTokenInformation") returned 0x76a2ed40 [0169.666] GetProcAddress (hModule=0x76a10000, lpProcName="RegCloseKey") returned 0x76a2efa0 [0169.666] GetProcAddress (hModule=0x76a10000, lpProcName="RegQueryValueExA") returned 0x76a2ee40 [0169.666] GetProcAddress (hModule=0x76a10000, lpProcName="RegOpenKeyExA") returned 0x76a2f000 [0169.666] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75430000 [0169.667] GetProcAddress (hModule=0x75430000, lpProcName="ShellExecuteW") returned 0x755c4370 [0169.667] GetProcAddress (hModule=0x75430000, lpProcName="ShellExecuteExW") returned 0x755c4cb0 [0169.667] GetProcAddress (hModule=0x75430000, lpProcName=0x5c) returned 0x756a7560 [0169.667] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x768b0000 [0169.668] GetProcAddress (hModule=0x768b0000, lpProcName="CoUninitialize") returned 0x76eadca0 [0169.668] GetProcAddress (hModule=0x768b0000, lpProcName="CoInitializeEx") returned 0x76eacd50 [0169.668] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x28598b4 | out: lpflOldProtect=0x28598b4*=0x40) returned 1 [0169.668] VirtualProtect (in: lpAddress=0x401000, dwSize=0x4958, flNewProtect=0x20, lpflOldProtect=0x28598b4 | out: lpflOldProtect=0x28598b4*=0x40) returned 1 [0169.668] VirtualProtect (in: lpAddress=0x406000, dwSize=0xf48, flNewProtect=0x2, lpflOldProtect=0x28598b4 | out: lpflOldProtect=0x28598b4*=0x40) returned 1 [0169.668] VirtualProtect (in: lpAddress=0x407000, dwSize=0x52c, flNewProtect=0x4, lpflOldProtect=0x28598b4 | out: lpflOldProtect=0x28598b4*=0x40) returned 1 [0169.668] VirtualProtect (in: lpAddress=0x408000, dwSize=0x63e, flNewProtect=0x4, lpflOldProtect=0x28598b4 | out: lpflOldProtect=0x28598b4*=0x40) returned 1 [0169.668] VirtualProtect (in: lpAddress=0x409000, dwSize=0x68000, flNewProtect=0x2, lpflOldProtect=0x28598b4 | out: lpflOldProtect=0x28598b4*=0x40) returned 1 [0169.670] RtlExitUserThread (Status=0x0) Thread: id = 25 os_tid = 0xb68 Thread: id = 26 os_tid = 0xb40 Thread: id = 27 os_tid = 0x6b4 Thread: id = 28 os_tid = 0x4d8 [0169.689] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0169.689] GetCommandLineW () returned="\"C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"" [0169.690] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0169.690] GetComputerNameA (in: lpBuffer=0x5d5fcc4, nSize=0x5d5fd50 | out: lpBuffer="LHNIWSJ", nSize=0x5d5fd50) returned 1 [0169.690] lstrlenA (lpString="LHNIWSJ") returned 7 [0169.690] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x5d5fd48 | out: phkResult=0x5d5fd48*=0xa0) returned 0x0 [0169.690] RegQueryValueExA (in: hKey=0xa0, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0x5d5fd44, lpcbData=0x5d5fd50*=0x4 | out: lpType=0x0, lpData=0x5d5fd44*=0x41, lpcbData=0x5d5fd50*=0x4) returned 0x0 [0169.690] RegCloseKey (hKey=0xa0) returned 0x0 [0169.690] wsprintfA (in: param_1=0x5d5fea8, param_2="%8X" | out: param_1="98F9CE91") returned 8 [0169.690] GetTempPathA (in: nBufferLength=0x100, lpBuffer=0x5d5fda8 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0169.690] lstrcatA (in: lpString1="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\", lpString2="98F9CE91" | out: lpString1="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91" [0169.690] lstrlenA (lpString="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 45 [0169.690] mbstowcs (in: _Dest=0x62585a8, _Source="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", _MaxCount=0x2e | out: _Dest="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 0x2d [0169.690] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x2e [0169.690] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", lpDst=0x6258610, nSize=0x2e | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 0x2e [0169.690] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\98f9ce91"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0169.690] GetLastError () returned 0x2 [0169.702] wsprintfA (in: param_1=0x5d5feb4, param_2="%c%c%c%c" | out: param_1="Inte") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5feb8, param_2="%c%c%c%c" | out: param_1="l (R") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5febc, param_2="%c%c%c%c" | out: param_1=") Co") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fec0, param_2="%c%c%c%c" | out: param_1="re(T") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fec4, param_2="%c%c%c%c" | out: param_1="M) i") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fec8, param_2="%c%c%c%c" | out: param_1="5-75") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fecc, param_2="%c%c%c%c" | out: param_1="00 C") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fed0, param_2="%c%c%c%c" | out: param_1="PU @") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fed4, param_2="%c%c%c%c" | out: param_1=" 3.4") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fed8, param_2="%c%c%c%c" | out: param_1="0GHz") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fedc, param_2="%c%c%c%c" | out: param_1="") returned 4 [0169.702] wsprintfA (in: param_1=0x5d5fee0, param_2="%c%c%c%c" | out: param_1="") returned 4 [0169.702] strstr (_Str="INTEL (R) CORE(TM) I5-7500 CPU @ 3.40GHZ", _SubStr="XEON") returned 0x0 [0169.703] SetupDiGetClassDevsA (ClassGuid=0x5d5fe90*(Data1=0x4d36e967, Data2=0xe325, Data3=0x11ce, Data4=([0]=0xbf, [1]=0xc1, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0xe1, [6]=0x3, [7]=0x18)), Enumerator=0x0, hwndParent=0x0, Flags=0x2) returned 0x738178 [0169.704] SetupDiEnumDeviceInfo (in: DeviceInfoSet=0x738178, MemberIndex=0x0, DeviceInfoData=0x5d5fea0 | out: DeviceInfoData=0x5d5fea0) returned 1 [0169.727] SetupDiGetDeviceRegistryPropertyA (in: DeviceInfoSet=0x738178, DeviceInfoData=0x5d5fea0, Property=0xc, PropertyRegDataType=0x5d5fec8, PropertyBuffer=0x0, PropertyBufferSize=0x0, RequiredSize=0x5d5feec | out: PropertyRegDataType=0x5d5fec8, PropertyBuffer=0x0, RequiredSize=0x5d5feec) returned 0 [0169.727] SetupDiGetDeviceRegistryPropertyA (in: DeviceInfoSet=0x738178, DeviceInfoData=0x5d5fea0, Property=0xc, PropertyRegDataType=0x5d5fec8, PropertyBuffer=0x6258618, PropertyBufferSize=0xb, RequiredSize=0x5d5feec | out: PropertyRegDataType=0x5d5fec8, PropertyBuffer=0x6258618, RequiredSize=0x5d5feec) returned 1 [0169.728] StrStrIA (lpFirst="WD5000AVDS", lpSrch="vbox") returned 0x0 [0169.728] StrStrIA (lpFirst="WD5000AVDS", lpSrch="qemu") returned 0x0 [0169.728] StrStrIA (lpFirst="WD5000AVDS", lpSrch="vmware") returned 0x0 [0169.728] StrStrIA (lpFirst="WD5000AVDS", lpSrch="virtual hd") returned 0x0 [0169.728] SetupDiDestroyDeviceInfoList (DeviceInfoSet=0x738178) returned 1 [0169.734] GetTickCount () returned 0x3cf86 [0169.734] Sleep (dwMilliseconds=0x1f4) [0170.235] Sleep (dwMilliseconds=0x1f4) [0170.825] Sleep (dwMilliseconds=0x1f4) [0171.326] Sleep (dwMilliseconds=0x1f4) [0171.828] Sleep (dwMilliseconds=0x1f4) [0172.329] Sleep (dwMilliseconds=0x1f4) [0172.830] Sleep (dwMilliseconds=0x1f4) [0173.331] Sleep (dwMilliseconds=0x1f4) [0173.832] Sleep (dwMilliseconds=0x1f4) [0174.333] Sleep (dwMilliseconds=0x1f4) [0174.835] SwitchToThread () returned 1 [0174.841] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.841] SwitchToThread () returned 1 [0174.842] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.843] SwitchToThread () returned 1 [0174.847] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.847] SwitchToThread () returned 1 [0174.847] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.847] SwitchToThread () returned 1 [0174.849] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.849] SwitchToThread () returned 1 [0174.849] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.849] SwitchToThread () returned 1 [0174.850] lstrcpynA (in: lpString1=0x5d5fecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0174.851] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0174.851] GetVersion () returned 0x23f00206 [0174.851] GetCurrentProcessId () returned 0xbec [0174.851] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xa0 [0174.851] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x62585a8, nSize=0x104 | out: lpFilename="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmn~1\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x36 [0174.851] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpszLongPath=0x0, cchBuffer=0x0 | out: lpszLongPath=0x0) returned 0x3b [0174.852] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpszLongPath=0x62587b8, cchBuffer=0x3b | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0x3a [0174.853] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0174.853] GetProcAddress (hModule=0x75260000, lpProcName="IsWow64Process") returned 0x752796e0 [0174.853] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x5d5fee8 | out: Wow64Process=0x5d5fee8) returned 1 [0174.854] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77150000 [0174.854] GetProcAddress (hModule=0x77150000, lpProcName="GetWindowThreadProcessId") returned 0x7716ba70 [0174.854] FindWindowA (lpClassName="ProgMan", lpWindowName=0x0) returned 0x100c8 [0174.854] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0x5d5feec | out: lpdwProcessId=0x5d5feec) returned 0x55c [0174.854] NtOpenProcess (in: ProcessHandle=0x5d5fee0, DesiredAccess=0x400, ObjectAttributes=0x5d5fec0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x5d5fed8*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x5d5fee0*=0x290) returned 0x0 [0174.854] NtOpenProcessToken (in: ProcessHandle=0x290, DesiredAccess=0x8, TokenHandle=0x5d5fee4 | out: TokenHandle=0x5d5fee4*=0x350) returned 0x0 [0174.854] NtQueryInformationToken (in: TokenHandle=0x350, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5d5fef0 | out: TokenInformation=0x0, ReturnLength=0x5d5fef0) returned 0xc0000023 [0174.854] NtQueryInformationToken (in: TokenHandle=0x350, TokenInformationClass=0x1, TokenInformation=0x62585a8, TokenInformationLength=0x24, ReturnLength=0x5d5fef0 | out: TokenInformation=0x62585a8, ReturnLength=0x5d5fef0) returned 0x0 [0174.854] NtClose (Handle=0x350) returned 0x0 [0174.854] NtClose (Handle=0x290) returned 0x0 [0174.854] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0174.855] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x62586d0, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0174.855] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0174.855] GetFileTime (in: hFile=0x290, lpCreationTime=0x5d5feac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5d5feac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0174.855] CloseHandle (hObject=0x290) returned 1 [0174.855] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0174.855] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0174.855] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 0x6ebd88 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.855] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.855] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.856] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.856] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.857] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.857] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.858] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.858] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.859] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.859] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.860] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.860] StrChrA (lpStart="cabinet.dll", wMatch=0x2e) returned=".dll" [0174.860] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.871] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.871] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.871] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.871] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.871] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.871] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.871] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.872] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.872] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.873] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.873] StrChrA (lpStart="Clipc.dll", wMatch=0x2e) returned=".dll" [0174.874] FindNextFileA (in: hFindFile=0x6ebd88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.874] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.874] FindClose (in: hFindFile=0x6ebd88 | out: hFindFile=0x6ebd88) returned 1 [0174.874] lstrlenA (lpString="cabilipc") returned 8 [0174.874] mbstowcs (in: _Dest=0x62586d0, _Source="cabilipc", _MaxCount=0xe | out: _Dest="cabilipc") returned 0x8 [0174.874] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0174.874] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x6258710, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0174.874] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0174.874] GetFileTime (in: hFile=0x290, lpCreationTime=0x5d5feac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5d5feac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0174.874] CloseHandle (hObject=0x290) returned 1 [0174.874] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0174.874] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0174.875] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 0x6ebb88 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.875] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.875] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.876] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.876] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.877] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.877] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] StrChrA (lpStart="autoplay.dll", wMatch=0x2e) returned=".dll" [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.878] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.878] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.879] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.879] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.880] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.880] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.881] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.881] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.882] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.882] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.882] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.882] StrChrA (lpStart="clb.dll", wMatch=0x2e) returned=".dll" [0174.882] FindNextFileA (in: hFindFile=0x6ebb88, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.882] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.882] FindClose (in: hFindFile=0x6ebb88 | out: hFindFile=0x6ebb88) returned 1 [0174.882] lstrlenA (lpString="autoclb") returned 7 [0174.882] mbstowcs (in: _Dest=0x6258710, _Source="autoclb", _MaxCount=0xe | out: _Dest="autoclb") returned 0x7 [0174.882] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0174.882] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x6258750, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0174.882] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0174.882] GetFileTime (in: hFile=0x290, lpCreationTime=0x5d5feac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5d5feac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0174.882] CloseHandle (hObject=0x290) returned 1 [0174.882] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0174.882] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0174.883] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 0x6ebe08 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.883] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.883] StrChrA (lpStart="adsldpc.dll", wMatch=0x2e) returned=".dll" [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.884] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.884] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.885] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.885] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.886] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.886] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.887] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.887] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.888] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.888] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.889] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.889] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned 1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.890] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.890] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.891] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.891] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.892] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.892] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.893] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.893] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.894] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.894] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.894] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.894] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.894] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.894] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.894] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.894] FindNextFileA (in: hFindFile=0x6ebe08, lpFindFileData=0x5d5fd58 | out: lpFindFileData=0x5d5fd58) returned 1 [0174.894] CompareFileTime (lpFileTime1=0x5d5fd6c, lpFileTime2=0x5d5feac) returned -1 [0174.894] StrChrA (lpStart="ddraw.dll", wMatch=0x2e) returned=".dll" [0174.895] lstrlenA (lpString="adsldraw") returned 8 [0174.895] mbstowcs (in: _Dest=0x6258750, _Source="adsldraw", _MaxCount=0xe | out: _Dest="adsldraw") returned 0x8 [0174.895] lstrcatW (in: lpString1="autoclb", lpString2=".exe" | out: lpString1="autoclb.exe") returned="autoclb.exe" [0174.895] wsprintfA (in: param_1=0x6258778, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0174.895] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0174.895] lstrcpyA (in: lpString1=0x6258a58, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0174.895] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0174.895] wsprintfA (in: param_1=0x6258778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0174.895] lstrlenA (lpString="Local\\") returned 6 [0174.895] lstrcpyA (in: lpString1=0x6258ab0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0174.895] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0174.896] wsprintfA (in: param_1=0x6258778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0174.896] lstrcatA (in: lpString1="", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0174.896] wsprintfA (in: param_1=0x6258778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0174.896] lstrlenA (lpString="Local\\") returned 6 [0174.896] lstrcpyA (in: lpString1=0x6258b18, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0174.896] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0174.896] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0174.896] lstrlenA (lpString="A_SHAFinal") returned 10 [0174.896] lstrlenA (lpString="A_SHAInit") returned 9 [0174.896] lstrlenA (lpString="A_SHAUpdate") returned 11 [0174.896] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0174.896] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0174.896] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0174.896] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0174.896] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0174.896] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0174.897] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0174.897] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0174.897] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0174.897] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0174.897] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0174.897] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0174.897] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0174.897] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0174.897] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0174.897] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0174.897] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0174.897] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0174.897] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0174.897] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0174.897] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0174.897] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0174.897] lstrlenA (lpString="CsrClientCallServer") returned 19 [0174.897] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0174.897] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0174.897] lstrlenA (lpString="CsrGetProcessId") returned 15 [0174.897] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0174.897] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0174.897] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0174.897] lstrlenA (lpString="DbgBreakPoint") returned 13 [0174.897] lstrlenA (lpString="DbgPrint") returned 8 [0174.897] lstrlenA (lpString="DbgPrintEx") returned 10 [0174.897] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0174.897] lstrlenA (lpString="DbgPrompt") returned 9 [0174.897] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0174.897] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0174.897] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0174.897] lstrlenA (lpString="DbgUiContinue") returned 13 [0174.897] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0174.897] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0174.897] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0174.897] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0174.897] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0174.897] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0174.897] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0174.897] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0174.897] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0174.897] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0174.897] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0174.897] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0174.898] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0174.898] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0174.898] lstrlenA (lpString="EtwEventEnabled") returned 15 [0174.898] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0174.898] lstrlenA (lpString="EtwEventRegister") returned 16 [0174.898] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0174.898] lstrlenA (lpString="EtwEventUnregister") returned 18 [0174.898] lstrlenA (lpString="EtwEventWrite") returned 13 [0174.898] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0174.898] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0174.898] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0174.898] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0174.898] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0174.898] lstrlenA (lpString="EtwEventWriteString") returned 19 [0174.898] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0174.898] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0174.898] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0174.898] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0174.898] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0174.898] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0174.898] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0174.898] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0174.898] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0174.898] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0174.898] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0174.898] lstrlenA (lpString="EtwReplyNotification") returned 20 [0174.898] lstrlenA (lpString="EtwSendNotification") returned 19 [0174.898] lstrlenA (lpString="EtwSetMark") returned 10 [0174.898] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0174.898] lstrlenA (lpString="EtwTraceMessage") returned 15 [0174.898] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0174.898] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0174.898] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0174.898] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0174.898] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0174.898] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0174.898] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0174.898] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0174.898] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0174.898] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0174.898] lstrlenA (lpString="KiFastSystemCall") returned 16 [0174.898] lstrlenA (lpString="KiFastSystemCallRet") returned 19 [0174.898] lstrlenA (lpString="KiIntSystemCall") returned 15 [0174.899] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0174.899] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0174.899] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0174.899] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0174.899] lstrlenA (lpString="LdrAccessResource") returned 17 [0174.899] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0174.899] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0174.899] lstrlenA (lpString="LdrAddRefDll") returned 12 [0174.899] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0174.899] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0174.899] lstrlenA (lpString="LdrEnumResources") returned 16 [0174.899] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0174.899] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0174.899] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0174.899] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0174.899] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0174.899] lstrlenA (lpString="LdrFindResource_U") returned 17 [0174.899] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0174.899] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0174.899] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0174.899] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0174.899] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0174.899] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0174.899] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0174.899] lstrlenA (lpString="LdrGetDllPath") returned 13 [0174.899] lstrlenA (lpString="LdrGetFailureData") returned 17 [0174.899] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0174.899] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0174.899] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0174.899] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0174.899] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0174.899] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0174.899] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0174.899] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0174.899] lstrlenA (lpString="LdrLoadDll") returned 10 [0174.899] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0174.899] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0174.899] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0174.899] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0174.899] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0174.899] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0174.899] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0174.899] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0174.900] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0174.900] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0174.900] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0174.900] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0174.900] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0174.900] lstrlenA (lpString="LdrResFindResource") returned 18 [0174.900] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0174.900] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0174.900] lstrlenA (lpString="LdrResRelease") returned 13 [0174.900] lstrlenA (lpString="LdrResSearchResource") returned 20 [0174.900] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0174.900] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0174.900] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0174.900] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0174.900] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0174.900] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0174.900] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0174.900] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0174.900] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0174.900] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0174.900] lstrlenA (lpString="LdrShutdownThread") returned 17 [0174.900] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0174.900] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0174.900] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0174.900] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0174.900] lstrlenA (lpString="LdrUnloadDll") returned 12 [0174.900] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0174.900] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0174.900] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0174.900] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0174.900] lstrlenA (lpString="LdrWx86FormatVirtualImage") returned 25 [0174.900] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0174.900] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0174.900] lstrlenA (lpString="MD4Final") returned 8 [0174.900] lstrlenA (lpString="MD4Init") returned 7 [0174.900] lstrlenA (lpString="MD4Update") returned 9 [0174.900] lstrlenA (lpString="MD5Final") returned 8 [0174.900] lstrlenA (lpString="MD5Init") returned 7 [0174.900] lstrlenA (lpString="MD5Update") returned 9 [0174.900] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0174.900] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0174.900] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0174.901] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0174.901] lstrlenA (lpString="NtAccessCheck") returned 13 [0174.901] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0174.901] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0174.901] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0174.901] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0174.901] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0174.901] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0174.901] lstrlenA (lpString="NtAddAtom") returned 9 [0174.901] lstrlenA (lpString="NtAddAtomEx") returned 11 [0174.901] lstrlenA (lpString="NtAddBootEntry") returned 14 [0174.901] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0174.901] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0174.901] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0174.901] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0174.901] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0174.901] lstrlenA (lpString="NtAlertThread") returned 13 [0174.901] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0174.901] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0174.901] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0174.901] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0174.901] lstrlenA (lpString="NtAllocateUuids") returned 15 [0174.901] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0174.901] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0174.901] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0174.901] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0174.901] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0174.901] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0174.901] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0174.901] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0174.901] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0174.901] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0174.901] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0174.901] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0174.901] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0174.901] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0174.901] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0174.901] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0174.901] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0174.901] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0174.901] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0174.901] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0174.901] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0174.901] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0174.902] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0174.902] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0174.902] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0174.902] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0174.902] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0174.902] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0174.902] lstrlenA (lpString="NtCallbackReturn") returned 16 [0174.902] lstrlenA (lpString="NtCancelIoFile") returned 14 [0174.902] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0174.902] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0174.902] lstrlenA (lpString="NtCancelTimer") returned 13 [0174.902] lstrlenA (lpString="NtCancelTimer2") returned 14 [0174.902] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0174.902] lstrlenA (lpString="NtClearEvent") returned 12 [0174.902] lstrlenA (lpString="NtClose") returned 7 [0174.902] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0174.902] lstrlenA (lpString="NtCommitComplete") returned 16 [0174.902] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0174.902] lstrlenA (lpString="NtCommitTransaction") returned 19 [0174.902] lstrlenA (lpString="NtCompactKeys") returned 13 [0174.902] lstrlenA (lpString="NtCompareObjects") returned 16 [0174.902] lstrlenA (lpString="NtCompareTokens") returned 15 [0174.902] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0174.902] lstrlenA (lpString="NtCompressKey") returned 13 [0174.908] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0174.908] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0xf013f, phkResult=0x5d5fee4 | out: phkResult=0x5d5fee4*=0x290) returned 0x0 [0174.908] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0174.908] RegQueryValueExW (in: hKey=0x290, lpValueName="cabilipc", lpReserved=0x0, lpType=0x5d5fedc, lpData=0x6258bd0, lpcbData=0x5d5fee8*=0x76 | out: lpType=0x5d5fedc*=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpcbData=0x5d5fee8*=0x76) returned 0x0 [0174.908] lstrcmpiW (lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0 [0174.909] RegCloseKey (hKey=0x290) returned 0x0 [0174.909] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0174.911] CreateEventA (lpEventAttributes=0x5d5ff1c, bManualReset=1, bInitialState=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x508 [0174.911] GetLastError () returned 0x0 [0174.911] CloseHandle (hObject=0x508) returned 1 [0174.911] RegOpenKeyExA (in: hKey=0x80000003, lpSubKey=0x0, ulOptions=0x0, samDesired=0x20119, phkResult=0x5d5fed0 | out: phkResult=0x5d5fed0*=0x508) returned 0x0 [0174.911] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x0, lpName=0x6258b50, lpcchName=0x5d5fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".DEFAULT", lpcchName=0x5d5fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0174.911] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0x0) returned 0x102 [0174.911] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x1, lpName=0x6258b50, lpcchName=0x5d5fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-19", lpcchName=0x5d5fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0174.911] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0x0) returned 0x102 [0174.911] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x2, lpName=0x6258b50, lpcchName=0x5d5fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-20", lpcchName=0x5d5fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0174.912] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0x0) returned 0x102 [0174.912] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x3, lpName=0x6258b50, lpcchName=0x5d5fee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-21-1462094071-1423818996-289466292-1000", lpcchName=0x5d5fee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0174.912] StrChrA (lpStart="S-1-5-21-1462094071-1423818996-289466292-1000", wMatch=0x5f) returned 0x0 [0174.912] lstrcpyA (in: lpString1=0x5d5fd54, lpString2="S-1-5-21-1462094071-1423818996-289466292-1000" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000") returned="S-1-5-21-1462094071-1423818996-289466292-1000" [0174.912] lstrcatA (in: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000", lpString2="\\Software\\Microsoft\\Windows\\CurrentVersion" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion") returned="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion" [0174.912] lstrcatA (in: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion", lpString2="\\Explorer\\Shell Folders" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders") returned="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders" [0174.912] RegOpenKeyA (in: hKey=0x508, lpSubKey="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", phkResult=0x5d5fe90 | out: phkResult=0x5d5fe90*=0x50c) returned 0x0 [0174.912] RegQueryValueExW (in: hKey=0x50c, lpValueName="AppData", lpReserved=0x0, lpType=0x5d5fe8c, lpData=0x0, lpcbData=0x5d5fe98*=0xfffffffe | out: lpType=0x5d5fe8c*=0x1, lpData=0x0, lpcbData=0x5d5fe98*=0x4c) returned 0x0 [0174.912] lstrlenW (lpString="autoclb.exe") returned 11 [0174.912] RegQueryValueExW (in: hKey=0x50c, lpValueName="AppData", lpReserved=0x0, lpType=0x5d5fe8c, lpData=0x6258c60, lpcbData=0x5d5fe98*=0x4c | out: lpType=0x5d5fe8c*=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", lpcbData=0x5d5fe98*=0x4c) returned 0x0 [0174.912] PathCombineW (in: pszDest=0x6258c60, pszDir="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", pszFile="adsldraw" | out: pszDest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw" [0174.912] CreateDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw"), lpSecurityAttributes=0x0) returned 0 [0174.912] PathCombineW (in: pszDest=0x6258c60, pszDir="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw", pszFile="autoclb.exe" | out: pszDest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" [0174.912] lstrcmpiW (lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0 [0174.913] RegCloseKey (hKey=0x50c) returned 0x0 [0174.913] RegCloseKey (hKey=0x508) returned 0x0 [0174.913] StrChrW (lpStart="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", wMatch=0x22) returned="\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"" [0174.913] StrChrW (lpStart="\" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", wMatch=0x20) returned=" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"" [0174.913] lstrlenW (lpString=" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"") returned 41 [0174.914] StrTrimW (in: psz=" \"C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe\"", pszTrimChars=" \x09\"" | out: psz="C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe") returned 1 [0174.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x61c3ab0, Length=0x10000, ResultLength=0x5d5fee8 | out: SystemInformation=0x61c3ab0, ResultLength=0x5d5fee8*=0x13868) returned 0xc0000004 [0174.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x61c3ab0, Length=0x13868, ResultLength=0x5d5fee8 | out: SystemInformation=0x61c3ab0, ResultLength=0x5d5fee8*=0xf378) returned 0x0 [0174.937] RtlUpcaseUnicodeString (DestinationString="\xf88b\xff81\x04\xc000\xce74\x5eb\x9abf", SourceString="System", AllocateDestinationString=1) returned 0x0 [0174.937] RtlFreeAnsiString (AnsiString="S") [0174.937] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="smss.exe", AllocateDestinationString=1) returned 0x0 [0174.937] RtlFreeAnsiString (AnsiString="S") [0174.937] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0174.937] RtlFreeAnsiString (AnsiString="C") [0174.937] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="wininit.exe", AllocateDestinationString=1) returned 0x0 [0174.937] RtlFreeAnsiString (AnsiString="W") [0174.937] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0174.937] RtlFreeAnsiString (AnsiString="C") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="winlogon.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="W") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="services.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="lsass.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="L") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="dwm.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="D") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="spoolsv.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="OfficeClickToRun.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="O") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="sihost.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="S") [0174.938] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="taskhostw.exe", AllocateDestinationString=1) returned 0x0 [0174.938] RtlFreeAnsiString (AnsiString="T") [0174.939] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="explorer.exe", AllocateDestinationString=1) returned 0x0 [0174.939] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77150000 [0174.939] GetProcAddress (hModule=0x77150000, lpProcName="GetWindowThreadProcessId") returned 0x7716ba70 [0174.939] FindWindowA (lpClassName="ProgMan", lpWindowName=0x0) returned 0x100c8 [0174.939] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0x5d5feb4 | out: lpdwProcessId=0x5d5feb4) returned 0x55c [0174.939] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x508) returned 0x508 [0174.939] IsWow64Process (in: hProcess=0x508, Wow64Process=0x5d5fe80 | out: Wow64Process=0x5d5fe80) returned 1 [0174.939] CloseHandle (hObject=0x508) returned 1 [0174.939] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\svchost.exe", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x21 [0174.939] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\svchost.exe", lpDst=0x6258ae8, nSize=0x21 | out: lpDst="C:\\Windows\\system32\\svchost.exe") returned 0x20 [0174.940] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x75260000 [0174.940] GetProcAddress (hModule=0x75260000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x7529b6a0 [0174.940] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 1 [0174.940] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x5d5fe58*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5d5fea0 | out: lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessInformation=0x5d5fea0*(hProcess=0x50c, hThread=0x508, dwProcessId=0xd0c, dwThreadId=0xf4)) returned 1 [0175.044] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 1 [0175.044] IsWow64Process (in: hProcess=0x50c, Wow64Process=0x5d5fb38 | out: Wow64Process=0x5d5fb38) returned 1 [0175.044] RtlGetVersion (in: lpVersionInformation=0x5d5f518 | out: lpVersionInformation=0x5d5f518*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0175.044] GetCurrentProcessId () returned 0xbec [0175.044] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbec) returned 0x514 [0175.044] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.044] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.045] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.045] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.045] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64ReadVirtualMemory64") returned 0x77d0a860 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x7ffdf000, Buffer=0x0, BufferSize=0x61d7528, NumberOfBytesRead=0x28 | out: Buffer=0x0, NumberOfBytesRead=0x28) returned 0x0 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee4c61c0, Buffer=0x7ff8, BufferSize=0x61d7550, NumberOfBytesRead=0x40 | out: Buffer=0x7ff8, NumberOfBytesRead=0x40) returned 0x0 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1df0, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1c70, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2290, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2570, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2740, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.045] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0175.046] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.046] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.046] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x7ffdf000, Buffer=0x0, BufferSize=0x61d7528, NumberOfBytesRead=0x28 | out: Buffer=0x0, NumberOfBytesRead=0x28) returned 0x0 [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee4c61c0, Buffer=0x7ff8, BufferSize=0x61d7550, NumberOfBytesRead=0x40 | out: Buffer=0x7ff8, NumberOfBytesRead=0x40) returned 0x0 [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1df0, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1948, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x6c | out: Buffer=0x0, NumberOfBytesRead=0x6c) returned 0x0 [0175.046] StrRChrA (lpStart="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1c70, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1b70, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.046] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0175.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2290, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2410, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.047] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0175.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2570, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a26f0, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.047] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0175.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2740, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2210, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.047] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0175.047] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0175.047] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0175.047] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0175.047] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0175.047] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.047] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x6270000 [0175.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x6270000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x6271000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x6272000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x6273000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x6274000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x6275000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x6276000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x6277000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x6278000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x6279000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x627a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x627b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x627c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x627d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x627e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x627f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x6280000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x6281000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x6282000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x6283000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x6284000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x6285000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x6286000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x6287000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x6288000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x6289000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x628a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x628b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x628c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x628d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x628e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x628f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x6290000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x6291000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x6292000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x6293000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x6294000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x6295000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x6296000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x6297000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x6298000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x6299000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x629a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x629b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x629c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x629d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x629e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x629f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x62a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x62a1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x62a2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x62a3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x62a4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x62a5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x62a6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x62a7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x62a8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x62a9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x62aa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x62ab000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x62ac000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x62ad000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x62ae000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x62af000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x62b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x62b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x62b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x62b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x62b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x62b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x62b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x62b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x62b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x62b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x62ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x62bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x62bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x62bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x62be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x62bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x62c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x62c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x62c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x62c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x62c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x62c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x62c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x62c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x62c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x62c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x62ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x62cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x62cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x62cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x62ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x62cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x62d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x62d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x62d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x62d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x62d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x62d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x62d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x62d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x62d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x62d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x62da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x62db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x62dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x62dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x62de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x62df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x62e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x62e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x62e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x62e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x62e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x62e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x62e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x62e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x62e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x62e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x62ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x62eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x62ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x62ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x62ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x62ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x62f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x62f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x62f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x62f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x62f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x62f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x62f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x62f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x62f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.078] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x62f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.078] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x62fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.078] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x62fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.078] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x62fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.078] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x62fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.078] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x62fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x62ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6300000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6301000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6302000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6303000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6304000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.079] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6305000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.080] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6306000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.080] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6307000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.080] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6308000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.080] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6309000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.080] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x630a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.080] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x630b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.081] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x630c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.081] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x630d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.081] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x630e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.081] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x630f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.081] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6310000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.081] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6311000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.082] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6312000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.082] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6313000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.082] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6314000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.082] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6315000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.082] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6316000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.082] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6317000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.083] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6318000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.083] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6319000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.083] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x631a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.083] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x631b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.083] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x631c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.083] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x631d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.084] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x631e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.084] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x631f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.084] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6320000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.084] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6321000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.084] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6322000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.084] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6323000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.085] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6324000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.085] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6325000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.085] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6326000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.085] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6327000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.085] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6328000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6329000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x632a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x632b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x632c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x632d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x632e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.086] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x632f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6330000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6331000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6332000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6333000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6334000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6335000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.087] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6336000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.088] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6337000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.088] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6338000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.088] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6339000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.088] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x633a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.088] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x633b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.089] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x633c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.089] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x633d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.089] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x633e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.089] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x633f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.089] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6340000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.089] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6341000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.090] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6342000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.090] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6343000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.090] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6344000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.090] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6345000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.090] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6346000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.090] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6347000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.091] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6348000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.091] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6349000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.091] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x634a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.091] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x634b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.091] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x634c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.091] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x634d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.092] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x634e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.092] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x634f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.092] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6350000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.092] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6351000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.092] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6352000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.092] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee463000, Buffer=0x7ff8, BufferSize=0x6353000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.093] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee464000, Buffer=0x7ff8, BufferSize=0x6354000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.093] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee465000, Buffer=0x7ff8, BufferSize=0x6355000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.197] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwGetContextThread") returned -1 [0175.197] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwGetContextThread") returned -1 [0175.197] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgPrint", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwGetContextThread") returned -1 [0175.198] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwGetContextThread") returned -1 [0175.199] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwGetContextThread") returned -1 [0175.200] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwGetContextThread") returned -1 [0175.201] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="MD4Final", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="MD4Init", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="MD4Update", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="MD5Final", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="MD5Init", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="MD5Update", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwGetContextThread") returned -1 [0175.202] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwGetContextThread") returned -1 [0175.203] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtClose", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwGetContextThread") returned -1 [0175.204] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwGetContextThread") returned -1 [0175.210] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwGetContextThread") returned -1 [0175.227] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwGetContextThread") returned -1 [0175.227] VirtualFree (lpAddress=0x6270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.238] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.238] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.238] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.238] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0175.239] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.239] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.239] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.239] StrRChrA (lpStart="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0175.239] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1c70, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1b70, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.240] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2290, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2410, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.240] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2570, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a26f0, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.240] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2740, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.240] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2210, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.240] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0175.240] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0175.240] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0175.240] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0175.240] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0175.240] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.241] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x6270000 [0175.241] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x6270000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.241] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x6271000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.241] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x6272000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.241] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x6273000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x6274000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x6275000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x6276000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x6277000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x6278000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x6279000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.242] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x627a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x627b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x627c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x627d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x627e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x627f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x6280000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.243] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x6281000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x6282000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x6283000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x6284000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x6285000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x6286000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x6287000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x6288000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.244] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x6289000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x628a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x628b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x628c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x628d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x628e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x628f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x6290000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x6291000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.245] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x6292000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.246] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x6293000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.246] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x6294000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.246] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x6295000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.246] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x6296000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.246] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x6297000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.246] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x6298000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x6299000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x629a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x629b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x629c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x629d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x629e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x629f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.247] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x62a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x62a1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x62a2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x62a3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x62a4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x62a5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x62a6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.248] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x62a7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x62a8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x62a9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x62aa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x62ab000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x62ac000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x62ad000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.249] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x62ae000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x62af000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x62b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x62b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x62b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x62b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x62b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x62b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x62b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.250] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x62b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x62b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x62b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x62ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x62bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x62bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x62bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x62be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x62bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.251] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x62c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x62c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x62c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x62c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x62c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x62c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x62c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.252] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x62c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x62c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x62c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x62ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x62cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x62cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x62cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x62ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.253] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x62cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x62d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x62d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x62d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x62d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x62d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x62d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x62d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.254] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x62d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x62d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x62d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x62da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x62db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x62dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x62dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.255] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x62de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.256] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x62df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.256] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x62e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.256] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x62e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.256] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x62e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.256] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x62e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.256] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x62e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x62e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x62e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x62e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x62e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x62e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x62ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.257] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x62eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x62ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x62ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x62ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x62ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x62f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x62f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.258] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x62f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x62f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x62f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x62f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x62f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x62f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x62f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x62f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.259] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x62fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x62fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x62fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x62fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x62fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x62ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6300000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6301000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.260] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6302000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6303000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6304000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6305000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6306000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6307000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6308000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6309000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.261] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x630a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x630b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x630c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x630d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x630e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x630f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6310000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.262] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6311000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.263] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6312000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.263] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6313000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.263] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6314000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.263] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6315000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.263] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6316000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.263] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6317000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.264] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6318000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.264] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6319000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.264] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x631a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.264] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x631b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.264] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x631c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.264] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x631d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x631e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x631f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6320000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6321000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6322000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6323000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.265] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6324000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.266] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6325000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.266] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6326000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.266] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6327000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.266] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6328000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6329000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x632a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x632b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x632c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x632d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x632e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x632f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.267] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6330000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6331000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6332000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6333000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6334000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6335000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6336000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.268] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6337000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.270] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6338000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.270] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6339000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.270] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x633a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x633b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x633c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x633d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x633e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x633f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6340000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6341000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.271] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6342000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.272] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6343000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.272] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6344000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.272] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6345000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.272] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6346000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6347000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6348000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6349000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x634a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x634b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x634c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.273] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x634d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x634e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x634f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6350000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6351000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6352000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee463000, Buffer=0x7ff8, BufferSize=0x6353000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.274] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee464000, Buffer=0x7ff8, BufferSize=0x6354000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.275] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee465000, Buffer=0x7ff8, BufferSize=0x6355000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.275] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee466000, Buffer=0x7ff8, BufferSize=0x6356000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.275] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee467000, Buffer=0x7ff8, BufferSize=0x6357000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.275] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee468000, Buffer=0x7ff8, BufferSize=0x6358000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.275] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee469000, Buffer=0x7ff8, BufferSize=0x6359000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.275] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46a000, Buffer=0x7ff8, BufferSize=0x635a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.276] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46b000, Buffer=0x7ff8, BufferSize=0x635b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.276] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46c000, Buffer=0x7ff8, BufferSize=0x635c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.276] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46d000, Buffer=0x7ff8, BufferSize=0x635d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.276] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46e000, Buffer=0x7ff8, BufferSize=0x635e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.276] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46f000, Buffer=0x7ff8, BufferSize=0x635f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.276] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee470000, Buffer=0x7ff8, BufferSize=0x6360000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.299] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwSetContextThread") returned -1 [0175.299] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwSetContextThread") returned -1 [0175.299] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwSetContextThread") returned -1 [0175.299] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgPrint", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwSetContextThread") returned -1 [0175.300] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwSetContextThread") returned -1 [0175.301] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwSetContextThread") returned -1 [0175.302] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwSetContextThread") returned -1 [0175.303] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="MD4Final", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="MD4Init", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="MD4Update", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="MD5Final", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="MD5Init", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="MD5Update", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwSetContextThread") returned -1 [0175.304] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtClose", lpString2="ZwSetContextThread") returned -1 [0175.305] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwSetContextThread") returned -1 [0175.306] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwSetContextThread") returned -1 [0175.306] VirtualFree (lpAddress=0x6270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.314] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.315] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.315] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.315] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0175.315] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.316] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.316] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.316] StrRChrA (lpStart="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1c70, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1b70, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.316] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2290, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2410, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.316] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2570, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a26f0, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.316] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2740, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.316] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2210, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.316] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0175.316] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0175.316] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0175.316] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0175.316] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0175.316] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.317] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x6270000 [0175.317] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x6270000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.317] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x6271000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.317] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x6272000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.317] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x6273000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.317] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x6274000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.317] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x6275000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x6276000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x6277000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x6278000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x6279000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x627a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x627b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x627c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.318] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x627d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.319] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x627e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.319] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x627f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.319] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x6280000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.319] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x6281000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.319] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x6282000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.319] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x6283000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x6284000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x6285000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x6286000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x6287000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x6288000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x6289000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x628a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x628b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.320] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x628c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.321] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x628d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.321] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x628e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.321] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x628f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.321] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x6290000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x6291000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x6292000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x6293000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x6294000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x6295000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x6296000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x6297000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.322] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x6298000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x6299000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x629a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x629b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x629c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x629d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x629e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x629f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x62a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.323] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x62a1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x62a2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x62a3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x62a4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x62a5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x62a6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x62a7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x62a8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.324] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x62a9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x62aa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x62ab000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x62ac000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x62ad000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x62ae000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x62af000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x62b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x62b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.325] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x62b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x62b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x62b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x62b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x62b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x62b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x62b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.326] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x62b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x62ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x62bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x62bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x62bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x62be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x62bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.327] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x62c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x62c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x62c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x62c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x62c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x62c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x62c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.328] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x62c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x62c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x62c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x62ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x62cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x62cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x62cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x62ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x62cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.329] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x62d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.330] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x62d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.330] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x62d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.330] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x62d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.330] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x62d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x62d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x62d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x62d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x62d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x62d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x62da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x62db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.331] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x62dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x62dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x62de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x62df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x62e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x62e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x62e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x62e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x62e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x62e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x62e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x62e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x62e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x62e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x62ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x62eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x62ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x62ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x62ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x62ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x62f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x62f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x62f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x62f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x62f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x62f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x62f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x62f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x62f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x62f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x62fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x62fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x62fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x62fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x62fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x62ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6300000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6301000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6302000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6303000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6304000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6305000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6306000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6307000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6308000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6309000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x630a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.338] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x630b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.338] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x630c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.338] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x630d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.338] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x630e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.354] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x630f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.354] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6310000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.354] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6311000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6312000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6313000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6314000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6315000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6316000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6317000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6318000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.355] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6319000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x631a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x631b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x631c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x631d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x631e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x631f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6320000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.356] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6321000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6322000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6323000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6324000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6325000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6326000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6327000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6328000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6329000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.357] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x632a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x632b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x632c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x632d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x632e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x632f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6330000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6331000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.358] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6332000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6333000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6334000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6335000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6336000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6337000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6338000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6339000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x633a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x633b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x633c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x633d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x633e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x633f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6340000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6341000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6342000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6343000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6344000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6345000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6346000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6347000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6348000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6349000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x634a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x634b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x634c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x634d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x634e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x634f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6350000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6351000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6352000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee463000, Buffer=0x7ff8, BufferSize=0x6353000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee464000, Buffer=0x7ff8, BufferSize=0x6354000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee465000, Buffer=0x7ff8, BufferSize=0x6355000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee466000, Buffer=0x7ff8, BufferSize=0x6356000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee467000, Buffer=0x7ff8, BufferSize=0x6357000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee468000, Buffer=0x7ff8, BufferSize=0x6358000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee469000, Buffer=0x7ff8, BufferSize=0x6359000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46a000, Buffer=0x7ff8, BufferSize=0x635a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46b000, Buffer=0x7ff8, BufferSize=0x635b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46c000, Buffer=0x7ff8, BufferSize=0x635c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46d000, Buffer=0x7ff8, BufferSize=0x635d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46e000, Buffer=0x7ff8, BufferSize=0x635e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46f000, Buffer=0x7ff8, BufferSize=0x635f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee470000, Buffer=0x7ff8, BufferSize=0x6360000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.384] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="DbgPrint", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwProtectVirtualMemory") returned -1 [0175.384] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwProtectVirtualMemory") returned -1 [0175.385] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.386] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0175.387] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="MD4Final", lpString2="ZwProtectVirtualMemory") returned -1 [0175.388] lstrcmpA (lpString1="MD4Init", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="MD4Update", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="MD5Final", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="MD5Init", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="MD5Update", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0175.389] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtClose", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwProtectVirtualMemory") returned -1 [0175.390] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0175.391] VirtualFree (lpAddress=0x6270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.399] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.400] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.400] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.400] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0175.400] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.400] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.400] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f414, ProcessInformationLength=0x30, ReturnLength=0x5d5f468 | out: ProcessInformation64=0x5d5f414, ReturnLength=0x5d5f468) returned 0x0 [0175.401] StrRChrA (lpStart="C:\\Users\\CIIHMN~1\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1c70, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a1b70, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.401] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2290, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2410, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0175.401] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2570, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a26f0, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.401] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2740, Buffer=0x0, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0175.401] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2a2210, Buffer=0x0, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0175.401] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0175.401] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0175.401] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0175.401] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0175.401] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0175.401] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.401] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x6270000 [0175.402] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x6270000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.402] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x6271000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.402] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x6272000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.402] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x6273000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.402] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x6274000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x6275000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x6276000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x6277000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x6278000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x6279000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x627a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.403] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x627b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x627c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x627d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x627e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x627f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x6280000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x6281000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.404] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x6282000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x6283000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x6284000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x6285000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x6286000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x6287000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x6288000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x6289000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x628a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.405] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x628b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x628c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x628d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x628e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x628f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x6290000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x6291000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x6292000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.406] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x6293000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.407] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x6294000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.407] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x6295000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.407] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x6296000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.407] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x6297000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.407] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x6298000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x6299000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x629a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x629b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x629c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x629d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x629e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.408] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x629f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x62a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x62a1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x62a2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x62a3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x62a4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x62a5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x62a6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.409] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x62a7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x62a8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x62a9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x62aa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x62ab000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x62ac000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x62ad000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x62ae000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x62af000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.410] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x62b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x62b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x62b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x62b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x62b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x62b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x62b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x62b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.411] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x62b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x62b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x62ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x62bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x62bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x62bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x62be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.412] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x62bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x62c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x62c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x62c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x62c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x62c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x62c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x62c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x62c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.413] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x62c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x62c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x62ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x62cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x62cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x62cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x62ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.414] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x62cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x62d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x62d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x62d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x62d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x62d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x62d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x62d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.415] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x62d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x62d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x62d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x62da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x62db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x62dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x62dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x62de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.416] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x62df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x62e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x62e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x62e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x62e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x62e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x62e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x62e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x62e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.417] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x62e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.418] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x62e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.418] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x62ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.418] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x62eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.418] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x62ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.418] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x62ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.419] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x62ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.419] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x62ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.419] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x62f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.419] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x62f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.419] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x62f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.419] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x62f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.420] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x62f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.420] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x62f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.420] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x62f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.420] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x62f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.420] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x62f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.420] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x62f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.421] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x62fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.421] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x62fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.421] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x62fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.421] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x62fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.421] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x62fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.421] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x62ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6300000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6301000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6302000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6303000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6304000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6305000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.422] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6306000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6307000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6308000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6309000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x630a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x630b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x630c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.423] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x630d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x630e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x630f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6310000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6311000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6312000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6313000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.424] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6314000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6315000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6316000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6317000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6318000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6319000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x631a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.425] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x631b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x631c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x631d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x631e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x631f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6320000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6321000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6322000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6323000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.426] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6324000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6325000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6326000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6327000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6328000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6329000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x632a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x632b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x632c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.427] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x632d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x632e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x632f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6330000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6331000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6332000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6333000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6334000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.428] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6335000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6336000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6337000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6338000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6339000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x633a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x633b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.429] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x633c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x633d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x633e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x633f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6340000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6341000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6342000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6343000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.430] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6344000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6345000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6346000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6347000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6348000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6349000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x634a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x634b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x634c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.431] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x634d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x634e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x634f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6350000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6351000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6352000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee463000, Buffer=0x7ff8, BufferSize=0x6353000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee464000, Buffer=0x7ff8, BufferSize=0x6354000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee465000, Buffer=0x7ff8, BufferSize=0x6355000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee466000, Buffer=0x7ff8, BufferSize=0x6356000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee467000, Buffer=0x7ff8, BufferSize=0x6357000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee468000, Buffer=0x7ff8, BufferSize=0x6358000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee469000, Buffer=0x7ff8, BufferSize=0x6359000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46a000, Buffer=0x7ff8, BufferSize=0x635a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46b000, Buffer=0x7ff8, BufferSize=0x635b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46c000, Buffer=0x7ff8, BufferSize=0x635c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46d000, Buffer=0x7ff8, BufferSize=0x635d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.434] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46e000, Buffer=0x7ff8, BufferSize=0x635e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.434] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee46f000, Buffer=0x7ff8, BufferSize=0x635f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.434] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0xee470000, Buffer=0x7ff8, BufferSize=0x6360000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.454] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwWriteVirtualMemory") returned -1 [0175.454] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwWriteVirtualMemory") returned -1 [0175.454] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwWriteVirtualMemory") returned -1 [0175.454] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwWriteVirtualMemory") returned -1 [0175.454] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.455] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgPrint", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwWriteVirtualMemory") returned -1 [0175.456] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwWriteVirtualMemory") returned -1 [0175.457] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwWriteVirtualMemory") returned -1 [0175.459] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwWriteVirtualMemory") returned -1 [0175.460] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="MD4Final", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="MD4Init", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="MD4Update", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="MD5Final", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="MD5Init", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="MD5Update", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0175.461] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwWriteVirtualMemory") returned -1 [0175.462] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtClose", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.463] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwWriteVirtualMemory") returned -1 [0175.464] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0175.464] VirtualFree (lpAddress=0x6270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.473] CloseHandle (hObject=0x514) returned 1 [0175.473] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.473] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.473] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f5a0, ProcessInformationLength=0x30, ReturnLength=0x5d5f614 | out: ProcessInformation64=0x5d5f5a0, ReturnLength=0x5d5f614) returned 0x0 [0175.487] ResumeThread (hThread=0x508) returned 0x1 [0175.487] Sleep (dwMilliseconds=0x64) [0175.588] SuspendThread (hThread=0x508) returned 0x0 [0175.588] NtGetContextThread (in: ThreadHandle=0x508, Context=0x5d5f660 | out: Context=0x5d5f660*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x100003, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x47, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x88, [65]=0x86, [66]=0x76, [67]=0xce, [68]=0xfe, [69]=0xf, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x40, [74]=0xf2, [75]=0x72, [76]=0xf6, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x40000000, SegFs=0x73b43440, SegEs=0x7ff6, SegDs=0xfc8eff18, Edi=0xaf, Esi=0x0, Ebx=0x0, Edx=0x72f24000, Ecx=0x7ff6, Eax=0x72f24000, Ebp=0x7ff6, Eip=0x72f24000, SegCs=0x7ff6, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x40, [45]=0x34, [46]=0xb4, [47]=0x73, [48]=0xf6, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0175.588] NtCreateSection (in: SectionHandle=0x5d5f5fc, DesiredAccess=0xf001f, ObjectAttributes=0x5d5f5c0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x5d5f5d8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x5d5f5fc*=0x514) returned 0x0 [0175.589] NtMapViewOfSection (in: SectionHandle=0x514, ProcessHandle=0xffffffff, BaseAddress=0x5d5f5e4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x5d5f590*=0, ViewSize=0x5d5f598*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x5d5f5e4*=0x6270000, SectionOffset=0x5d5f590*=0, ViewSize=0x5d5f598*=0x133000) returned 0x0 [0175.589] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0175.601] NtMapViewOfSection (in: SectionHandle=0x514, ProcessHandle=0x50c, BaseAddress=0x5d5f628*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x5d5f5e0*=0, ViewSize=0x5d5f5e8*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x5d5f628*=0x830000, SectionOffset=0x5d5f5e0*=0, ViewSize=0x5d5f5e8*=0x133000) returned 0x0 [0175.602] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0175.603] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.603] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.603] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f4f4, ProcessInformationLength=0x30, ReturnLength=0x5d5f548 | out: ProcessInformation64=0x5d5f4f4, ReturnLength=0x5d5f548) returned 0x0 [0175.603] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x72f24000, Buffer=0x7ff6, BufferSize=0x61d7528, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0175.603] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee4c61c0, Buffer=0x7ff8, BufferSize=0x61d7550, NumberOfBytesRead=0x40 | out: Buffer=0x7ff8, NumberOfBytesRead=0x40) returned 0x0 [0175.603] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03510, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.603] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03380, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.603] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb039c0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.604] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03ec0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.604] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05230, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.604] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb054e0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.604] VirtualAlloc (lpAddress=0x0, dwSize=0x6c4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0175.604] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.604] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.604] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f4f4, ProcessInformationLength=0x30, ReturnLength=0x5d5f548 | out: ProcessInformation64=0x5d5f4f4, ReturnLength=0x5d5f548) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x72f24000, Buffer=0x7ff6, BufferSize=0x61d7528, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee4c61c0, Buffer=0x7ff8, BufferSize=0x61d7550, NumberOfBytesRead=0x40 | out: Buffer=0x7ff8, NumberOfBytesRead=0x40) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03510, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03178, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3e | out: Buffer=0xaf, NumberOfBytesRead=0x3e) returned 0x0 [0175.605] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03380, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03270, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0xaf, NumberOfBytesRead=0x3a) returned 0x0 [0175.605] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb039c0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03b50, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0xaf, NumberOfBytesRead=0x40) returned 0x0 [0175.605] StrRChrA (lpStart="C:\\Windows\\system32\\KERNEL32.DLL", lpEnd=0x0, wMatch=0x5c) returned="\\KERNEL32.DLL" [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03ec0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.605] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb04050, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x44 | out: Buffer=0xaf, NumberOfBytesRead=0x44) returned 0x0 [0175.605] StrRChrA (lpStart="C:\\Windows\\system32\\KERNELBASE.dll", lpEnd=0x0, wMatch=0x5c) returned="\\KERNELBASE.dll" [0175.606] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05230, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.606] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03950, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3e | out: Buffer=0xaf, NumberOfBytesRead=0x3e) returned 0x0 [0175.606] StrRChrA (lpStart="C:\\Windows\\system32\\sechost.dll", lpEnd=0x0, wMatch=0x5c) returned="\\sechost.dll" [0175.606] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb054e0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.606] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05670, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3c | out: Buffer=0xaf, NumberOfBytesRead=0x3c) returned 0x0 [0175.606] StrRChrA (lpStart="C:\\Windows\\system32\\RPCRT4.dll", lpEnd=0x0, wMatch=0x5c) returned="\\RPCRT4.dll" [0175.606] lstrcmpiA (lpString1="svchost.exe", lpString2="NTDLL.DLL") returned 1 [0175.606] StrChrA (lpStart="svchost.exe", wMatch=0x2e) returned=".exe" [0175.606] lstrcmpiA (lpString1="svchost", lpString2="NTDLL.DLL") returned 1 [0175.606] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0175.606] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.606] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0175.607] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.607] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.607] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.607] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.607] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.608] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.609] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.609] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.609] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.609] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.609] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.610] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.610] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.610] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.610] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.610] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.610] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.611] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.611] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.611] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.611] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.611] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.612] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.612] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.612] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.612] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.612] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.613] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.613] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.613] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.613] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.613] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.614] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.614] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.614] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.614] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.615] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.615] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.615] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.615] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.617] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.617] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.617] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.618] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.618] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.618] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.618] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.618] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.618] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.619] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.620] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.621] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.622] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.622] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.622] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.622] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.623] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.623] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.623] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.623] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.623] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.623] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.624] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.624] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.624] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.624] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.624] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.625] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.625] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.625] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.625] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.626] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.627] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.627] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.627] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.627] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.627] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.628] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.629] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.630] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.630] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.630] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.630] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.630] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.630] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.631] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.631] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.631] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.631] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.631] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.631] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.632] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.633] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.633] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.633] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.633] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.633] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.633] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.634] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.634] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.634] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.634] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.634] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.634] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.635] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.635] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.635] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.635] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.635] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.635] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.636] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.636] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.636] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.636] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.636] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.636] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.637] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.637] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.637] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.637] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.637] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.638] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.638] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.638] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.638] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.638] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.638] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.639] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.639] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.639] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.639] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.639] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.639] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.640] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.640] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.640] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.640] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.640] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.640] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.641] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.641] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.641] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.641] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.641] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.641] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.642] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.642] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.902] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0175.902] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrLoadDll") returned -1 [0175.904] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrLoadDll") returned -1 [0175.905] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0175.905] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrLoadDll") returned -1 [0175.905] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgPrint", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrLoadDll") returned -1 [0175.906] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrLoadDll") returned -1 [0175.907] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrLoadDll") returned -1 [0175.908] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="LdrLoadDll") returned -1 [0175.909] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="LdrLoadDll") returned -1 [0175.909] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="LdrLoadDll") returned -1 [0175.909] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="LdrLoadDll") returned -1 [0175.909] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="LdrLoadDll") returned -1 [0175.909] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="LdrLoadDll") returned -1 [0175.909] lstrcmpA (lpString1="LdrLoadDll", lpString2="LdrLoadDll") returned 0 [0175.909] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.917] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.918] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.918] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f4f4, ProcessInformationLength=0x30, ReturnLength=0x5d5f548 | out: ProcessInformation64=0x5d5f4f4, ReturnLength=0x5d5f548) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x72f24000, Buffer=0x7ff6, BufferSize=0x61d7528, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee4c61c0, Buffer=0x7ff8, BufferSize=0x61d7550, NumberOfBytesRead=0x40 | out: Buffer=0x7ff8, NumberOfBytesRead=0x40) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03510, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03380, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb039c0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03ec0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05230, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.918] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb054e0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.918] VirtualAlloc (lpAddress=0x0, dwSize=0x6c4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0175.919] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0175.919] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0175.919] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f4f4, ProcessInformationLength=0x30, ReturnLength=0x5d5f548 | out: ProcessInformation64=0x5d5f4f4, ReturnLength=0x5d5f548) returned 0x0 [0175.919] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x72f24000, Buffer=0x7ff6, BufferSize=0x61d7528, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0175.919] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee4c61c0, Buffer=0x7ff8, BufferSize=0x61d7550, NumberOfBytesRead=0x40 | out: Buffer=0x7ff8, NumberOfBytesRead=0x40) returned 0x0 [0175.919] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03510, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.919] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03178, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3e | out: Buffer=0xaf, NumberOfBytesRead=0x3e) returned 0x0 [0175.919] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0175.919] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03380, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03270, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0xaf, NumberOfBytesRead=0x3a) returned 0x0 [0175.920] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb039c0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03b50, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0xaf, NumberOfBytesRead=0x40) returned 0x0 [0175.920] StrRChrA (lpStart="C:\\Windows\\system32\\KERNEL32.DLL", lpEnd=0x0, wMatch=0x5c) returned="\\KERNEL32.DLL" [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03ec0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb04050, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x44 | out: Buffer=0xaf, NumberOfBytesRead=0x44) returned 0x0 [0175.920] StrRChrA (lpStart="C:\\Windows\\system32\\KERNELBASE.dll", lpEnd=0x0, wMatch=0x5c) returned="\\KERNELBASE.dll" [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05230, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03950, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3e | out: Buffer=0xaf, NumberOfBytesRead=0x3e) returned 0x0 [0175.920] StrRChrA (lpStart="C:\\Windows\\system32\\sechost.dll", lpEnd=0x0, wMatch=0x5c) returned="\\sechost.dll" [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb054e0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0175.920] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05670, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3c | out: Buffer=0xaf, NumberOfBytesRead=0x3c) returned 0x0 [0175.920] StrRChrA (lpStart="C:\\Windows\\system32\\RPCRT4.dll", lpEnd=0x0, wMatch=0x5c) returned="\\RPCRT4.dll" [0175.920] lstrcmpiA (lpString1="svchost.exe", lpString2="NTDLL.DLL") returned 1 [0175.920] StrChrA (lpStart="svchost.exe", wMatch=0x2e) returned=".exe" [0175.920] lstrcmpiA (lpString1="svchost", lpString2="NTDLL.DLL") returned 1 [0175.920] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0175.920] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.921] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0175.921] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.921] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.921] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.921] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.922] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.923] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.923] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.923] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.923] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.923] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.923] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.924] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.924] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.924] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.924] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.925] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.925] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.925] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.925] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.925] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.925] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.926] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.926] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.926] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.926] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.926] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.927] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.927] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.927] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.927] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.927] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.927] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.928] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.928] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.928] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.928] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.928] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.929] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.929] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.929] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.929] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.929] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.929] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.930] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.930] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.930] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.930] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.931] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.931] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.931] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.931] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.931] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.932] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.932] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.932] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.932] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.932] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.932] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.933] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.933] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.933] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.933] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.933] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.934] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.934] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.934] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.934] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.934] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.935] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.935] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.935] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.935] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.935] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.936] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.936] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.936] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.936] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.936] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.937] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.938] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.938] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.938] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.938] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.938] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.938] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.939] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.939] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.939] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.961] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.962] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.963] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.963] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.963] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.963] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.963] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.963] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.964] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.964] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.964] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.964] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.964] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.964] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.965] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.966] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.967] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.968] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.968] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.968] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.968] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.968] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.969] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.969] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.969] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.969] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.969] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.969] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.970] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.970] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.970] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.970] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.970] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.970] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.971] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.971] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.971] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.971] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.971] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.971] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.972] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.972] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.972] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.972] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.972] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.972] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.973] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.974] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.974] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.974] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.974] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.974] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.974] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.975] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.976] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.976] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.976] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.976] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.976] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.976] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.977] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.978] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.978] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.978] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.978] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.978] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.978] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.979] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.979] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.979] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.979] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.979] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.979] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.980] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.980] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.980] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.980] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.980] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.980] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.981] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.981] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.981] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.981] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0175.981] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.007] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrGetProcedureAddress") returned -1 [0176.007] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgPrint", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrGetProcedureAddress") returned -1 [0176.008] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0176.009] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="LdrGetProcedureAddress") returned -1 [0176.010] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrGetProcedureAddress") returned 0 [0176.010] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.018] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0176.019] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0176.019] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f4f4, ProcessInformationLength=0x30, ReturnLength=0x5d5f548 | out: ProcessInformation64=0x5d5f4f4, ReturnLength=0x5d5f548) returned 0x0 [0176.019] VirtualAlloc (lpAddress=0x0, dwSize=0x6c4, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000 [0176.019] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77ca0000 [0176.020] GetProcAddress (hModule=0x77ca0000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x77d0a840 [0176.020] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5d5f4f4, ProcessInformationLength=0x30, ReturnLength=0x5d5f548 | out: ProcessInformation64=0x5d5f4f4, ReturnLength=0x5d5f548) returned 0x0 [0176.020] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0176.020] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03380, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0176.020] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03270, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3a | out: Buffer=0xaf, NumberOfBytesRead=0x3a) returned 0x0 [0176.020] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0176.020] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb039c0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0176.020] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03b50, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x40 | out: Buffer=0xaf, NumberOfBytesRead=0x40) returned 0x0 [0176.020] StrRChrA (lpStart="C:\\Windows\\system32\\KERNEL32.DLL", lpEnd=0x0, wMatch=0x5c) returned="\\KERNEL32.DLL" [0176.020] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03ec0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0176.021] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb04050, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x44 | out: Buffer=0xaf, NumberOfBytesRead=0x44) returned 0x0 [0176.021] StrRChrA (lpStart="C:\\Windows\\system32\\KERNELBASE.dll", lpEnd=0x0, wMatch=0x5c) returned="\\KERNELBASE.dll" [0176.021] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05230, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0176.021] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb03950, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3e | out: Buffer=0xaf, NumberOfBytesRead=0x3e) returned 0x0 [0176.021] StrRChrA (lpStart="C:\\Windows\\system32\\sechost.dll", lpEnd=0x0, wMatch=0x5c) returned="\\sechost.dll" [0176.021] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb054e0, Buffer=0xaf, BufferSize=0x61d7590, NumberOfBytesRead=0x98 | out: Buffer=0xaf, NumberOfBytesRead=0x98) returned 0x0 [0176.021] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xfcb05670, Buffer=0xaf, BufferSize=0x61d7320, NumberOfBytesRead=0x3c | out: Buffer=0xaf, NumberOfBytesRead=0x3c) returned 0x0 [0176.021] StrRChrA (lpStart="C:\\Windows\\system32\\RPCRT4.dll", lpEnd=0x0, wMatch=0x5c) returned="\\RPCRT4.dll" [0176.021] lstrcmpiA (lpString1="svchost.exe", lpString2="NTDLL.DLL") returned 1 [0176.021] StrChrA (lpStart="svchost.exe", wMatch=0x2e) returned=".exe" [0176.021] lstrcmpiA (lpString1="svchost", lpString2="NTDLL.DLL") returned 1 [0176.021] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0176.021] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.022] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0176.022] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee380000, Buffer=0x7ff8, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.022] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee381000, Buffer=0x7ff8, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.022] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee382000, Buffer=0x7ff8, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.022] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee383000, Buffer=0x7ff8, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.023] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee384000, Buffer=0x7ff8, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.023] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee385000, Buffer=0x7ff8, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.023] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee386000, Buffer=0x7ff8, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.023] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee387000, Buffer=0x7ff8, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.032] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee388000, Buffer=0x7ff8, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.032] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee389000, Buffer=0x7ff8, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.032] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38a000, Buffer=0x7ff8, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.032] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38b000, Buffer=0x7ff8, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38c000, Buffer=0x7ff8, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38d000, Buffer=0x7ff8, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38e000, Buffer=0x7ff8, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee38f000, Buffer=0x7ff8, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee390000, Buffer=0x7ff8, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee391000, Buffer=0x7ff8, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.033] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee392000, Buffer=0x7ff8, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.034] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee393000, Buffer=0x7ff8, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.034] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee394000, Buffer=0x7ff8, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.034] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee395000, Buffer=0x7ff8, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.034] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee396000, Buffer=0x7ff8, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.034] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee397000, Buffer=0x7ff8, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.034] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee398000, Buffer=0x7ff8, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee399000, Buffer=0x7ff8, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39a000, Buffer=0x7ff8, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39b000, Buffer=0x7ff8, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39c000, Buffer=0x7ff8, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39d000, Buffer=0x7ff8, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39e000, Buffer=0x7ff8, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.035] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee39f000, Buffer=0x7ff8, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a0000, Buffer=0x7ff8, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a1000, Buffer=0x7ff8, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a2000, Buffer=0x7ff8, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a3000, Buffer=0x7ff8, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a4000, Buffer=0x7ff8, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a5000, Buffer=0x7ff8, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.036] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a6000, Buffer=0x7ff8, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.037] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a7000, Buffer=0x7ff8, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.037] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a8000, Buffer=0x7ff8, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.037] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3a9000, Buffer=0x7ff8, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.037] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3aa000, Buffer=0x7ff8, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.037] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ab000, Buffer=0x7ff8, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.037] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ac000, Buffer=0x7ff8, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.038] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ad000, Buffer=0x7ff8, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.038] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ae000, Buffer=0x7ff8, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.038] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3af000, Buffer=0x7ff8, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.038] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b0000, Buffer=0x7ff8, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.039] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b1000, Buffer=0x7ff8, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.039] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b2000, Buffer=0x7ff8, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.039] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b3000, Buffer=0x7ff8, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.039] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b4000, Buffer=0x7ff8, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.040] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b5000, Buffer=0x7ff8, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.040] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b6000, Buffer=0x7ff8, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.040] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b7000, Buffer=0x7ff8, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.040] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b8000, Buffer=0x7ff8, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.040] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3b9000, Buffer=0x7ff8, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.041] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ba000, Buffer=0x7ff8, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.041] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bb000, Buffer=0x7ff8, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.041] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bc000, Buffer=0x7ff8, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.041] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bd000, Buffer=0x7ff8, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.041] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3be000, Buffer=0x7ff8, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.041] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3bf000, Buffer=0x7ff8, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c0000, Buffer=0x7ff8, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c1000, Buffer=0x7ff8, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c2000, Buffer=0x7ff8, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c3000, Buffer=0x7ff8, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c4000, Buffer=0x7ff8, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c5000, Buffer=0x7ff8, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c6000, Buffer=0x7ff8, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.042] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c7000, Buffer=0x7ff8, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c8000, Buffer=0x7ff8, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3c9000, Buffer=0x7ff8, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ca000, Buffer=0x7ff8, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cb000, Buffer=0x7ff8, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cc000, Buffer=0x7ff8, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cd000, Buffer=0x7ff8, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.043] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ce000, Buffer=0x7ff8, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.044] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3cf000, Buffer=0x7ff8, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.044] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d0000, Buffer=0x7ff8, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.044] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d1000, Buffer=0x7ff8, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.044] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d2000, Buffer=0x7ff8, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.044] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d3000, Buffer=0x7ff8, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.044] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d4000, Buffer=0x7ff8, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d5000, Buffer=0x7ff8, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d6000, Buffer=0x7ff8, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d7000, Buffer=0x7ff8, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d8000, Buffer=0x7ff8, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3d9000, Buffer=0x7ff8, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3da000, Buffer=0x7ff8, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.045] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3db000, Buffer=0x7ff8, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3dc000, Buffer=0x7ff8, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3dd000, Buffer=0x7ff8, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3de000, Buffer=0x7ff8, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3df000, Buffer=0x7ff8, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e0000, Buffer=0x7ff8, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e1000, Buffer=0x7ff8, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.046] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e2000, Buffer=0x7ff8, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e3000, Buffer=0x7ff8, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e4000, Buffer=0x7ff8, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e5000, Buffer=0x7ff8, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e6000, Buffer=0x7ff8, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e7000, Buffer=0x7ff8, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.047] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e8000, Buffer=0x7ff8, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3e9000, Buffer=0x7ff8, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ea000, Buffer=0x7ff8, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3eb000, Buffer=0x7ff8, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ec000, Buffer=0x7ff8, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ed000, Buffer=0x7ff8, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ee000, Buffer=0x7ff8, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ef000, Buffer=0x7ff8, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f0000, Buffer=0x7ff8, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f1000, Buffer=0x7ff8, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f2000, Buffer=0x7ff8, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f3000, Buffer=0x7ff8, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f4000, Buffer=0x7ff8, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f5000, Buffer=0x7ff8, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f6000, Buffer=0x7ff8, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f7000, Buffer=0x7ff8, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f8000, Buffer=0x7ff8, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3f9000, Buffer=0x7ff8, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fa000, Buffer=0x7ff8, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fb000, Buffer=0x7ff8, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fc000, Buffer=0x7ff8, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fd000, Buffer=0x7ff8, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3fe000, Buffer=0x7ff8, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee3ff000, Buffer=0x7ff8, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee400000, Buffer=0x7ff8, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee401000, Buffer=0x7ff8, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee402000, Buffer=0x7ff8, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee403000, Buffer=0x7ff8, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee404000, Buffer=0x7ff8, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee405000, Buffer=0x7ff8, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee406000, Buffer=0x7ff8, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee407000, Buffer=0x7ff8, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee408000, Buffer=0x7ff8, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee409000, Buffer=0x7ff8, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40a000, Buffer=0x7ff8, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40b000, Buffer=0x7ff8, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40c000, Buffer=0x7ff8, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40d000, Buffer=0x7ff8, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40e000, Buffer=0x7ff8, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee40f000, Buffer=0x7ff8, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee410000, Buffer=0x7ff8, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee411000, Buffer=0x7ff8, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee412000, Buffer=0x7ff8, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee413000, Buffer=0x7ff8, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee414000, Buffer=0x7ff8, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee415000, Buffer=0x7ff8, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee416000, Buffer=0x7ff8, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee417000, Buffer=0x7ff8, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee418000, Buffer=0x7ff8, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee419000, Buffer=0x7ff8, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41a000, Buffer=0x7ff8, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41b000, Buffer=0x7ff8, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41c000, Buffer=0x7ff8, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41d000, Buffer=0x7ff8, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41e000, Buffer=0x7ff8, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee41f000, Buffer=0x7ff8, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee420000, Buffer=0x7ff8, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee421000, Buffer=0x7ff8, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee422000, Buffer=0x7ff8, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee423000, Buffer=0x7ff8, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee424000, Buffer=0x7ff8, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee425000, Buffer=0x7ff8, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee426000, Buffer=0x7ff8, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee427000, Buffer=0x7ff8, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee428000, Buffer=0x7ff8, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee429000, Buffer=0x7ff8, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42a000, Buffer=0x7ff8, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42b000, Buffer=0x7ff8, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42c000, Buffer=0x7ff8, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42d000, Buffer=0x7ff8, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42e000, Buffer=0x7ff8, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee42f000, Buffer=0x7ff8, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee430000, Buffer=0x7ff8, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee431000, Buffer=0x7ff8, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee432000, Buffer=0x7ff8, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee433000, Buffer=0x7ff8, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee434000, Buffer=0x7ff8, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee435000, Buffer=0x7ff8, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee436000, Buffer=0x7ff8, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee437000, Buffer=0x7ff8, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee438000, Buffer=0x7ff8, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee439000, Buffer=0x7ff8, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43a000, Buffer=0x7ff8, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43b000, Buffer=0x7ff8, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43c000, Buffer=0x7ff8, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43d000, Buffer=0x7ff8, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43e000, Buffer=0x7ff8, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee43f000, Buffer=0x7ff8, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee440000, Buffer=0x7ff8, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee441000, Buffer=0x7ff8, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee442000, Buffer=0x7ff8, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee443000, Buffer=0x7ff8, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee444000, Buffer=0x7ff8, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee445000, Buffer=0x7ff8, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee446000, Buffer=0x7ff8, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee447000, Buffer=0x7ff8, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee448000, Buffer=0x7ff8, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee449000, Buffer=0x7ff8, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44a000, Buffer=0x7ff8, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44b000, Buffer=0x7ff8, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44c000, Buffer=0x7ff8, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44d000, Buffer=0x7ff8, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44e000, Buffer=0x7ff8, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee44f000, Buffer=0x7ff8, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee450000, Buffer=0x7ff8, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee451000, Buffer=0x7ff8, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee452000, Buffer=0x7ff8, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee453000, Buffer=0x7ff8, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee454000, Buffer=0x7ff8, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee455000, Buffer=0x7ff8, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee456000, Buffer=0x7ff8, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee457000, Buffer=0x7ff8, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee458000, Buffer=0x7ff8, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee459000, Buffer=0x7ff8, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45a000, Buffer=0x7ff8, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45b000, Buffer=0x7ff8, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45c000, Buffer=0x7ff8, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45d000, Buffer=0x7ff8, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45e000, Buffer=0x7ff8, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee45f000, Buffer=0x7ff8, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee460000, Buffer=0x7ff8, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee461000, Buffer=0x7ff8, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee462000, Buffer=0x7ff8, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee463000, Buffer=0x7ff8, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee464000, Buffer=0x7ff8, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee465000, Buffer=0x7ff8, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee466000, Buffer=0x7ff8, BufferSize=0x6496000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee467000, Buffer=0x7ff8, BufferSize=0x6497000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee468000, Buffer=0x7ff8, BufferSize=0x6498000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee469000, Buffer=0x7ff8, BufferSize=0x6499000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee46a000, Buffer=0x7ff8, BufferSize=0x649a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee46b000, Buffer=0x7ff8, BufferSize=0x649b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.068] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee46c000, Buffer=0x7ff8, BufferSize=0x649c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.068] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee46d000, Buffer=0x7ff8, BufferSize=0x649d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.068] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xee46e000, Buffer=0x7ff8, BufferSize=0x649e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff8, NumberOfBytesRead=0x1000) returned 0x0 [0176.098] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwProtectVirtualMemory") returned -1 [0176.098] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgPrint", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0176.099] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0176.100] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwProtectVirtualMemory") returned -1 [0176.101] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0176.102] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="MD4Final", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="MD4Init", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="MD4Update", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="MD5Final", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="MD5Init", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="MD5Update", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwProtectVirtualMemory") returned -1 [0176.103] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.104] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtClose", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwProtectVirtualMemory") returned -1 [0176.105] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0176.106] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.114] NtAllocateVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5d5f0c0*=0x0, ZeroBits=0x0, RegionSize=0x5d5f0bc*=0x318, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x5d5f0c0*=0x970000, RegionSize=0x5d5f0bc*=0x1000) returned 0x0 [0176.115] NtGetContextThread (in: ThreadHandle=0x508, Context=0x5d5f0f0 | out: Context=0x5d5f0f0*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x100003, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x47, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x88, [65]=0x86, [66]=0x76, [67]=0xce, [68]=0xfe, [69]=0xf, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x40, [74]=0xf2, [75]=0x72, [76]=0xf6, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x40000000, SegFs=0x73b43440, SegEs=0x7ff6, SegDs=0xfc8eff18, Edi=0xaf, Esi=0x0, Ebx=0x0, Edx=0x72f24000, Ecx=0x7ff6, Eax=0x72f24000, Ebp=0x7ff6, Eip=0x72f24000, SegCs=0x7ff6, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x40, [45]=0x34, [46]=0xb4, [47]=0x73, [48]=0xf6, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0176.115] NtWriteVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x970000, Buffer=0x61d7320*, NumberOfBytesToWrite=0x318, NumberOfBytesWritten=0x5d5f0ec | out: Buffer=0x61d7320*, NumberOfBytesWritten=0x5d5f0ec*=0x318) returned 0x0 [0176.115] NtSetContextThread (ThreadHandle=0x508, Context=0x5d5f0f0*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x100003, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x47, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x97, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x40, [74]=0xf2, [75]=0x72, [76]=0xf6, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x40000000, SegFs=0x73b43440, SegEs=0x7ff6, SegDs=0xfc8eff18, Edi=0xaf, Esi=0x0, Ebx=0x0, Edx=0x72f24000, Ecx=0x7ff6, Eax=0x72f24000, Ebp=0x7ff6, Eip=0x72f24000, SegCs=0x7ff6, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x18, [45]=0x2, [46]=0x97, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0176.116] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x6270000) returned 0x0 [0176.128] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0176.128] CloseHandle (hObject=0x514) returned 1 [0176.128] NtProtectVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5d5f5f0*=0x7ff673b43440, NumberOfBytesToProtect=0x5d5f5f8, NewAccessProtection=0x40, OldAccessProtection=0x5d5f5e8 | out: BaseAddress=0x5d5f5f0*=0x7ff673b43000, NumberOfBytesToProtect=0x5d5f5f8, OldAccessProtection=0x5d5f5e8*=0x20) returned 0x0 [0176.128] NtWriteVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x7ff673b43440, Buffer=0x5d5f658*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x5d5f5e0 | out: Buffer=0x5d5f658*, NumberOfBytesWritten=0x5d5f5e0*=0x4) returned 0x0 [0176.128] NtProtectVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5d5f5f0*=0x7ff673b43000, NumberOfBytesToProtect=0x5d5f5f8, NewAccessProtection=0x20, OldAccessProtection=0x5d5f5e8 | out: BaseAddress=0x5d5f5f0*=0x7ff673b43000, NumberOfBytesToProtect=0x5d5f5f8, OldAccessProtection=0x5d5f5e8*=0x40) returned 0x0 [0176.128] ResumeThread (hThread=0x508) returned 0x1 [0176.128] CloseHandle (hObject=0x508) returned 1 [0176.128] CloseHandle (hObject=0x50c) returned 1 [0176.128] RtlFreeAnsiString (AnsiString="E") [0176.128] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="RuntimeBroker.exe", AllocateDestinationString=1) returned 0x0 [0176.128] RtlFreeAnsiString (AnsiString="R") [0176.128] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="ShellExperienceHost.exe", AllocateDestinationString=1) returned 0x0 [0176.128] RtlFreeAnsiString (AnsiString="S") [0176.128] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="SearchUI.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="S") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="backgroundTaskHost.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="B") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="uni-likely.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="U") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="treo.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="T") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="subsection berry drainage.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="S") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="shade.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="S") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="conversations.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="C") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="maui observation.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="M") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="oldsleepsdelay.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="O") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="interactions-miles-validity.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="I") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="infraredpdf.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="I") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="ranges tremendous.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="R") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="statute lan.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="S") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="batteries.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="B") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="word_societies.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="W") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="gtreserves.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="G") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="skiing_layer_resolutions.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="S") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="abortion-auditor.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="A") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="alpine zones.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="A") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="completion.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="C") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="fiscalrkansas.exe", AllocateDestinationString=1) returned 0x0 [0176.129] RtlFreeAnsiString (AnsiString="F") [0176.129] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="funny.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="F") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="backgroundTaskHost.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="B") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="audiodg.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="A") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="S") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="sc.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="S") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="S") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="cmd.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="C") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="conhost.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="C") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="conhost.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="C") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="backgroundTaskHost.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="B") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="cmd.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="C") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="autoclb.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="A") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="sppsvc.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="S") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="WMIADAP.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="W") [0176.130] RtlUpcaseUnicodeString (DestinationString=0x5d5fec8, SourceString="WmiPrvSE.exe", AllocateDestinationString=1) returned 0x0 [0176.130] RtlFreeAnsiString (AnsiString="W") [0176.130] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0176.130] CreateWaitableTimerA (lpTimerAttributes=0x5d5ff1c, bManualReset=1, lpTimerName="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 0x50c [0176.130] SetWaitableTimer (hTimer=0x50c, lpDueTime=0x5d5ff10, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0176.130] CloseHandle (hObject=0x50c) returned 1 [0176.130] LocalFree (hMem=0x736f98) returned 0x0 [0176.131] SetFileAttributesW (lpFileName="C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe", dwFileAttributes=0x80) returned 1 [0176.131] DeleteFileW (lpFileName="C:\\Users\\CIIHMN~1\\Desktop\\nstpeer.exe" (normalized: "c:\\users\\ciihmn~1\\desktop\\nstpeer.exe")) returned 1 [0176.133] HeapDestroy (hHeap=0x5e60000) returned 1 [0176.160] ExitProcess (uExitCode=0x0) Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2bca4000" os_pid = "0xd0c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xbec" cmd_line = "C:\\Windows\\system32\\svchost.exe" cur_dir = "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 920 start_va = 0x7f9fa000 end_va = 0x7f9fafff entry_point = 0x0 region_type = private name = "private_0x000000007f9fa000" filename = "" Region: id = 921 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 922 start_va = 0xaffc830000 end_va = 0xaffc84ffff entry_point = 0x0 region_type = private name = "private_0x000000affc830000" filename = "" Region: id = 923 start_va = 0xaffc850000 end_va = 0xaffc863fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affc850000" filename = "" Region: id = 924 start_va = 0xaffc870000 end_va = 0xaffc8effff entry_point = 0x0 region_type = private name = "private_0x000000affc870000" filename = "" Region: id = 925 start_va = 0xaffc8f0000 end_va = 0xaffc8f3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affc8f0000" filename = "" Region: id = 926 start_va = 0xaffc900000 end_va = 0xaffc900fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affc900000" filename = "" Region: id = 927 start_va = 0xaffc910000 end_va = 0xaffc911fff entry_point = 0x0 region_type = private name = "private_0x000000affc910000" filename = "" Region: id = 928 start_va = 0x7df5ff1e0000 end_va = 0x7ff5ff1dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff1e0000" filename = "" Region: id = 929 start_va = 0x7ff672f00000 end_va = 0x7ff672f22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff672f00000" filename = "" Region: id = 930 start_va = 0x7ff672f24000 end_va = 0x7ff672f24fff entry_point = 0x0 region_type = private name = "private_0x00007ff672f24000" filename = "" Region: id = 931 start_va = 0x7ff672f2e000 end_va = 0x7ff672f2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff672f2e000" filename = "" Region: id = 932 start_va = 0x7ff673b40000 end_va = 0x7ff673b4cfff entry_point = 0x7ff673b40000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 933 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 942 start_va = 0xaffca10000 end_va = 0xaffca16fff entry_point = 0x0 region_type = private name = "private_0x000000affca10000" filename = "" Region: id = 943 start_va = 0xaffcb00000 end_va = 0xaffcbfffff entry_point = 0x0 region_type = private name = "private_0x000000affcb00000" filename = "" Region: id = 944 start_va = 0x7ff8eb870000 end_va = 0x7ff8eba4cfff entry_point = 0x7ff8eb870000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 945 start_va = 0x7ff8ee2d0000 end_va = 0x7ff8ee37cfff entry_point = 0x7ff8ee2d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 947 start_va = 0x830000 end_va = 0x962fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 948 start_va = 0xaffc830000 end_va = 0xaffc83ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affc830000" filename = "" Region: id = 949 start_va = 0xaffc920000 end_va = 0xaffc9ddfff entry_point = 0xaffc920000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 950 start_va = 0xaffca20000 end_va = 0xaffca9ffff entry_point = 0x0 region_type = private name = "private_0x000000affca20000" filename = "" Region: id = 951 start_va = 0x7ff672e00000 end_va = 0x7ff672efffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff672e00000" filename = "" Region: id = 952 start_va = 0x7ff672f2c000 end_va = 0x7ff672f2dfff entry_point = 0x0 region_type = private name = "private_0x00007ff672f2c000" filename = "" Region: id = 953 start_va = 0x7ff8ec240000 end_va = 0x7ff8ec29afff entry_point = 0x7ff8ec240000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 954 start_va = 0x7ff8ec450000 end_va = 0x7ff8ec575fff entry_point = 0x7ff8ec450000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 961 start_va = 0x970000 end_va = 0x970fff entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 962 start_va = 0x7ff8d5240000 end_va = 0x7ff8d525ffff entry_point = 0x7ff8d5240000 region_type = mapped_file name = "avifil32.dll" filename = "\\Windows\\System32\\avifil32.dll" (normalized: "c:\\windows\\system32\\avifil32.dll") Region: id = 963 start_va = 0x7ff8ee0b0000 end_va = 0x7ff8ee14cfff entry_point = 0x7ff8ee0b0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 964 start_va = 0x7ff8edd60000 end_va = 0x7ff8edfdbfff entry_point = 0x7ff8edd60000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 965 start_va = 0x7ff8ee190000 end_va = 0x7ff8ee235fff entry_point = 0x7ff8ee190000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 966 start_va = 0x7ff8edbc0000 end_va = 0x7ff8edd44fff entry_point = 0x7ff8edbc0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 967 start_va = 0x7ff8ebdc0000 end_va = 0x7ff8ebf0dfff entry_point = 0x7ff8ebdc0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 968 start_va = 0x7ff8ec300000 end_va = 0x7ff8ec440fff entry_point = 0x7ff8ec300000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 970 start_va = 0x7ff8d5220000 end_va = 0x7ff8d523bfff entry_point = 0x7ff8d5220000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 971 start_va = 0x7ff8d64c0000 end_va = 0x7ff8d64e8fff entry_point = 0x7ff8d64c0000 region_type = mapped_file name = "msvfw32.dll" filename = "\\Windows\\System32\\msvfw32.dll" (normalized: "c:\\windows\\system32\\msvfw32.dll") Region: id = 972 start_va = 0x7ff8db910000 end_va = 0x7ff8db93bfff entry_point = 0x7ff8db910000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 973 start_va = 0x7ff8db940000 end_va = 0x7ff8db962fff entry_point = 0x7ff8db940000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 974 start_va = 0x7ff8e9720000 end_va = 0x7ff8e9746fff entry_point = 0x7ff8e9720000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 975 start_va = 0x7ff8eaf60000 end_va = 0x7ff8eafa3fff entry_point = 0x7ff8eaf60000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 976 start_va = 0x7ff8ec580000 end_va = 0x7ff8edaa4fff entry_point = 0x7ff8ec580000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 977 start_va = 0x7ff8eb180000 end_va = 0x7ff8eb7a7fff entry_point = 0x7ff8eb180000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 978 start_va = 0x7ff8edfe0000 end_va = 0x7ff8ee030fff entry_point = 0x7ff8edfe0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 979 start_va = 0x7ff8eae20000 end_va = 0x7ff8eae2efff entry_point = 0x7ff8eae20000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 980 start_va = 0x7ff8eb7b0000 end_va = 0x7ff8eb862fff entry_point = 0x7ff8eb7b0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 981 start_va = 0x7ff8eadd0000 end_va = 0x7ff8eae19fff entry_point = 0x7ff8eadd0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 982 start_va = 0x7ff8eae30000 end_va = 0x7ff8eae42fff entry_point = 0x7ff8eae30000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 983 start_va = 0x7ff8d5170000 end_va = 0x7ff8d5219fff entry_point = 0x7ff8d5170000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 984 start_va = 0xaffcc00000 end_va = 0xaffcc6cfff entry_point = 0x0 region_type = private name = "private_0x000000affcc00000" filename = "" Region: id = 985 start_va = 0xaffcc70000 end_va = 0xaffce6ffff entry_point = 0x0 region_type = private name = "private_0x000000affcc70000" filename = "" Region: id = 986 start_va = 0xaffcd00000 end_va = 0xaffcdfffff entry_point = 0x0 region_type = private name = "private_0x000000affcd00000" filename = "" Region: id = 987 start_va = 0xaffcaa0000 end_va = 0xaffcad3fff entry_point = 0xaffcaa0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 988 start_va = 0xaffce00000 end_va = 0xaffcf87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affce00000" filename = "" Region: id = 989 start_va = 0x7ff8ee150000 end_va = 0x7ff8ee185fff entry_point = 0x7ff8ee150000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 990 start_va = 0x7ff8ec0c0000 end_va = 0x7ff8ec21bfff entry_point = 0x7ff8ec0c0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 991 start_va = 0xaffcf90000 end_va = 0xaffd110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affcf90000" filename = "" Region: id = 992 start_va = 0xaffd120000 end_va = 0xaffe51ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000affd120000" filename = "" Region: id = 993 start_va = 0xaffc840000 end_va = 0xaffc840fff entry_point = 0xaffc840000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 994 start_va = 0xaffc9e0000 end_va = 0xaffc9e0fff entry_point = 0x0 region_type = private name = "private_0x000000affc9e0000" filename = "" Region: id = 995 start_va = 0xaffc9f0000 end_va = 0xaffc9f0fff entry_point = 0x0 region_type = private name = "private_0x000000affc9f0000" filename = "" Region: id = 996 start_va = 0xaffe520000 end_va = 0xaffe5dcfff entry_point = 0x0 region_type = private name = "private_0x000000affe520000" filename = "" Region: id = 997 start_va = 0xaffe5e0000 end_va = 0xaffe7dffff entry_point = 0x0 region_type = private name = "private_0x000000affe5e0000" filename = "" Region: id = 998 start_va = 0xaffe600000 end_va = 0xaffe6fffff entry_point = 0x0 region_type = private name = "private_0x000000affe600000" filename = "" Region: id = 999 start_va = 0xaffca00000 end_va = 0xaffca01fff entry_point = 0xaffca00000 region_type = mapped_file name = "msvfw32.dll.mui" filename = "\\Windows\\System32\\en-US\\msvfw32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msvfw32.dll.mui") Region: id = 1000 start_va = 0xaffe700000 end_va = 0xaffe7bcfff entry_point = 0xaffe700000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1001 start_va = 0xaffe700000 end_va = 0xaffe82cfff entry_point = 0x0 region_type = private name = "private_0x000000affe700000" filename = "" Region: id = 1002 start_va = 0xaffe830000 end_va = 0xaffea2ffff entry_point = 0x0 region_type = private name = "private_0x000000affe830000" filename = "" Region: id = 1003 start_va = 0xaffe900000 end_va = 0xaffe9fffff entry_point = 0x0 region_type = private name = "private_0x000000affe900000" filename = "" Region: id = 1004 start_va = 0xaffea00000 end_va = 0xaffebfffff entry_point = 0x0 region_type = private name = "private_0x000000affea00000" filename = "" Region: id = 1005 start_va = 0xaffea00000 end_va = 0xaffeafffff entry_point = 0x0 region_type = private name = "private_0x000000affea00000" filename = "" Region: id = 1006 start_va = 0xaffeb00000 end_va = 0xaffecfffff entry_point = 0x0 region_type = private name = "private_0x000000affeb00000" filename = "" Region: id = 1007 start_va = 0xaffeb00000 end_va = 0xaffebfffff entry_point = 0x0 region_type = private name = "private_0x000000affeb00000" filename = "" Region: id = 1008 start_va = 0xaffec00000 end_va = 0xaffedfffff entry_point = 0x0 region_type = private name = "private_0x000000affec00000" filename = "" Region: id = 1009 start_va = 0xaffec00000 end_va = 0xaffecfffff entry_point = 0x0 region_type = private name = "private_0x000000affec00000" filename = "" Region: id = 1010 start_va = 0x7ff8ea9d0000 end_va = 0x7ff8ea9fbfff entry_point = 0x7ff8ea9d0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1011 start_va = 0xaffed00000 end_va = 0xafff036fff entry_point = 0xaffed00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1012 start_va = 0x7ff8ee240000 end_va = 0x7ff8ee247fff entry_point = 0x7ff8ee240000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1451 start_va = 0xafff040000 end_va = 0xafff172fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000afff040000" filename = "" Thread: id = 29 os_tid = 0xf4 [0176.140] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0xaffc8efec8 | out: BaseAddress=0xaffc8efec8*=0x7ff8ee380000) returned 0x0 [0176.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtCreateSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4139e0) returned 0x0 [0176.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtUnmapViewOfSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4137e0) returned 0x0 [0176.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtMapViewOfSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4137c0) returned 0x0 [0176.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwOpenProcessToken", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee414680) returned 0x0 [0176.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwClose", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee413630) returned 0x0 [0176.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwQueryInformationToken", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee413750) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwOpenProcess", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4137a0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtQuerySystemInformation", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4138a0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlNtStatusToDosError", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee38f0c0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwQueryInformationProcess", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4136d0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlImageDirectoryEntryToData", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee396850) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_wcsupr", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4058a0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_strupr", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee404f60) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memmove", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee417e80) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="bsearch", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee406420) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee405260) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_strlwr", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee404e60) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="atoi", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4043d0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="strstr", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee408bd0) returned 0x0 [0176.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="wcscpy", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee409650) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwQueryKey", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4136a0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlUpcaseUnicodeString", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3d3170) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlFreeUnicodeString", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3a7110) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="sprintf", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee407fb0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_snprintf", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee404970) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memset", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4181c0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee417e80) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="strcpy", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4082f0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlAdjustPrivilege", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3f32a0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="mbstowcs", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4075a0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlImageNtHeader", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee396820) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee4076a0) returned 0x0 [0176.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="__C_specific_handler", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee403f20) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="__chkstk", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee416290) returned 0x0 [0176.143] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0xaffc8efec8 | out: BaseAddress=0xaffc8efec8*=0x7ff8ee2d0000) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetLocalTime", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ee9e0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenProcess", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ea8f0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualQueryEx", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f24a0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateRemoteThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3126d0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eeca0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetVersion", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f1fd0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetEndOfFile", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5ae0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RemoveDirectoryW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5ad0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetTempFileNameA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f59e0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3881b0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ebaf0) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ed680) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5510) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WriteProcessMemory", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ee710) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5760) returned 0x0 [0176.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcmpiA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ebb10) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0c70) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f2080) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6580) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcmpA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2edf40) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetModuleHandleA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ee6d0) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateFileMappingA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2d5bc0) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="MapViewOfFile", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ee950) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e8f00) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eecc0) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GlobalLock", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6230) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrlenA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ebb80) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GlobalAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eb810) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GlobalUnlock", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6170) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3aebf0) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcpyA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eedf0) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6060) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6050) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RemoveDirectoryA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5ac0) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5790) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcatA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0e30) returned 0x0 [0176.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5b80) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateDirectoryA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5730) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapDestroy", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f2e50) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapCreate", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0f80) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetEvent", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f56b0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3ad8d0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e60a0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindNextFileW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5880) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CopyFileW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5d70) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetWaitableTimer", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f56c0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LocalAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e9310) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6470) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6030) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e64b0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e9490) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateEventA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5560) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetWindowsDirectoryA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f41b0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DeleteFileW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f57a0) returned 0x0 [0176.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateDirectoryW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5740) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateWaitableTimerA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f3870) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5a00) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindFirstFileW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5840) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e9320) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f2c00) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SuspendThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0d70) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WaitForMultipleObjects", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f56e0) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ResumeThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ef570) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcpyW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0a80) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FileTimeToSystemTime", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5bf0) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ebc20) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5770) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ResetEvent", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f56a0) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SwitchToThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ea960) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcatW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f3830) returned 0x0 [0176.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateProcessW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2edee0) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetFileSize", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5950) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetFileAttributesW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5930) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ExpandEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ee420) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6090) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3b4420) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6160) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3b4ec0) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetComputerNameA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ec250) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateMutexA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f55a0) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenWaitableTimerA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee313a10) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenMutexA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2d5e30) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetVolumeInformationA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5a20) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WaitForSingleObject", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5700) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ReleaseMutex", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5680) returned 0x0 [0176.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetComputerNameW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ec3c0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3e38f0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LoadLibraryExW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eb820) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eaa40) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualFree", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ebc10) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetLogicalDriveStringsW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f59d0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetFileAttributesA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5900) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenFileMappingA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f3c10) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetExitCodeProcess", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ee450) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateProcessA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ed5b0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcpynA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3136c0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LocalReAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f2c80) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2edec0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6020) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e64c0) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eed90) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetVersionExW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eaa30) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eeb90) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5a90) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetFilePointer", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5b20) returned 0x0 [0176.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Thread32First", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f01b0) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="QueueUserAPC", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2efe40) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateToolhelp32Snapshot", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f6830) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenThread", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ea970) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Thread32Next", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6720) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindFirstFileA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5800) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindNextFileA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5860) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ConnectNamedPipe", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f30b0) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetOverlappedResult", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ebb70) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CancelIo", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f2f50) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DisconnectNamedPipe", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f3820) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5890) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CallNamedPipeA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee30fe50) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateNamedPipeA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee310070) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ea940) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WaitNamedPipeA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee310670) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e6070) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SleepEx", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f56d0) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3fa5b0) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee3ea7b0) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenEventA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f5630) returned 0x0 [0176.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcmpiW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2e65d0) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RaiseException", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eeba0) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetSystemInfo", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2ef580) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Process32NextW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2eb8f0) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Process32FirstW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0020) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="QueueUserWorkItem", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f0f60) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FileTimeToLocalFileTime", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f57b0) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f57c0) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetDriveTypeW", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee2f58f0) returned 0x0 [0176.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualProtectEx", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8ee313630) returned 0x0 [0176.150] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="AVIFIL32.dll", BaseAddress=0xaffc8efec8 | out: BaseAddress=0xaffc8efec8*=0x7ff8d5240000) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIStreamRelease", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d52469a0) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIStreamWrite", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d5247230) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileOpenA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d52468b0) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileCreateStreamA", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d5246c10) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIStreamSetFormat", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d5247070) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileExit", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d5246400) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileInit", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d52463d0) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIMakeCompressedStream", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d5247910) returned 0x0 [0178.040] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileRelease", Ordinal=0x0, ProcedureAddress=0xaffc8efeb0 | out: ProcedureAddress=0xaffc8efeb0*=0x7ff8d52469a0) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efeb8*=0x830000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x4, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efeb8*=0x830000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efe50*=0x831000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x20, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efe50*=0x831000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efe50*=0x869000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x2, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efe50*=0x869000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efe50*=0x893000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x4, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efe50*=0x893000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efe50*=0x898000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x2, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efe50*=0x898000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efe50*=0x89a000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x4, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efe50*=0x89a000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.041] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8efe50*=0x89c000, NumberOfBytesToProtect=0xaffc8efec0, NewAccessProtection=0x2, OldAccessProtection=0xaffc8efeb0 | out: BaseAddress=0xaffc8efe50*=0x89c000, NumberOfBytesToProtect=0xaffc8efec0, OldAccessProtection=0xaffc8efeb0*=0x40) returned 0x0 [0178.044] GetTickCount () returned 0x3efef [0178.044] GetModuleHandleA (lpModuleName=0x0) returned 0x7ff673b40000 [0178.044] GetVersion () returned 0x2800000a [0178.044] GetCurrentProcessId () returned 0xd0c [0178.044] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x164 [0178.045] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xaffe902040, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0178.045] lstrcpynA (in: lpString1=0xaffc8efe00, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0178.045] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0178.045] GetProcAddress (hModule=0x7ff8ee2d0000, lpProcName="IsWow64Process") returned 0x7ff8ee2ee960 [0178.045] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xd0c) returned 0x168 [0178.045] IsWow64Process (in: hProcess=0x168, Wow64Process=0xaffc8efda0 | out: Wow64Process=0xaffc8efda0) returned 1 [0178.045] CloseHandle (hObject=0x168) returned 1 [0178.046] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7ff8ee190000 [0178.046] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7ff8ee1ad610 [0178.046] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0178.086] NtOpenProcess (in: ProcessHandle=0xaffc8efd58, DesiredAccess=0x400, ObjectAttributes=0xaffc8efcf0*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xaffc8efce0*(UniqueProcess=0xd0c, UniqueThread=0x0) | out: ProcessHandle=0xaffc8efd58*=0x184) returned 0x0 [0178.086] NtOpenProcessToken (in: ProcessHandle=0x184, DesiredAccess=0x8, TokenHandle=0xaffc8efd50 | out: TokenHandle=0xaffc8efd50*=0x188) returned 0x0 [0178.086] NtQueryInformationToken (in: TokenHandle=0x188, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xaffc8efd40 | out: TokenInformation=0x0, ReturnLength=0xaffc8efd40) returned 0xc0000023 [0178.086] NtQueryInformationToken (in: TokenHandle=0x188, TokenInformationClass=0x1, TokenInformation=0xaffe902260, TokenInformationLength=0x2c, ReturnLength=0xaffc8efd40 | out: TokenInformation=0xaffe902260, ReturnLength=0xaffc8efd40) returned 0x0 [0178.086] NtClose (Handle=0x188) returned 0x0 [0178.086] NtClose (Handle=0x184) returned 0x0 [0178.087] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7ff8edfe0000 [0178.114] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrRChrA") returned 0x7ff8edff4dd0 [0178.114] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0178.115] _strupr (in: _String=0xaffe902054 | out: _String="SVCHOST.EXE") returned="SVCHOST.EXE" [0178.115] lstrlenA (lpString="SVCHOST.EXE") returned 11 [0178.115] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x184 [0178.115] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x7ff8ebdc0000 [0178.115] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="wsprintfA") returned 0x7ff8ebde2610 [0178.115] wsprintfA (in: param_1=0xaffe902260, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0178.115] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0178.115] lstrcpyA (in: lpString1=0xaffe9022a0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0178.115] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0178.115] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0178.115] lstrlenA (lpString="\\Vars") returned 5 [0178.115] lstrcpyA (in: lpString1=0xaffe902300, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0178.115] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Vars" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars" [0178.115] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0178.115] lstrlenA (lpString="\\Files") returned 6 [0178.115] lstrcpyA (in: lpString1=0xaffe902370, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0178.115] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Files" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files" [0178.115] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0178.115] lstrlenA (lpString="\\Run") returned 4 [0178.116] lstrcpyA (in: lpString1=0xaffe9023e0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0178.116] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Run" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run" [0178.116] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0178.116] lstrlenA (lpString="\\Config") returned 7 [0178.116] lstrcpyA (in: lpString1=0xaffe902440, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0178.116] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Config" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config" [0178.116] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0178.116] lstrlenA (lpString="Local\\") returned 6 [0178.116] lstrcpyA (in: lpString1=0xaffe9024b0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.116] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0178.116] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0178.116] lstrlenA (lpString="Local\\") returned 6 [0178.116] lstrcpyA (in: lpString1=0xaffe9024f0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.116] lstrcatA (in: lpString1="Local\\", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0178.116] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0178.116] lstrlenA (lpString="Local\\") returned 6 [0178.116] lstrcpyA (in: lpString1=0xaffe902530, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.116] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0178.116] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 38 [0178.116] lstrlenA (lpString="Local\\") returned 6 [0178.116] lstrcpyA (in: lpString1=0xaffe902570, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.116] lstrcatA (in: lpString1="Local\\", lpString2="{62D813F7-59FC-E439-F3B6-9D58D74A210C}" | out: lpString1="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}" [0178.116] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{FB999B87-1EC7-E503-005F-32E93403862D}") returned 38 [0178.116] lstrlenA (lpString="Local\\") returned 6 [0178.116] lstrcpyA (in: lpString1=0xaffe9025b0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.116] lstrcatA (in: lpString1="Local\\", lpString2="{FB999B87-1EC7-E503-005F-32E93403862D}" | out: lpString1="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}" [0178.116] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 38 [0178.116] lstrlenA (lpString="Local\\") returned 6 [0178.116] lstrcpyA (in: lpString1=0xaffe9025f0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.116] lstrcatA (in: lpString1="Local\\", lpString2="{A8435A97-E752-1A33-B15C-0BEE75506F02}" | out: lpString1="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned 38 [0178.117] lstrlenA (lpString="Local\\") returned 6 [0178.117] lstrcpyA (in: lpString1=0xaffe902630, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.117] lstrcatA (in: lpString1="Local\\", lpString2="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" | out: lpString1="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{BEE2402B-052B-A020-7FD2-09D423264D48}") returned 38 [0178.117] lstrlenA (lpString="Local\\") returned 6 [0178.117] lstrcpyA (in: lpString1=0xaffe902670, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.117] lstrcatA (in: lpString1="Local\\", lpString2="{BEE2402B-052B-A020-7FD2-09D423264D48}" | out: lpString1="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}") returned="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned 38 [0178.117] lstrlenA (lpString="\\\\.\\pipe\\") returned 9 [0178.117] lstrcpyA (in: lpString1=0xaffe9026b0, lpString2="\\\\.\\pipe\\" | out: lpString1="\\\\.\\pipe\\") returned="\\\\.\\pipe\\" [0178.117] lstrcatA (in: lpString1="\\\\.\\pipe\\", lpString2="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" | out: lpString1="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned 38 [0178.117] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0178.117] lstrcpyA (in: lpString1=0xaffe9026f0, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0178.117] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{24A75F92-33C8-F66F-DD98-178A614C3B5E}" | out: lpString1="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned 38 [0178.117] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0178.117] lstrcpyA (in: lpString1=0xaffe902740, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0178.117] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{25E2F79F-402D-9FBF-7229-7443C66DE827}" | out: lpString1="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned 38 [0178.117] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0178.117] lstrcpyA (in: lpString1=0xaffe902790, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0178.117] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" | out: lpString1="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 38 [0178.117] lstrlenA (lpString="Local\\") returned 6 [0178.117] lstrcpyA (in: lpString1=0xaffe9027e0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.117] lstrcatA (in: lpString1="Local\\", lpString2="{53667D0F-9637-FD89-3837-2A81EC5BFE45}" | out: lpString1="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}" [0178.117] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 38 [0178.117] lstrlenA (lpString="Local\\") returned 6 [0178.118] lstrcpyA (in: lpString1=0xaffe902820, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.118] lstrcatA (in: lpString1="Local\\", lpString2="{E089BDC1-BF33-12AE-4914-63668D8847FA}" | out: lpString1="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}" [0178.118] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 38 [0178.118] lstrlenA (lpString="Local\\") returned 6 [0178.118] lstrcpyA (in: lpString1=0xaffe902860, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.118] lstrcatA (in: lpString1="Local\\", lpString2="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" | out: lpString1="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0178.118] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned 38 [0178.118] lstrlenA (lpString="Local\\") returned 6 [0178.118] lstrcpyA (in: lpString1=0xaffe9028a0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0178.118] lstrcatA (in: lpString1="Local\\", lpString2="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" | out: lpString1="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" [0178.118] wsprintfA (in: param_1=0xaffe902260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{02F1C55C-79FC-84FB-1356-BDF8F7EA41AC}") returned 38 [0178.118] lstrcatA (in: lpString1="", lpString2="{02F1C55C-79FC-84FB-1356-BDF8F7EA41AC}" | out: lpString1="{02F1C55C-79FC-84FB-1356-BDF8F7EA41AC}") returned="{02F1C55C-79FC-84FB-1356-BDF8F7EA41AC}" [0178.118] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0x84c4bc) returned 0xaffcb15720 [0178.118] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="{02F1C55C-79FC-84FB-1356-BDF8F7EA41AC}") returned 0x188 [0178.118] GetLastError () returned 0x0 [0178.118] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegOpenKeyA") returned 0x7ff8ee1ab9e0 [0178.118] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0xaffc8efc90 | out: phkResult=0xaffc8efc90*=0x190) returned 0x0 [0178.119] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegQueryValueExA") returned 0x7ff8ee1a7dd0 [0178.119] RegQueryValueExA (in: hKey=0x190, lpValueName="Ini", lpReserved=0x0, lpType=0xaffc8efc10, lpData=0x0, lpcbData=0xaffc8efc88*=0x89d018 | out: lpType=0xaffc8efc10*=0x0, lpData=0x0, lpcbData=0xaffc8efc88*=0x0) returned 0x2 [0178.119] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegCloseKey") returned 0x7ff8ee1a72e0 [0178.119] RegCloseKey (hKey=0x190) returned 0x0 [0178.119] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrToIntExA") returned 0x7ff8edff4e70 [0178.119] StrToIntExA (in: pszString="40", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="1200", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="10", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="1000", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="12", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] StrToIntExA (in: pszString="60", dwFlags=0x0, piRet=0xaffc8efc88 | out: piRet=0xaffc8efc88) returned 1 [0178.119] lstrlenA (lpString="CBA16FFC891E31A5") returned 16 [0178.119] lstrlenA (lpString="makarcheck.com niperola.com") returned 27 [0178.119] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrChrA") returned 0x7ff8edff4cc0 [0178.119] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0178.119] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0178.119] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrTrimA") returned 0x7ff8edff4e80 [0178.120] StrTrimA (in: psz="makarcheck.com niperola.com", pszTrimChars=" \x09" | out: psz="makarcheck.com niperola.com") returned 0 [0178.120] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0178.120] StrTrimA (in: psz="niperola.com", pszTrimChars=" \x09" | out: psz="niperola.com") returned 0 [0178.120] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0178.120] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0178.120] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7ff8ee380000 [0178.120] GetModuleHandleA (lpModuleName="kernelbase") returned 0x7ff8eb870000 [0178.120] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="GetUserNameA") returned 0x7ff8ee1bec40 [0178.120] GetUserNameA (in: lpBuffer=0x0, pcbBuffer=0xaffc8efd48 | out: lpBuffer=0x0, pcbBuffer=0xaffc8efd48) returned 0 [0178.234] GetUserNameA (in: lpBuffer=0xaffe902a70, pcbBuffer=0xaffc8efd48 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0xaffc8efd48) returned 1 [0178.234] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7ff8ee380000 [0178.234] lstrlenA (lpString="A_SHAFinal") returned 10 [0178.234] lstrlenA (lpString="A_SHAInit") returned 9 [0178.234] lstrlenA (lpString="A_SHAUpdate") returned 11 [0178.234] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0178.234] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0178.234] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0178.234] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0178.234] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0178.234] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0178.234] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0178.234] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0178.234] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0178.234] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0178.234] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0178.234] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0178.234] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0178.234] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0178.234] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0178.234] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0178.234] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0178.235] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0178.235] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0178.235] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0178.235] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0178.235] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0178.235] lstrlenA (lpString="CsrClientCallServer") returned 19 [0178.235] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0178.235] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0178.235] lstrlenA (lpString="CsrGetProcessId") returned 15 [0178.235] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0178.235] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0178.235] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0178.235] lstrlenA (lpString="DbgBreakPoint") returned 13 [0178.235] lstrlenA (lpString="DbgPrint") returned 8 [0178.235] lstrlenA (lpString="DbgPrintEx") returned 10 [0178.235] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0178.235] lstrlenA (lpString="DbgPrompt") returned 9 [0178.235] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0178.235] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0178.235] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0178.235] lstrlenA (lpString="DbgUiContinue") returned 13 [0178.235] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0178.235] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0178.235] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0178.235] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0178.235] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0178.235] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0178.235] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0178.235] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0178.235] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0178.235] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0178.235] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0178.235] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0178.235] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0178.235] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0178.235] lstrlenA (lpString="EtwEventEnabled") returned 15 [0178.235] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0178.235] lstrlenA (lpString="EtwEventRegister") returned 16 [0178.235] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0178.235] lstrlenA (lpString="EtwEventUnregister") returned 18 [0178.236] lstrlenA (lpString="EtwEventWrite") returned 13 [0178.236] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0178.236] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0178.236] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0178.236] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0178.236] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0178.236] lstrlenA (lpString="EtwEventWriteString") returned 19 [0178.236] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0178.236] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0178.236] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0178.236] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0178.236] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0178.236] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0178.236] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0178.236] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0178.236] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0178.236] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0178.236] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0178.236] lstrlenA (lpString="EtwReplyNotification") returned 20 [0178.236] lstrlenA (lpString="EtwSendNotification") returned 19 [0178.236] lstrlenA (lpString="EtwSetMark") returned 10 [0178.236] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0178.236] lstrlenA (lpString="EtwTraceMessage") returned 15 [0178.236] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0178.236] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0178.236] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0178.236] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0178.236] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0178.236] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0178.236] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0178.236] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0178.236] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0178.236] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0178.236] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0178.236] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0178.236] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0178.236] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0178.236] lstrlenA (lpString="KiUserInvertedFunctionTable") returned 27 [0178.236] lstrlenA (lpString="LdrAccessResource") returned 17 [0178.236] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0178.236] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0178.236] lstrlenA (lpString="LdrAddRefDll") returned 12 [0178.236] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0178.236] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0178.236] lstrlenA (lpString="LdrEnumResources") returned 16 [0178.236] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0178.236] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0178.237] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0178.237] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0178.237] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0178.237] lstrlenA (lpString="LdrFindResource_U") returned 17 [0178.237] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0178.237] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0178.237] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0178.237] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0178.237] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0178.237] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0178.237] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0178.237] lstrlenA (lpString="LdrGetDllPath") returned 13 [0178.237] lstrlenA (lpString="LdrGetFailureData") returned 17 [0178.237] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0178.237] lstrlenA (lpString="LdrGetKnownDllSectionHandle") returned 27 [0178.237] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0178.237] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0178.237] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0178.237] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0178.237] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0178.237] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0178.237] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0178.237] lstrlenA (lpString="LdrLoadDll") returned 10 [0178.237] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0178.237] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0178.237] lstrlenA (lpString="LdrProcessInitializationComplete") returned 32 [0178.237] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0178.237] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0178.237] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0178.237] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0178.237] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0178.237] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0178.237] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0178.237] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0178.237] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0178.237] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0178.237] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0178.237] lstrlenA (lpString="LdrResFindResource") returned 18 [0178.237] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0178.237] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0178.237] lstrlenA (lpString="LdrResRelease") returned 13 [0178.237] lstrlenA (lpString="LdrResSearchResource") returned 20 [0178.237] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0178.237] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0178.237] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0178.237] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0178.237] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0178.238] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0178.238] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0178.238] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0178.238] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0178.238] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0178.238] lstrlenA (lpString="LdrShutdownThread") returned 17 [0178.238] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0178.238] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0178.238] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0178.238] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0178.238] lstrlenA (lpString="LdrUnloadDll") returned 12 [0178.238] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0178.238] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0178.238] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0178.238] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0178.238] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0178.238] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0178.238] lstrlenA (lpString="MD4Final") returned 8 [0178.238] lstrlenA (lpString="MD4Init") returned 7 [0178.238] lstrlenA (lpString="MD4Update") returned 9 [0178.238] lstrlenA (lpString="MD5Final") returned 8 [0178.238] lstrlenA (lpString="MD5Init") returned 7 [0178.238] lstrlenA (lpString="MD5Update") returned 9 [0178.238] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0178.238] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0178.238] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0178.238] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0178.238] lstrlenA (lpString="NtAccessCheck") returned 13 [0178.238] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0178.238] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0178.238] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0178.238] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0178.238] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0178.238] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0178.238] lstrlenA (lpString="NtAddAtom") returned 9 [0178.238] lstrlenA (lpString="NtAddAtomEx") returned 11 [0178.238] lstrlenA (lpString="NtAddBootEntry") returned 14 [0178.238] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0178.238] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0178.238] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0178.238] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0178.238] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0178.238] lstrlenA (lpString="NtAlertThread") returned 13 [0178.238] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0178.238] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0178.238] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0178.239] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0178.239] lstrlenA (lpString="NtAllocateUuids") returned 15 [0178.239] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0178.239] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0178.239] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0178.239] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0178.239] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0178.239] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0178.239] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0178.239] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0178.239] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0178.239] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0178.239] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0178.239] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0178.239] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0178.239] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0178.239] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0178.239] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0178.239] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0178.239] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0178.239] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0178.239] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0178.239] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0178.239] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0178.239] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0178.239] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0178.239] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0178.239] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0178.239] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0178.239] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0178.239] lstrlenA (lpString="NtCallbackReturn") returned 16 [0178.239] lstrlenA (lpString="NtCancelIoFile") returned 14 [0178.239] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0178.239] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0178.239] lstrlenA (lpString="NtCancelTimer") returned 13 [0178.239] lstrlenA (lpString="NtCancelTimer2") returned 14 [0178.239] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0178.239] lstrlenA (lpString="NtClearEvent") returned 12 [0178.239] lstrlenA (lpString="NtClose") returned 7 [0178.239] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0178.239] lstrlenA (lpString="NtCommitComplete") returned 16 [0178.239] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0178.239] lstrlenA (lpString="NtCommitTransaction") returned 19 [0178.239] lstrlenA (lpString="NtCompactKeys") returned 13 [0178.239] lstrlenA (lpString="NtCompareObjects") returned 16 [0178.239] lstrlenA (lpString="NtCompareTokens") returned 15 [0178.239] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0178.239] lstrlenA (lpString="NtCompressKey") returned 13 [0178.240] lstrlenA (lpString="NtConnectPort") returned 13 [0178.244] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7ff8ee190000 [0178.244] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0178.244] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessW") returned -1 [0178.247] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0178.248] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="Beep", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessW") returned -1 [0178.249] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessW") returned -1 [0178.250] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessW") returned -1 [0178.253] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessW") returned -1 [0178.254] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateProcessInternalA", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateProcessInternalW", lpString2="CreateProcessW") returned -1 [0178.255] lstrcmpA (lpString1="CreateProcessW", lpString2="CreateProcessW") returned 0 [0178.255] VirtualProtect (in: lpAddress=0x7ff8ee35b780, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x2) returned 1 [0178.255] VirtualProtect (in: lpAddress=0x7ff8ee343a00, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x20) returned 1 [0178.255] VirtualProtect (in: lpAddress=0x7ff8ee343a00, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x40) returned 1 [0178.256] VirtualProtect (in: lpAddress=0x7ff8ee35b780, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x40) returned 1 [0178.256] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb20, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb20, ReturnLength=0x0) returned 0x0 [0178.256] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0178.256] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessA") returned -1 [0178.256] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessA") returned -1 [0178.257] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="Beep", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessA") returned -1 [0178.258] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessA") returned -1 [0178.259] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessA") returned -1 [0178.260] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessA") returned -1 [0178.261] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessA") returned 0 [0178.261] VirtualProtect (in: lpAddress=0x7ff8ee35b76c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x2) returned 1 [0178.262] VirtualProtect (in: lpAddress=0x7ff8ee343a0e, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x20) returned 1 [0178.262] VirtualProtect (in: lpAddress=0x7ff8ee343a0e, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x40) returned 1 [0178.262] VirtualProtect (in: lpAddress=0x7ff8ee35b76c, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x40) returned 1 [0178.262] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb20, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb20, ReturnLength=0x0) returned 0x0 [0178.262] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0178.262] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessAsUserW") returned -1 [0178.262] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessAsUserW") returned -1 [0178.263] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="Beep", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessAsUserW") returned -1 [0178.264] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessAsUserW") returned -1 [0178.265] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessAsUserW") returned -1 [0178.266] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0178.267] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserW") returned -1 [0178.268] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessAsUserW") returned 0 [0178.268] VirtualProtect (in: lpAddress=0x7ff8ee35b774, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x2) returned 1 [0178.268] VirtualProtect (in: lpAddress=0x7ff8ee343a1c, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x20) returned 1 [0178.269] VirtualProtect (in: lpAddress=0x7ff8ee343a1c, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x40) returned 1 [0178.269] VirtualProtect (in: lpAddress=0x7ff8ee35b774, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x40) returned 1 [0178.269] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb20, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb20, ReturnLength=0x0) returned 0x0 [0178.269] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7ff8ee190000 [0178.269] lstrcmpA (lpString1="A_SHAFinal", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="A_SHAInit", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="A_SHAUpdate", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AbortSystemShutdownA", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AbortSystemShutdownW", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheck", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByType", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAce", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="CreateProcessAsUserA") returned -1 [0178.269] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AddConditionalAce", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AddMandatoryAce", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AddUsersToEncryptedFile", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AddUsersToEncryptedFileEx", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditComputeEffectivePolicyBySid", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditComputeEffectivePolicyByToken", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditEnumerateCategories", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditEnumeratePerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditEnumerateSubCategories", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditFree", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditLookupCategoryGuidFromCategoryId", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditLookupCategoryIdFromCategoryGuid", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditLookupCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditLookupCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditLookupSubCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditLookupSubCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditQueryGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditQueryGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditQueryPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditQuerySecurity", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditQuerySystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditSetGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditSetGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0178.270] lstrcmpA (lpString1="AuditSetPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="AuditSetSecurity", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="AuditSetSystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BackupEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BackupEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegCloseKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegCreateKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegDeleteKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegDeleteValue", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegFlushKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegGetVersion", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegOpenKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegRestoreKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegSaveKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegSetKeySecurity", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegSetValue", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BaseRegUnLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildImpersonateTrusteeA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildImpersonateTrusteeW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithSidA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="BuildTrusteeWithSidW", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="CancelOverlappedAccess", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="ChangeServiceConfig2A", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="ChangeServiceConfig2W", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="ChangeServiceConfigA", lpString2="CreateProcessAsUserA") returned -1 [0178.271] lstrcmpA (lpString1="ChangeServiceConfigW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CheckForHiberboot", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CheckTokenMembership", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ClearEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ClearEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CloseCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CloseEncryptedFileRaw", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CloseEventLog", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CloseServiceHandle", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CloseThreadWaitChainSession", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CloseTrace", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="CommandLineFromMsiDescriptor", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ComputeAccessTokenFromCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ControlService", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ControlServiceExA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ControlServiceExW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ControlTraceA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ControlTraceW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSDToStringSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSidToStringSidA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertSidToStringSidW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSDToSDDomainA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSDToSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSidToSidA", lpString2="CreateProcessAsUserA") returned -1 [0178.272] lstrcmpA (lpString1="ConvertStringSidToSidW", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="CopySid", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="CreateCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="CreateProcessAsUserA") returned -1 [0178.273] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserA") returned 0 [0178.273] VirtualProtect (in: lpAddress=0x7ff8ee21ba88, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x2) returned 1 [0178.273] VirtualProtect (in: lpAddress=0x7ff8ee1f3800, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x20) returned 1 [0178.273] VirtualProtect (in: lpAddress=0x7ff8ee1f3800, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xaffc8efb80 | out: lpflOldProtect=0xaffc8efb80*=0x40) returned 1 [0178.273] VirtualProtect (in: lpAddress=0x7ff8ee21ba88, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xaffc8efb88 | out: lpflOldProtect=0xaffc8efb88*=0x40) returned 1 [0178.273] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb20, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb20, ReturnLength=0x0) returned 0x0 [0178.274] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x7ff8ee240000 [0178.320] GetProcAddress (hModule=0x7ff8ee240000, lpProcName="EnumProcessModules") returned 0x7ff8ee241040 [0178.320] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xaffe903d20, cb=0x1000, lpcbNeeded=0xaffc8efc28 | out: lphModule=0xaffe903d20, lpcbNeeded=0xaffc8efc28) returned 1 [0178.322] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff673b40000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff673b40000, AllocationBase=0x7ff673b40000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xaf)) returned 0x30 [0178.322] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.323] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessW") returned -1 [0178.323] lstrcmpiA (lpString1="exit", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="_initterm_e", lpString2="CreateProcessW") returned -1 [0178.323] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessW") returned -1 [0178.323] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="SetProcessAffinityUpdateMode", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="SetErrorMode", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="RegisterServiceCtrlHandlerW", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="StartServiceCtrlDispatcherW", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="SetServiceStatus", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessW") returned -1 [0178.323] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessW") returned 1 [0178.323] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessW") returned -1 [0178.324] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RegDisablePredefinedCacheEx", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RegQueryValueExW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="GetCommandLineW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessW") returned -1 [0178.324] lstrcmpiA (lpString1="WideCharToMultiByte", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcMgmtStopServerListening", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="I_RpcServerDisableExceptionFilter", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcServerRegisterIf", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcServerUnregisterIfEx", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcServerListen", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcServerUseProtseqEpW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcServerUnregisterIf", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcMgmtSetServerStackSize", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="RpcMgmtWaitServerListen", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="HeapAlloc", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="HeapFree", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="GetProcessHeap", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="HeapSetInformation", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="LCMapStringW", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="GetTokenInformation", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="SetSecurityDescriptorGroup", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="GetLengthSid", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessW") returned -1 [0178.324] lstrcmpiA (lpString1="InitializeSecurityDescriptor", lpString2="CreateProcessW") returned 1 [0178.324] lstrcmpiA (lpString1="SetSecurityDescriptorOwner", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="InitializeAcl", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="SetSecurityDescriptorDacl", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="LocalAlloc", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="LocalFree", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="CloseHandle", lpString2="CreateProcessW") returned -1 [0178.325] lstrcmpiA (lpString1="CreateActCtxW", lpString2="CreateProcessW") returned -1 [0178.325] lstrcmpiA (lpString1="ActivateActCtx", lpString2="CreateProcessW") returned -1 [0178.325] lstrcmpiA (lpString1="DeactivateActCtx", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="ReleaseActCtx", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RegisterWaitForSingleObjectEx", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="EtwEventWrite", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="EtwEventEnabled", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="EtwEventRegister", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlUnhandledExceptionFilter", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="NtSetInformationProcess", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlSetProcessIsCritical", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlInitializeCriticalSection", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlSubAuthoritySid", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlLengthRequiredSid", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlFreeHeap", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlCopySid", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlAllocateHeap", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlInitializeSid", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlSubAuthorityCountSid", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="RtlImageNtHeader", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="DelayLoadFailureHook", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="ResolveDelayLoadedAPI", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessW") returned 1 [0178.325] lstrcmpiA (lpString1="CoCreateInstance", lpString2="CreateProcessW") returned -1 [0178.325] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="CreateProcessW") returned -1 [0178.325] lstrcmpiA (lpString1="CoInitializeEx", lpString2="CreateProcessW") returned -1 [0178.325] lstrcmpiA (lpString1="CLSIDFromString", lpString2="CreateProcessW") returned -1 [0178.326] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessA") returned -1 [0178.326] lstrcmpiA (lpString1="exit", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="_initterm_e", lpString2="CreateProcessA") returned -1 [0178.326] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessA") returned -1 [0178.326] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="SetProcessAffinityUpdateMode", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="SetErrorMode", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="RegisterServiceCtrlHandlerW", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="StartServiceCtrlDispatcherW", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="SetServiceStatus", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessA") returned -1 [0178.326] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessA") returned -1 [0178.326] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessA") returned 1 [0178.326] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RegDisablePredefinedCacheEx", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RegQueryValueExW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="GetCommandLineW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessA") returned -1 [0178.327] lstrcmpiA (lpString1="WideCharToMultiByte", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcMgmtStopServerListening", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="I_RpcServerDisableExceptionFilter", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcServerRegisterIf", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcServerUnregisterIfEx", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcServerListen", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcServerUseProtseqEpW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcServerUnregisterIf", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcMgmtSetServerStackSize", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="RpcMgmtWaitServerListen", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="HeapAlloc", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="HeapFree", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="GetProcessHeap", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="HeapSetInformation", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="LCMapStringW", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="GetTokenInformation", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="SetSecurityDescriptorGroup", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="GetLengthSid", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessA") returned -1 [0178.327] lstrcmpiA (lpString1="InitializeSecurityDescriptor", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="SetSecurityDescriptorOwner", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="InitializeAcl", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="SetSecurityDescriptorDacl", lpString2="CreateProcessA") returned 1 [0178.327] lstrcmpiA (lpString1="LocalAlloc", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="LocalFree", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="CloseHandle", lpString2="CreateProcessA") returned -1 [0178.328] lstrcmpiA (lpString1="CreateActCtxW", lpString2="CreateProcessA") returned -1 [0178.328] lstrcmpiA (lpString1="ActivateActCtx", lpString2="CreateProcessA") returned -1 [0178.328] lstrcmpiA (lpString1="DeactivateActCtx", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="ReleaseActCtx", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RegisterWaitForSingleObjectEx", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="EtwEventWrite", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="EtwEventEnabled", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="EtwEventRegister", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlUnhandledExceptionFilter", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="NtSetInformationProcess", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlSetProcessIsCritical", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlInitializeCriticalSection", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlSubAuthoritySid", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlLengthRequiredSid", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlFreeHeap", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlCopySid", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlAllocateHeap", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlInitializeSid", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlSubAuthorityCountSid", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="RtlImageNtHeader", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="DelayLoadFailureHook", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="ResolveDelayLoadedAPI", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessA") returned 1 [0178.328] lstrcmpiA (lpString1="CoCreateInstance", lpString2="CreateProcessA") returned -1 [0178.328] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="CreateProcessA") returned -1 [0178.328] lstrcmpiA (lpString1="CoInitializeEx", lpString2="CreateProcessA") returned -1 [0178.329] lstrcmpiA (lpString1="CLSIDFromString", lpString2="CreateProcessA") returned -1 [0178.329] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessAsUserW") returned -1 [0178.329] lstrcmpiA (lpString1="exit", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="_initterm_e", lpString2="CreateProcessAsUserW") returned -1 [0178.329] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessAsUserW") returned -1 [0178.329] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="SetProcessAffinityUpdateMode", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="SetErrorMode", lpString2="CreateProcessAsUserW") returned 1 [0178.329] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegisterServiceCtrlHandlerW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="StartServiceCtrlDispatcherW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="SetServiceStatus", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserW") returned -1 [0178.330] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserW") returned -1 [0178.330] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegDisablePredefinedCacheEx", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegQueryValueExW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="GetCommandLineW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserW") returned -1 [0178.330] lstrcmpiA (lpString1="WideCharToMultiByte", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcMgmtStopServerListening", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="I_RpcServerDisableExceptionFilter", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcServerRegisterIf", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcServerUnregisterIfEx", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcServerListen", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcServerUseProtseqEpW", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcServerUnregisterIf", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcMgmtSetServerStackSize", lpString2="CreateProcessAsUserW") returned 1 [0178.330] lstrcmpiA (lpString1="RpcMgmtWaitServerListen", lpString2="CreateProcessAsUserW") returned 1 [0178.331] lstrcmpiA (lpString1="HeapAlloc", lpString2="CreateProcessAsUserW") returned 1 [0178.331] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee380000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ee380000, AllocationBase=0x7ff8ee380000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.331] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.331] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee2d0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ee2d0000, AllocationBase=0x7ff8ee2d0000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.331] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.331] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb870000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eb870000, AllocationBase=0x7ff8eb870000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.331] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.331] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec240000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ec240000, AllocationBase=0x7ff8ec240000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.331] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.332] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec450000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ec450000, AllocationBase=0x7ff8ec450000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.332] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.332] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5240000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8d5240000, AllocationBase=0x7ff8d5240000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.332] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.333] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee0b0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ee0b0000, AllocationBase=0x7ff8ee0b0000, AllocationProtect=0x80, __alignment1=0x7ff6, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.333] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.333] VirtualProtect (in: lpAddress=0x7ff8ee125428, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.333] VirtualProtect (in: lpAddress=0x7ff8ee125428, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.333] VirtualProtect (in: lpAddress=0x7ff8ee125420, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.333] VirtualProtect (in: lpAddress=0x7ff8ee125420, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.333] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edd60000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8edd60000, AllocationBase=0x7ff8edd60000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.334] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.334] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edbc0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8edbc0000, AllocationBase=0x7ff8edbc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.334] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.335] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebdc0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ebdc0000, AllocationBase=0x7ff8ebdc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.335] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.335] VirtualProtect (in: lpAddress=0x7ff8ebe49728, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.335] VirtualProtect (in: lpAddress=0x7ff8ebe49728, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.336] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec300000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ec300000, AllocationBase=0x7ff8ec300000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.336] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.336] VirtualProtect (in: lpAddress=0x7ff8ec3c3020, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.336] VirtualProtect (in: lpAddress=0x7ff8ec3c3020, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.337] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d64c0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8d64c0000, AllocationBase=0x7ff8d64c0000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.337] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.337] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5220000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8d5220000, AllocationBase=0x7ff8d5220000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.337] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.337] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db940000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8db940000, AllocationBase=0x7ff8db940000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.337] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.338] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db910000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8db910000, AllocationBase=0x7ff8db910000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.338] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.338] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eaf60000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eaf60000, AllocationBase=0x7ff8eaf60000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.338] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.339] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9720000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8e9720000, AllocationBase=0x7ff8e9720000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.339] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.339] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec580000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ec580000, AllocationBase=0x7ff8ec580000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.339] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.339] VirtualProtect (in: lpAddress=0x7ff8ecb663b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.340] VirtualProtect (in: lpAddress=0x7ff8ecb663b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.341] VirtualProtect (in: lpAddress=0x7ff8ecb663e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.341] VirtualProtect (in: lpAddress=0x7ff8ecb663e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.342] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb180000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eb180000, AllocationBase=0x7ff8eb180000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.342] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.342] VirtualProtect (in: lpAddress=0x7ff8eb622758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.342] VirtualProtect (in: lpAddress=0x7ff8eb622758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.343] VirtualProtect (in: lpAddress=0x7ff8eb6226b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.343] VirtualProtect (in: lpAddress=0x7ff8eb6226b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.343] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edfe0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8edfe0000, AllocationBase=0x7ff8edfe0000, AllocationProtect=0x80, __alignment1=0xaf, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0178.344] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.345] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae20000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eae20000, AllocationBase=0x7ff8eae20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.345] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.345] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb7b0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eb7b0000, AllocationBase=0x7ff8eb7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.345] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.346] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadd0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eadd0000, AllocationBase=0x7ff8eadd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.346] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.346] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae30000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8eae30000, AllocationBase=0x7ff8eae30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.346] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.347] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5170000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8d5170000, AllocationBase=0x7ff8d5170000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.347] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.347] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee150000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ee150000, AllocationBase=0x7ff8ee150000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.347] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.348] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec0c0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ec0c0000, AllocationBase=0x7ff8ec0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.348] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.348] VirtualProtect (in: lpAddress=0x7ff8ec1a1820, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x2) returned 1 [0178.348] VirtualProtect (in: lpAddress=0x7ff8ec1a1820, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xaffc8efb70 | out: lpflOldProtect=0xaffc8efb70*=0x40) returned 1 [0178.349] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea9d0000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ea9d0000, AllocationBase=0x7ff8ea9d0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.349] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.349] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee240000, lpBuffer=0xaffc8efc30, dwLength=0x30 | out: lpBuffer=0xaffc8efc30*(BaseAddress=0x7ff8ee240000, AllocationBase=0x7ff8ee240000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0178.349] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xaffc8efb70, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xaffc8efb70, ReturnLength=0x0) returned 0x0 [0178.350] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xaffe903d20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0178.350] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrStrIW") returned 0x7ff8edfeb260 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="electrum-") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="bitcoin") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="multibit-hd") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="bither") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="msigna.") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="Jaxx.") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="JEdudus.") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="armory-") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="veracrypt") returned 0x0 [0178.350] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="truecrypt") returned 0x0 [0178.350] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="GetShellWindow") returned 0x7ff8ebde4060 [0178.350] GetShellWindow () returned 0x100c8 [0178.351] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="GetWindowThreadProcessId") returned 0x7ff8ebdd4040 [0178.351] GetWindowThreadProcessId (in: hWnd=0x100c8, lpdwProcessId=0xaffc8efc80 | out: lpdwProcessId=0xaffc8efc80) returned 0x55c [0178.351] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x508) returned 0x1a0 [0178.351] IsWow64Process (in: hProcess=0x1a0, Wow64Process=0xaffc8efbf0 | out: Wow64Process=0xaffc8efbf0) returned 1 [0178.351] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7ff8ee380000 [0178.351] GetProcAddress (hModule=0x7ff8ee380000, lpProcName="RtlExitUserThread") returned 0x7ff8ee389fa0 [0178.351] CreateRemoteThread (in: hProcess=0x1a0, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7ff8ee389fa0, lpParameter=0x0, dwCreationFlags=0x4, lpThreadId=0xaffc8efc34 | out: lpThreadId=0xaffc8efc34*=0x8e8) returned 0x1a4 [0178.359] IsWow64Process (in: hProcess=0x1a0, Wow64Process=0xaffc8ef6a0 | out: Wow64Process=0xaffc8ef6a0) returned 1 [0178.359] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x7ff8ee389fa0, Buffer=0xaffc8efbf8, NumberOfBytesToRead=0x4, NumberOfBytesRead=0xaffc8ef6c0 | out: Buffer=0xaffc8efbf8*, NumberOfBytesRead=0xaffc8ef6c0*=0x4) returned 0x0 [0178.359] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7ff8ee389fa0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xaffc8efbf0 | out: lpflOldProtect=0xaffc8efbf0*=0x20) returned 1 [0178.359] NtWriteVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x7ff8ee389fa0, Buffer=0xaffc8efbe8*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0xaffc8ef670 | out: Buffer=0xaffc8efbe8*, NumberOfBytesWritten=0xaffc8ef670*=0x4) returned 0x0 [0178.936] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7ff8ee389fa0, dwSize=0x4, flNewProtect=0x20, lpflOldProtect=0xaffc8efbf0 | out: lpflOldProtect=0xaffc8efbf0*=0x40) returned 1 [0178.936] ResumeThread (hThread=0x1a4) returned 0x1 [0178.936] Sleep (dwMilliseconds=0x64) [0179.082] SuspendThread (hThread=0x1a4) returned 0x0 [0179.082] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xaffc8ef6d0 | out: Context=0xaffc8ef6d0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x10000b, MxCsr=0x1f80, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x247, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0xfff1dc713f4, Rcx=0x0, Rdx=0x10004000000000, Rbx=0x7ff8ee389fa0, Rsp=0x307fac8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x7ff8ee389fa0, FltSave.ControlWord=0x27f, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x1f80, FltSave.MxCsr_Mask=0xffff, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x40, [145]=0x68, [146]=0x7f, [147]=0x1, [148]=0x1, [149]=0xe0, [150]=0xff, [151]=0xff, [152]=0x1, [153]=0xb6, [154]=0x2, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x1, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x56, [169]=0x16, [170]=0xd6, [171]=0x1a, [172]=0x1, [173]=0xf8, [174]=0xff, [175]=0xff, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x73361025, [5]=0xc900000, [6]=0x1ac36473), FltSave.Cr0NpxState=0xfffff801, Header.Low=0x27f, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 0x0 [0179.082] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.083] NtCreateSection (in: SectionHandle=0xaffc8ef5d0, DesiredAccess=0xf001f, ObjectAttributes=0xaffc8ef610*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0xaffc8ef5e0, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xaffc8ef5d0*=0x1a8) returned 0x0 [0179.083] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffffffffffff, BaseAddress=0xaffc8ef5d8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0xaffc8ef598*=0, ViewSize=0xaffc8ef560*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xaffc8ef5d8*=0xafff040000, SectionOffset=0xaffc8ef598*=0, ViewSize=0xaffc8ef560*=0x133000) returned 0x0 [0179.084] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.099] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xaffc8ef5c0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0xaffc8ef598*=0, ViewSize=0xaffc8ef560*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xaffc8ef5c0*=0x6260000, SectionOffset=0xaffc8ef598*=0, ViewSize=0xaffc8ef560*=0x133000) returned 0x0 [0179.101] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.106] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7ff8ee380000 [0179.106] GetModuleFileNameA (in: hModule=0x7ff8ee380000, lpFilename=0xaffe903f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0179.106] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrLoadDll") returned -1 [0179.106] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrLoadDll") returned -1 [0179.106] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrLoadDll") returned -1 [0179.106] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrLoadDll") returned -1 [0179.106] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrLoadDll") returned -1 [0179.106] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgPrint", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrLoadDll") returned -1 [0179.107] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrLoadDll") returned -1 [0179.108] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrLoadDll") returned -1 [0179.109] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="LdrLoadDll") returned -1 [0179.110] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="LdrLoadDll") returned -1 [0179.111] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="LdrLoadDll") returned -1 [0179.111] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="LdrLoadDll") returned -1 [0179.111] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="LdrLoadDll") returned -1 [0179.111] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="LdrLoadDll") returned -1 [0179.111] lstrcmpA (lpString1="LdrLoadDll", lpString2="LdrLoadDll") returned 0 [0179.111] CreateFileA (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0179.111] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=1227984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x12bcd0 [0179.111] ReadFile (in: hFile=0x1ac, lpBuffer=0xaffc8ef560, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0xaffc8ef598, lpOverlapped=0x0 | out: lpBuffer=0xaffc8ef560*, lpNumberOfBytesRead=0xaffc8ef598*=0x4, lpOverlapped=0x0) returned 1 [0179.112] CloseHandle (hObject=0x1ac) returned 1 [0179.112] GetModuleFileNameA (in: hModule=0x7ff8ee380000, lpFilename=0xaffe903f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0179.112] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrGetProcedureAddress") returned -1 [0179.112] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrGetProcedureAddress") returned -1 [0179.112] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="DbgPrint", lpString2="LdrGetProcedureAddress") returned -1 [0179.113] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrGetProcedureAddress") returned -1 [0179.114] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrGetProcedureAddress") returned -1 [0179.115] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrGetProcedureAddress") returned -1 [0179.116] CreateFileA (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0179.116] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=1227956, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x12bcb4 [0179.116] ReadFile (in: hFile=0x1ac, lpBuffer=0xaffc8ef560, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0xaffc8ef598, lpOverlapped=0x0 | out: lpBuffer=0xaffc8ef560*, lpNumberOfBytesRead=0xaffc8ef598*=0x4, lpOverlapped=0x0) returned 1 [0179.117] CloseHandle (hObject=0x1ac) returned 1 [0179.117] GetModuleFileNameA (in: hModule=0x7ff8ee380000, lpFilename=0xaffe903f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0179.117] CreateFileA (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0179.117] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=1234820, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x12d784 [0179.117] ReadFile (in: hFile=0x1ac, lpBuffer=0xaffc8ef560, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0xaffc8ef598, lpOverlapped=0x0 | out: lpBuffer=0xaffc8ef560*, lpNumberOfBytesRead=0xaffc8ef598*=0x4, lpOverlapped=0x0) returned 1 [0179.119] CloseHandle (hObject=0x1ac) returned 1 [0179.120] NtAllocateVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0xaffc8ef040*=0x0, ZeroBits=0x0, RegionSize=0xaffc8ef048*=0x318, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xaffc8ef040*=0xf80000, RegionSize=0xaffc8ef048*=0x1000) returned 0x0 [0179.121] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xaffc8ef090 | out: Context=0xaffc8ef090*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100003, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x247, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0xfff1dc713f4, Rcx=0x0, Rdx=0x10004000000000, Rbx=0x7ff8ee389fa0, Rsp=0x307fac8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x7ff8ee389fa0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 0x0 [0179.121] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.121] NtWriteVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0xf80000, Buffer=0xaffe903f40*, NumberOfBytesToWrite=0x318, NumberOfBytesWritten=0xaffc8ef580 | out: Buffer=0xaffe903f40*, NumberOfBytesWritten=0xaffc8ef580*=0x318) returned 0x0 [0179.121] NtSetContextThread (ThreadHandle=0x1a4, Context=0xaffc8ef090*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100003, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x247, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0xf80000, Rcx=0x0, Rdx=0x10004000000000, Rbx=0x7ff8ee389fa0, Rsp=0x307fac8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0xf80218, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 0x0 [0179.121] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.121] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0xafff040000) returned 0x0 [0179.134] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.134] CloseHandle (hObject=0x1a8) returned 1 [0179.134] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7ff8ee389fa0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xaffc8efbf0 | out: lpflOldProtect=0xaffc8efbf0*=0x20) returned 1 [0179.134] NtWriteVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x7ff8ee389fa0, Buffer=0xaffc8efbf8*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0xaffc8ef670 | out: Buffer=0xaffc8efbf8*, NumberOfBytesWritten=0xaffc8ef670*=0x4) returned 0x0 [0179.137] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7ff8ee389fa0, dwSize=0x4, flNewProtect=0x20, lpflOldProtect=0xaffc8efbf0 | out: lpflOldProtect=0xaffc8efbf0*=0x40) returned 1 [0179.137] ResumeThread (hThread=0x1a4) returned 0x1 [0179.254] CloseHandle (hObject=0x1a4) returned 1 [0179.254] CloseHandle (hObject=0x1a0) returned 1 [0179.255] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegCreateKeyA") returned 0x7ff8ee1d6dc0 [0179.255] RegCreateKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0xaffc8efc90 | out: phkResult=0xaffc8efc90*=0x1a0) returned 0x0 [0179.255] RegQueryValueExA (in: hKey=0x1a0, lpValueName="Client", lpReserved=0x0, lpType=0xaffc8efc88, lpData=0x896ba0, lpcbData=0xaffc8efc80*=0x28 | out: lpType=0xaffc8efc88*=0x0, lpData=0x896ba0*=0xe8, lpcbData=0xaffc8efc80*=0x28) returned 0x2 [0179.255] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="GetUserNameW") returned 0x7ff8ee1ada40 [0179.255] GetUserNameW (in: lpBuffer=0x0, pcbBuffer=0xaffc8efc30 | out: lpBuffer=0x0, pcbBuffer=0xaffc8efc30) returned 0 [0179.256] GetUserNameW (in: lpBuffer=0xaffe903d20, pcbBuffer=0xaffc8efc30 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0xaffc8efc30) returned 1 [0179.256] GetComputerNameW (in: lpBuffer=0x0, nSize=0xaffc8efc30 | out: lpBuffer=0x0, nSize=0xaffc8efc30) returned 0 [0179.256] GetComputerNameW (in: lpBuffer=0xaffe903d20, nSize=0xaffc8efc30 | out: lpBuffer="LHNIWSJ", nSize=0xaffc8efc30) returned 1 [0179.256] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegSetValueExA") returned 0x7ff8ee192680 [0179.256] RegSetValueExA (in: hKey=0x1a0, lpValueName="Client", Reserved=0x0, dwType=0x3, lpData=0x896ba0*, cbData=0x28 | out: lpData=0x896ba0*) returned 0x0 [0179.257] RegCloseKey (hKey=0x1a0) returned 0x0 [0179.257] wsprintfA (in: param_1=0xaffe903d20, param_2="%08x%08x%08x%08x" | out: param_1="c5449c7a8bfcc0923b720af430d5cede") returned 32 [0179.257] GetComputerNameA (in: lpBuffer=0xaffc8efb70, nSize=0xaffc8efc80 | out: lpBuffer="LHNIWSJ", nSize=0xaffc8efc80) returned 1 [0179.257] lstrlenA (lpString="LHNIWSJ") returned 7 [0179.257] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegOpenKeyExA") returned 0x7ff8ee1a7d70 [0179.257] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0xaffc8efb60 | out: phkResult=0xaffc8efb60*=0x1a0) returned 0x0 [0179.257] RegQueryValueExA (in: hKey=0x1a0, lpValueName="ProductID", lpReserved=0x0, lpType=0x0, lpData=0xaffc8efb70, lpcbData=0xaffc8efc80*=0x100 | out: lpType=0x0, lpData=0xaffc8efb70*=0x30, lpcbData=0xaffc8efc80*=0x18) returned 0x0 [0179.257] lstrlenA (lpString="00330-80107-01105-AA992") returned 23 [0179.257] RegQueryValueExA (in: hKey=0x1a0, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0xaffc8efb70, lpcbData=0xaffc8efc80*=0x100 | out: lpType=0x0, lpData=0xaffc8efb70*=0x57, lpcbData=0xaffc8efc80*=0xf) returned 0x0 [0179.257] lstrlenA (lpString="Windows 10 Pro") returned 14 [0179.257] RegQueryValueExA (in: hKey=0x1a0, lpValueName="CurrentVersion", lpReserved=0x0, lpType=0x0, lpData=0xaffc8efb70, lpcbData=0xaffc8efc80*=0x100 | out: lpType=0x0, lpData=0xaffc8efb70*=0x36, lpcbData=0xaffc8efc80*=0x4) returned 0x0 [0179.257] lstrlenA (lpString="6.3") returned 3 [0179.257] RegQueryValueExA (in: hKey=0x1a0, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0xaffc8efb68, lpcbData=0xaffc8efc80*=0x4 | out: lpType=0x0, lpData=0xaffc8efb68*=0x41, lpcbData=0xaffc8efc80*=0x4) returned 0x0 [0179.257] RegCloseKey (hKey=0x1a0) returned 0x0 [0179.257] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0xaffc8efc98, lpMaximumComponentLength=0xaffc8efc80, lpFileSystemFlags=0xaffc8efc90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xaffc8efc98*=0xd2ca4def, lpMaximumComponentLength=0xaffc8efc80*=0xff, lpFileSystemFlags=0xaffc8efc90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1 [0179.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x84c5b8, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xaffc8efd58 | out: lpThreadId=0xaffc8efd58*=0x594) returned 0x1a0 [0179.258] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0xaffc8efce8 | out: phkResult=0xaffc8efce8*=0x1a4) returned 0x0 [0179.258] RegQueryValueExA (in: hKey=0x1a4, lpValueName="Scr", lpReserved=0x0, lpType=0xaffc8efc50, lpData=0x0, lpcbData=0xaffc8efd50*=0x89d018 | out: lpType=0xaffc8efc50*=0x0, lpData=0x0, lpcbData=0xaffc8efd50*=0x0) returned 0x2 [0179.258] RegCloseKey (hKey=0x1a4) returned 0x0 [0179.259] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x837ea4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xaffc8efd58 | out: lpThreadId=0xaffc8efd58*=0x4fc) returned 0x1a4 Thread: id = 30 os_tid = 0xbac Thread: id = 72 os_tid = 0x594 Thread: id = 73 os_tid = 0x4fc Process: id = "7" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0xb6a9000" os_pid = "0x508" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "6" os_parent_pid = "0xd0c" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:00014ee5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1013 start_va = 0xdc0000 end_va = 0xdcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dc0000" filename = "" Region: id = 1014 start_va = 0xdd0000 end_va = 0xdd6fff entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 1015 start_va = 0xde0000 end_va = 0xdf3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 1016 start_va = 0xe00000 end_va = 0xe7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1017 start_va = 0xe80000 end_va = 0xe83fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e80000" filename = "" Region: id = 1018 start_va = 0xe90000 end_va = 0xe92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 1019 start_va = 0xea0000 end_va = 0xea1fff entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 1020 start_va = 0xeb0000 end_va = 0xf6dfff entry_point = 0xeb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1021 start_va = 0xf70000 end_va = 0xf70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1022 start_va = 0xf90000 end_va = 0xf91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 1023 start_va = 0xfa0000 end_va = 0xfa2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 1024 start_va = 0xfb0000 end_va = 0xfb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fb0000" filename = "" Region: id = 1025 start_va = 0xfd0000 end_va = 0xfe1fff entry_point = 0xfd0000 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 1026 start_va = 0xff0000 end_va = 0xff6fff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 1027 start_va = 0x1000000 end_va = 0x1007fff entry_point = 0x1000000 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 1028 start_va = 0x1010000 end_va = 0x1010fff entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1029 start_va = 0x1020000 end_va = 0x1020fff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1030 start_va = 0x1030000 end_va = 0x1030fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001030000" filename = "" Region: id = 1031 start_va = 0x1040000 end_va = 0x1040fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001040000" filename = "" Region: id = 1032 start_va = 0x1050000 end_va = 0x1050fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001050000" filename = "" Region: id = 1033 start_va = 0x1060000 end_va = 0x1060fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 1034 start_va = 0x1070000 end_va = 0x1073fff entry_point = 0x1070000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1035 start_va = 0x1080000 end_va = 0x1092fff entry_point = 0x1080000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001c.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db") Region: id = 1036 start_va = 0x10a0000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1037 start_va = 0x11a0000 end_va = 0x11a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011a0000" filename = "" Region: id = 1038 start_va = 0x11b0000 end_va = 0x122ffff entry_point = 0x0 region_type = private name = "private_0x00000000011b0000" filename = "" Region: id = 1039 start_va = 0x1230000 end_va = 0x124dfff entry_point = 0x1230000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000034.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db") Region: id = 1040 start_va = 0x1250000 end_va = 0x1252fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001250000" filename = "" Region: id = 1041 start_va = 0x1260000 end_va = 0x126ffff entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 1042 start_va = 0x1270000 end_va = 0x1272fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001270000" filename = "" Region: id = 1043 start_va = 0x1280000 end_va = 0x12a9fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001280000" filename = "" Region: id = 1044 start_va = 0x12b0000 end_va = 0x12b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012b0000" filename = "" Region: id = 1045 start_va = 0x12c0000 end_va = 0x12cffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1046 start_va = 0x12d0000 end_va = 0x1457fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012d0000" filename = "" Region: id = 1047 start_va = 0x1460000 end_va = 0x15e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001460000" filename = "" Region: id = 1048 start_va = 0x15f0000 end_va = 0x29effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015f0000" filename = "" Region: id = 1049 start_va = 0x29f0000 end_va = 0x2d26fff entry_point = 0x29f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1050 start_va = 0x2d30000 end_va = 0x2daffff entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 1051 start_va = 0x2db0000 end_va = 0x2e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 1052 start_va = 0x2e30000 end_va = 0x2eaffff entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 1053 start_va = 0x2eb0000 end_va = 0x2f10fff entry_point = 0x2eb0000 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 1054 start_va = 0x2f20000 end_va = 0x2ffefff entry_point = 0x2f20000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1055 start_va = 0x3000000 end_va = 0x307ffff entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1056 start_va = 0x3080000 end_va = 0x30fffff entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 1057 start_va = 0x3100000 end_va = 0x317ffff entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 1058 start_va = 0x3180000 end_va = 0x3181fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003180000" filename = "" Region: id = 1059 start_va = 0x3190000 end_va = 0x3191fff entry_point = 0x3190000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1060 start_va = 0x31a0000 end_va = 0x31a4fff entry_point = 0x31a0000 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 1061 start_va = 0x31b0000 end_va = 0x3267fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000031b0000" filename = "" Region: id = 1062 start_va = 0x3270000 end_va = 0x3273fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003270000" filename = "" Region: id = 1063 start_va = 0x3280000 end_va = 0x337ffff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 1064 start_va = 0x3380000 end_va = 0x347ffff entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 1065 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 1066 start_va = 0x3490000 end_va = 0x44cffff entry_point = 0x3490000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1067 start_va = 0x44d0000 end_va = 0x44d6fff entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 1068 start_va = 0x44e0000 end_va = 0x44e0fff entry_point = 0x0 region_type = private name = "private_0x00000000044e0000" filename = "" Region: id = 1069 start_va = 0x44f0000 end_va = 0x44f0fff entry_point = 0x0 region_type = private name = "private_0x00000000044f0000" filename = "" Region: id = 1070 start_va = 0x4500000 end_va = 0x4500fff entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1071 start_va = 0x4590000 end_va = 0x4591fff entry_point = 0x0 region_type = private name = "private_0x0000000004590000" filename = "" Region: id = 1072 start_va = 0x45a0000 end_va = 0x45a0fff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 1073 start_va = 0x45b0000 end_va = 0x45b0fff entry_point = 0x0 region_type = private name = "private_0x00000000045b0000" filename = "" Region: id = 1074 start_va = 0x45c0000 end_va = 0x45c0fff entry_point = 0x0 region_type = private name = "private_0x00000000045c0000" filename = "" Region: id = 1075 start_va = 0x45d0000 end_va = 0x45d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000045d0000" filename = "" Region: id = 1076 start_va = 0x45e0000 end_va = 0x45e3fff entry_point = 0x45e0000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1077 start_va = 0x45f0000 end_va = 0x45f0fff entry_point = 0x0 region_type = private name = "private_0x00000000045f0000" filename = "" Region: id = 1078 start_va = 0x4600000 end_va = 0x4600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004600000" filename = "" Region: id = 1079 start_va = 0x4610000 end_va = 0x4610fff entry_point = 0x0 region_type = private name = "private_0x0000000004610000" filename = "" Region: id = 1080 start_va = 0x4620000 end_va = 0x4622fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004620000" filename = "" Region: id = 1081 start_va = 0x4630000 end_va = 0x4668fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004630000" filename = "" Region: id = 1082 start_va = 0x4670000 end_va = 0x4672fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004670000" filename = "" Region: id = 1083 start_va = 0x4680000 end_va = 0x4680fff entry_point = 0x0 region_type = private name = "private_0x0000000004680000" filename = "" Region: id = 1084 start_va = 0x4690000 end_va = 0x4690fff entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 1085 start_va = 0x46a0000 end_va = 0x471ffff entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1086 start_va = 0x4720000 end_va = 0x479ffff entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 1087 start_va = 0x47a0000 end_va = 0x47a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047a0000" filename = "" Region: id = 1088 start_va = 0x47b0000 end_va = 0x47b3fff entry_point = 0x47b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1089 start_va = 0x47c0000 end_va = 0x4802fff entry_point = 0x47c0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 1090 start_va = 0x4810000 end_va = 0x4813fff entry_point = 0x4810000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1091 start_va = 0x4820000 end_va = 0x48aafff entry_point = 0x4820000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1092 start_va = 0x48b0000 end_va = 0x48c0fff entry_point = 0x48b0000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1093 start_va = 0x4950000 end_va = 0x49cffff entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1094 start_va = 0x49d0000 end_va = 0x4a4ffff entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 1095 start_va = 0x4a50000 end_va = 0x4a50fff entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 1096 start_va = 0x4a60000 end_va = 0x4adffff entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 1097 start_va = 0x4ae0000 end_va = 0x4b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ae0000" filename = "" Region: id = 1098 start_va = 0x4b60000 end_va = 0x4bdffff entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 1099 start_va = 0x4be0000 end_va = 0x50d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004be0000" filename = "" Region: id = 1100 start_va = 0x50e0000 end_va = 0x50e0fff entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1101 start_va = 0x5170000 end_va = 0x5171fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005170000" filename = "" Region: id = 1102 start_va = 0x5180000 end_va = 0x519bfff entry_point = 0x5180000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000035.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db") Region: id = 1103 start_va = 0x51a0000 end_va = 0x51a1fff entry_point = 0x51a0000 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 1104 start_va = 0x51e0000 end_va = 0x51effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051e0000" filename = "" Region: id = 1105 start_va = 0x51f0000 end_va = 0x51f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051f0000" filename = "" Region: id = 1106 start_va = 0x5200000 end_va = 0x5200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005200000" filename = "" Region: id = 1107 start_va = 0x5210000 end_va = 0x521afff entry_point = 0x5210000 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 1108 start_va = 0x5240000 end_va = 0x5247fff entry_point = 0x5240000 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 1109 start_va = 0x5250000 end_va = 0x5252fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005250000" filename = "" Region: id = 1110 start_va = 0x5270000 end_va = 0x52effff entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 1111 start_va = 0x52f0000 end_va = 0x536ffff entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 1112 start_va = 0x5370000 end_va = 0x53effff entry_point = 0x0 region_type = private name = "private_0x0000000005370000" filename = "" Region: id = 1113 start_va = 0x53f0000 end_va = 0x546ffff entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1114 start_va = 0x5470000 end_va = 0x5474fff entry_point = 0x5470000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1115 start_va = 0x5480000 end_va = 0x548ffff entry_point = 0x5480000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1116 start_va = 0x5510000 end_va = 0x5510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005510000" filename = "" Region: id = 1117 start_va = 0x5520000 end_va = 0x5520fff entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1118 start_va = 0x5530000 end_va = 0x5530fff entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 1119 start_va = 0x5540000 end_va = 0x55bffff entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 1120 start_va = 0x55c0000 end_va = 0x55c2fff entry_point = 0x55c0000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1121 start_va = 0x55e0000 end_va = 0x55e0fff entry_point = 0x55e0000 region_type = mapped_file name = "counters.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1122 start_va = 0x55f0000 end_va = 0x5deffff entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 1123 start_va = 0x5df0000 end_va = 0x5df2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005df0000" filename = "" Region: id = 1124 start_va = 0x5e00000 end_va = 0x5e00fff entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 1125 start_va = 0x5e10000 end_va = 0x5e12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005e10000" filename = "" Region: id = 1126 start_va = 0x5e20000 end_va = 0x5e20fff entry_point = 0x0 region_type = private name = "private_0x0000000005e20000" filename = "" Region: id = 1127 start_va = 0x5e30000 end_va = 0x5e38fff entry_point = 0x0 region_type = private name = "private_0x0000000005e30000" filename = "" Region: id = 1128 start_va = 0x5e40000 end_va = 0x5e43fff entry_point = 0x0 region_type = private name = "private_0x0000000005e40000" filename = "" Region: id = 1129 start_va = 0x5e50000 end_va = 0x5e50fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005e50000" filename = "" Region: id = 1130 start_va = 0x5e70000 end_va = 0x5e78fff entry_point = 0x0 region_type = private name = "private_0x0000000005e70000" filename = "" Region: id = 1131 start_va = 0x5e80000 end_va = 0x5e80fff entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 1132 start_va = 0x5f10000 end_va = 0x5f1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005f10000" filename = "" Region: id = 1133 start_va = 0x5f20000 end_va = 0x5f2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005f20000" filename = "" Region: id = 1134 start_va = 0x5f30000 end_va = 0x5f3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005f30000" filename = "" Region: id = 1135 start_va = 0x5f90000 end_va = 0x608ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f90000" filename = "" Region: id = 1136 start_va = 0x6090000 end_va = 0x6092fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006090000" filename = "" Region: id = 1137 start_va = 0x60f0000 end_va = 0x6137fff entry_point = 0x0 region_type = private name = "private_0x00000000060f0000" filename = "" Region: id = 1138 start_va = 0x6170000 end_va = 0x6171fff entry_point = 0x6170000 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 1139 start_va = 0x6180000 end_va = 0x61ebfff entry_point = 0x0 region_type = private name = "private_0x0000000006180000" filename = "" Region: id = 1140 start_va = 0x6210000 end_va = 0x6210fff entry_point = 0x6210000 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 1141 start_va = 0x6220000 end_va = 0x6251fff entry_point = 0x6220000 region_type = mapped_file name = "netmsg.dll.mui" filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui") Region: id = 1142 start_va = 0x6400000 end_va = 0x6447fff entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 1143 start_va = 0x6450000 end_va = 0x64cffff entry_point = 0x0 region_type = private name = "private_0x0000000006450000" filename = "" Region: id = 1144 start_va = 0x6560000 end_va = 0x6561fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006560000" filename = "" Region: id = 1145 start_va = 0x6570000 end_va = 0x6df2fff entry_point = 0x6570000 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll") Region: id = 1146 start_va = 0x6e00000 end_va = 0x6e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 1147 start_va = 0x6f10000 end_va = 0x6f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000006f10000" filename = "" Region: id = 1148 start_va = 0x6f90000 end_va = 0x6fd8fff entry_point = 0x0 region_type = private name = "private_0x0000000006f90000" filename = "" Region: id = 1149 start_va = 0x6fe0000 end_va = 0x9361fff entry_point = 0x6fe0000 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 1150 start_va = 0x9370000 end_va = 0x93effff entry_point = 0x0 region_type = private name = "private_0x0000000009370000" filename = "" Region: id = 1151 start_va = 0x95f0000 end_va = 0x97effff entry_point = 0x0 region_type = private name = "private_0x00000000095f0000" filename = "" Region: id = 1152 start_va = 0x97f0000 end_va = 0x986ffff entry_point = 0x0 region_type = private name = "private_0x00000000097f0000" filename = "" Region: id = 1153 start_va = 0x9a70000 end_va = 0x9a72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009a70000" filename = "" Region: id = 1154 start_va = 0x9a80000 end_va = 0x9b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000009a80000" filename = "" Region: id = 1155 start_va = 0x9b80000 end_va = 0x9b81fff entry_point = 0x9b80000 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 1156 start_va = 0x9b90000 end_va = 0x9b92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009b90000" filename = "" Region: id = 1157 start_va = 0x9ba0000 end_va = 0x9ba3fff entry_point = 0x9ba0000 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 1158 start_va = 0x9bb0000 end_va = 0x9bb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009bb0000" filename = "" Region: id = 1159 start_va = 0x9be0000 end_va = 0x9be0fff entry_point = 0x0 region_type = private name = "private_0x0000000009be0000" filename = "" Region: id = 1160 start_va = 0x9c00000 end_va = 0x9c02fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009c00000" filename = "" Region: id = 1161 start_va = 0x9c30000 end_va = 0x9c44fff entry_point = 0x0 region_type = private name = "private_0x0000000009c30000" filename = "" Region: id = 1162 start_va = 0x9d10000 end_va = 0x9d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000009d10000" filename = "" Region: id = 1163 start_va = 0x9d90000 end_va = 0x9d92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009d90000" filename = "" Region: id = 1164 start_va = 0x9da0000 end_va = 0x9da1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009da0000" filename = "" Region: id = 1165 start_va = 0x9db0000 end_va = 0x9db2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009db0000" filename = "" Region: id = 1166 start_va = 0x9dc0000 end_va = 0x9dc2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009dc0000" filename = "" Region: id = 1167 start_va = 0x9dd0000 end_va = 0x9dd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009dd0000" filename = "" Region: id = 1168 start_va = 0x9de0000 end_va = 0x9de2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009de0000" filename = "" Region: id = 1169 start_va = 0x9f70000 end_va = 0x9feffff entry_point = 0x0 region_type = private name = "private_0x0000000009f70000" filename = "" Region: id = 1170 start_va = 0xa0f0000 end_va = 0xa16ffff entry_point = 0x0 region_type = private name = "private_0x000000000a0f0000" filename = "" Region: id = 1171 start_va = 0xa1f0000 end_va = 0xa26ffff entry_point = 0x0 region_type = private name = "private_0x000000000a1f0000" filename = "" Region: id = 1172 start_va = 0xa2f0000 end_va = 0xa36ffff entry_point = 0x0 region_type = private name = "private_0x000000000a2f0000" filename = "" Region: id = 1173 start_va = 0xa470000 end_va = 0xa4effff entry_point = 0x0 region_type = private name = "private_0x000000000a470000" filename = "" Region: id = 1174 start_va = 0xa670000 end_va = 0xa6effff entry_point = 0x0 region_type = private name = "private_0x000000000a670000" filename = "" Region: id = 1175 start_va = 0xaa70000 end_va = 0xaaeffff entry_point = 0x0 region_type = private name = "private_0x000000000aa70000" filename = "" Region: id = 1176 start_va = 0xabf0000 end_va = 0xafeffff entry_point = 0x0 region_type = private name = "private_0x000000000abf0000" filename = "" Region: id = 1177 start_va = 0xaff0000 end_va = 0xaff2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000aff0000" filename = "" Region: id = 1178 start_va = 0xb000000 end_va = 0xb001fff entry_point = 0xb000000 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 1179 start_va = 0xb010000 end_va = 0xb010fff entry_point = 0x0 region_type = private name = "private_0x000000000b010000" filename = "" Region: id = 1180 start_va = 0xb020000 end_va = 0xb022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b020000" filename = "" Region: id = 1181 start_va = 0xb0b0000 end_va = 0xb0b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b0b0000" filename = "" Region: id = 1182 start_va = 0xb0c0000 end_va = 0xb0c3fff entry_point = 0xb0c0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1183 start_va = 0xb0d0000 end_va = 0xb0d1fff entry_point = 0xb0d0000 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 1184 start_va = 0xb1e0000 end_va = 0xb1effff entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 1185 start_va = 0xb2a0000 end_va = 0xb31ffff entry_point = 0x0 region_type = private name = "private_0x000000000b2a0000" filename = "" Region: id = 1186 start_va = 0xb320000 end_va = 0xb39ffff entry_point = 0x0 region_type = private name = "private_0x000000000b320000" filename = "" Region: id = 1187 start_va = 0xb3a0000 end_va = 0xb41ffff entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1188 start_va = 0xb420000 end_va = 0xb49ffff entry_point = 0x0 region_type = private name = "private_0x000000000b420000" filename = "" Region: id = 1189 start_va = 0xb520000 end_va = 0xb59ffff entry_point = 0x0 region_type = private name = "private_0x000000000b520000" filename = "" Region: id = 1190 start_va = 0xb5a0000 end_va = 0xba91fff entry_point = 0x0 region_type = private name = "private_0x000000000b5a0000" filename = "" Region: id = 1191 start_va = 0xbaa0000 end_va = 0xbc9ffff entry_point = 0x0 region_type = private name = "private_0x000000000baa0000" filename = "" Region: id = 1192 start_va = 0xbca0000 end_va = 0xc191fff entry_point = 0x0 region_type = private name = "private_0x000000000bca0000" filename = "" Region: id = 1193 start_va = 0xc1a0000 end_va = 0xc2d5fff entry_point = 0xc1a0000 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 1194 start_va = 0xc5e0000 end_va = 0xcfdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c5e0000" filename = "" Region: id = 1195 start_va = 0xcfe0000 end_va = 0xd4d1fff entry_point = 0x0 region_type = private name = "private_0x000000000cfe0000" filename = "" Region: id = 1196 start_va = 0xd4e0000 end_va = 0xd9d1fff entry_point = 0x0 region_type = private name = "private_0x000000000d4e0000" filename = "" Region: id = 1197 start_va = 0xd9e0000 end_va = 0xded1fff entry_point = 0x0 region_type = private name = "private_0x000000000d9e0000" filename = "" Region: id = 1198 start_va = 0xdee0000 end_va = 0xe3d1fff entry_point = 0x0 region_type = private name = "private_0x000000000dee0000" filename = "" Region: id = 1199 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1200 start_va = 0x7df600000000 end_va = 0x7ff5ffffffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df600000000" filename = "" Region: id = 1201 start_va = 0x7ff79edea000 end_va = 0x7ff79edebfff entry_point = 0x0 region_type = private name = "private_0x00007ff79edea000" filename = "" Region: id = 1202 start_va = 0x7ff79edf0000 end_va = 0x7ff79edf1fff entry_point = 0x0 region_type = private name = "private_0x00007ff79edf0000" filename = "" Region: id = 1203 start_va = 0x7ff79edf2000 end_va = 0x7ff79edf3fff entry_point = 0x0 region_type = private name = "private_0x00007ff79edf2000" filename = "" Region: id = 1204 start_va = 0x7ff79edf4000 end_va = 0x7ff79edf5fff entry_point = 0x0 region_type = private name = "private_0x00007ff79edf4000" filename = "" Region: id = 1205 start_va = 0x7ff79edf6000 end_va = 0x7ff79edf7fff entry_point = 0x0 region_type = private name = "private_0x00007ff79edf6000" filename = "" Region: id = 1206 start_va = 0x7ff79edf8000 end_va = 0x7ff79edf9fff entry_point = 0x0 region_type = private name = "private_0x00007ff79edf8000" filename = "" Region: id = 1207 start_va = 0x7ff79edfe000 end_va = 0x7ff79edfffff entry_point = 0x0 region_type = private name = "private_0x00007ff79edfe000" filename = "" Region: id = 1208 start_va = 0x7ff79ee04000 end_va = 0x7ff79ee05fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee04000" filename = "" Region: id = 1209 start_va = 0x7ff79ee14000 end_va = 0x7ff79ee15fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee14000" filename = "" Region: id = 1210 start_va = 0x7ff79ee1c000 end_va = 0x7ff79ee1dfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee1c000" filename = "" Region: id = 1211 start_va = 0x7ff79ee22000 end_va = 0x7ff79ee23fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee22000" filename = "" Region: id = 1212 start_va = 0x7ff79ee26000 end_va = 0x7ff79ee27fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee26000" filename = "" Region: id = 1213 start_va = 0x7ff79ee2a000 end_va = 0x7ff79ee2bfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee2a000" filename = "" Region: id = 1214 start_va = 0x7ff79ee30000 end_va = 0x7ff79ee31fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee30000" filename = "" Region: id = 1215 start_va = 0x7ff79ee32000 end_va = 0x7ff79ee33fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee32000" filename = "" Region: id = 1216 start_va = 0x7ff79ee36000 end_va = 0x7ff79ee37fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee36000" filename = "" Region: id = 1217 start_va = 0x7ff79ee38000 end_va = 0x7ff79ee39fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee38000" filename = "" Region: id = 1218 start_va = 0x7ff79ee3a000 end_va = 0x7ff79ee3bfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee3a000" filename = "" Region: id = 1219 start_va = 0x7ff79ee3c000 end_va = 0x7ff79ee3dfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee3c000" filename = "" Region: id = 1220 start_va = 0x7ff79ee46000 end_va = 0x7ff79ee47fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee46000" filename = "" Region: id = 1221 start_va = 0x7ff79ee4c000 end_va = 0x7ff79ee4dfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee4c000" filename = "" Region: id = 1222 start_va = 0x7ff79ee4e000 end_va = 0x7ff79ee4ffff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee4e000" filename = "" Region: id = 1223 start_va = 0x7ff79ee50000 end_va = 0x7ff79ee51fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee50000" filename = "" Region: id = 1224 start_va = 0x7ff79ee54000 end_va = 0x7ff79ee55fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee54000" filename = "" Region: id = 1225 start_va = 0x7ff79ee58000 end_va = 0x7ff79ee59fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee58000" filename = "" Region: id = 1226 start_va = 0x7ff79ee5a000 end_va = 0x7ff79ee5bfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee5a000" filename = "" Region: id = 1227 start_va = 0x7ff79ee5c000 end_va = 0x7ff79ee5dfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee5c000" filename = "" Region: id = 1228 start_va = 0x7ff79ee5e000 end_va = 0x7ff79ee5ffff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee5e000" filename = "" Region: id = 1229 start_va = 0x7ff79ee60000 end_va = 0x7ff79ee61fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee60000" filename = "" Region: id = 1230 start_va = 0x7ff79ee64000 end_va = 0x7ff79ee65fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee64000" filename = "" Region: id = 1231 start_va = 0x7ff79ee68000 end_va = 0x7ff79ee69fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee68000" filename = "" Region: id = 1232 start_va = 0x7ff79ee6a000 end_va = 0x7ff79ee6bfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee6a000" filename = "" Region: id = 1233 start_va = 0x7ff79ee6e000 end_va = 0x7ff79ee6ffff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee6e000" filename = "" Region: id = 1234 start_va = 0x7ff79ee70000 end_va = 0x7ff79ef6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff79ee70000" filename = "" Region: id = 1235 start_va = 0x7ff79ef70000 end_va = 0x7ff79ef92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff79ef70000" filename = "" Region: id = 1236 start_va = 0x7ff79ef94000 end_va = 0x7ff79ef95fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef94000" filename = "" Region: id = 1237 start_va = 0x7ff79ef96000 end_va = 0x7ff79ef96fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef96000" filename = "" Region: id = 1238 start_va = 0x7ff79ef98000 end_va = 0x7ff79ef99fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef98000" filename = "" Region: id = 1239 start_va = 0x7ff79ef9a000 end_va = 0x7ff79ef9bfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef9a000" filename = "" Region: id = 1240 start_va = 0x7ff79ef9c000 end_va = 0x7ff79ef9dfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef9c000" filename = "" Region: id = 1241 start_va = 0x7ff79ef9e000 end_va = 0x7ff79ef9ffff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef9e000" filename = "" Region: id = 1242 start_va = 0x7ff79fdc0000 end_va = 0x7ff7a020dfff entry_point = 0x7ff79fdc0000 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 1243 start_va = 0x7ff8d52f0000 end_va = 0x7ff8d542ffff entry_point = 0x7ff8d52f0000 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 1244 start_va = 0x7ff8d5430000 end_va = 0x7ff8d5512fff entry_point = 0x7ff8d5430000 region_type = mapped_file name = "dismapi.dll" filename = "\\Windows\\System32\\DismApi.dll" (normalized: "c:\\windows\\system32\\dismapi.dll") Region: id = 1245 start_va = 0x7ff8d5520000 end_va = 0x7ff8d5614fff entry_point = 0x7ff8d5520000 region_type = mapped_file name = "reagent.dll" filename = "\\Windows\\System32\\ReAgent.dll" (normalized: "c:\\windows\\system32\\reagent.dll") Region: id = 1246 start_va = 0x7ff8d5620000 end_va = 0x7ff8d5740fff entry_point = 0x7ff8d5620000 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 1247 start_va = 0x7ff8d5e90000 end_va = 0x7ff8d5f2dfff entry_point = 0x7ff8d5e90000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1248 start_va = 0x7ff8d6770000 end_va = 0x7ff8d7368fff entry_point = 0x7ff8d6770000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1249 start_va = 0x7ff8d73e0000 end_va = 0x7ff8d73f3fff entry_point = 0x7ff8d73e0000 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 1250 start_va = 0x7ff8d7400000 end_va = 0x7ff8d741afff entry_point = 0x7ff8d7400000 region_type = mapped_file name = "wercplsupport.dll" filename = "\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll") Region: id = 1251 start_va = 0x7ff8d7500000 end_va = 0x7ff8d754dfff entry_point = 0x7ff8d7500000 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1252 start_va = 0x7ff8d76a0000 end_va = 0x7ff8d7738fff entry_point = 0x7ff8d76a0000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 1253 start_va = 0x7ff8d7740000 end_va = 0x7ff8d77dffff entry_point = 0x7ff8d7740000 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 1254 start_va = 0x7ff8d77e0000 end_va = 0x7ff8d781bfff entry_point = 0x7ff8d77e0000 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 1255 start_va = 0x7ff8d7820000 end_va = 0x7ff8d7840fff entry_point = 0x7ff8d7820000 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 1256 start_va = 0x7ff8d7850000 end_va = 0x7ff8d7a0efff entry_point = 0x7ff8d7850000 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 1257 start_va = 0x7ff8d7a10000 end_va = 0x7ff8d7c51fff entry_point = 0x7ff8d7a10000 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 1258 start_va = 0x7ff8d7c60000 end_va = 0x7ff8d7c9cfff entry_point = 0x7ff8d7c60000 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 1259 start_va = 0x7ff8d98e0000 end_va = 0x7ff8d9964fff entry_point = 0x7ff8d98e0000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1260 start_va = 0x7ff8d9970000 end_va = 0x7ff8d99bffff entry_point = 0x7ff8d9970000 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 1261 start_va = 0x7ff8d99c0000 end_va = 0x7ff8d99cffff entry_point = 0x7ff8d99c0000 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 1262 start_va = 0x7ff8d99d0000 end_va = 0x7ff8d99e6fff entry_point = 0x7ff8d99d0000 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 1263 start_va = 0x7ff8d99f0000 end_va = 0x7ff8d9a30fff entry_point = 0x7ff8d99f0000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 1264 start_va = 0x7ff8d9a40000 end_va = 0x7ff8d9be8fff entry_point = 0x7ff8d9a40000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\gdiplus.dll") Region: id = 1265 start_va = 0x7ff8d9bf0000 end_va = 0x7ff8d9c68fff entry_point = 0x7ff8d9bf0000 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 1266 start_va = 0x7ff8d9eb0000 end_va = 0x7ff8d9feafff entry_point = 0x7ff8d9eb0000 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 1267 start_va = 0x7ff8d9ff0000 end_va = 0x7ff8da1edfff entry_point = 0x7ff8d9ff0000 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 1268 start_va = 0x7ff8da7b0000 end_va = 0x7ff8da7e4fff entry_point = 0x7ff8da7b0000 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 1269 start_va = 0x7ff8da840000 end_va = 0x7ff8da8c3fff entry_point = 0x7ff8da840000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1270 start_va = 0x7ff8da8d0000 end_va = 0x7ff8da94bfff entry_point = 0x7ff8da8d0000 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 1271 start_va = 0x7ff8da950000 end_va = 0x7ff8da99efff entry_point = 0x7ff8da950000 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 1272 start_va = 0x7ff8da9a0000 end_va = 0x7ff8da9fbfff entry_point = 0x7ff8da9a0000 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 1273 start_va = 0x7ff8db380000 end_va = 0x7ff8db3adfff entry_point = 0x7ff8db380000 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 1274 start_va = 0x7ff8db400000 end_va = 0x7ff8db446fff entry_point = 0x7ff8db400000 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 1275 start_va = 0x7ff8db610000 end_va = 0x7ff8db8affff entry_point = 0x7ff8db610000 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 1276 start_va = 0x7ff8db910000 end_va = 0x7ff8db93bfff entry_point = 0x7ff8db910000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 1277 start_va = 0x7ff8db940000 end_va = 0x7ff8db962fff entry_point = 0x7ff8db940000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 1278 start_va = 0x7ff8dbc00000 end_va = 0x7ff8dbc4dfff entry_point = 0x7ff8dbc00000 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 1279 start_va = 0x7ff8dc6e0000 end_va = 0x7ff8dc778fff entry_point = 0x7ff8dc6e0000 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 1280 start_va = 0x7ff8dc780000 end_va = 0x7ff8dca11fff entry_point = 0x7ff8dc780000 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 1281 start_va = 0x7ff8dca20000 end_va = 0x7ff8dca79fff entry_point = 0x7ff8dca20000 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 1282 start_va = 0x7ff8dca80000 end_va = 0x7ff8dca91fff entry_point = 0x7ff8dca80000 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1283 start_va = 0x7ff8dcb00000 end_va = 0x7ff8dcb98fff entry_point = 0x7ff8dcb00000 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 1284 start_va = 0x7ff8dcba0000 end_va = 0x7ff8dcbcafff entry_point = 0x7ff8dcba0000 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 1285 start_va = 0x7ff8dcbd0000 end_va = 0x7ff8dcc4ffff entry_point = 0x7ff8dcbd0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1286 start_va = 0x7ff8dcc50000 end_va = 0x7ff8dcc6ffff entry_point = 0x7ff8dcc50000 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 1287 start_va = 0x7ff8dcc70000 end_va = 0x7ff8dcc85fff entry_point = 0x7ff8dcc70000 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1288 start_va = 0x7ff8dcc90000 end_va = 0x7ff8dcd3bfff entry_point = 0x7ff8dcc90000 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1289 start_va = 0x7ff8dcd40000 end_va = 0x7ff8dcd54fff entry_point = 0x7ff8dcd40000 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 1290 start_va = 0x7ff8dcd60000 end_va = 0x7ff8dcda7fff entry_point = 0x7ff8dcd60000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 1291 start_va = 0x7ff8dcfd0000 end_va = 0x7ff8dd018fff entry_point = 0x7ff8dcfd0000 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 1292 start_va = 0x7ff8dd020000 end_va = 0x7ff8dd0a2fff entry_point = 0x7ff8dd020000 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 1293 start_va = 0x7ff8dd0b0000 end_va = 0x7ff8dd183fff entry_point = 0x7ff8dd0b0000 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 1294 start_va = 0x7ff8dd190000 end_va = 0x7ff8dd205fff entry_point = 0x7ff8dd190000 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 1295 start_va = 0x7ff8dd210000 end_va = 0x7ff8dd246fff entry_point = 0x7ff8dd210000 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 1296 start_va = 0x7ff8dd250000 end_va = 0x7ff8dd2eefff entry_point = 0x7ff8dd250000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 1297 start_va = 0x7ff8dd2f0000 end_va = 0x7ff8dd305fff entry_point = 0x7ff8dd2f0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 1298 start_va = 0x7ff8dd310000 end_va = 0x7ff8dd622fff entry_point = 0x7ff8dd310000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 1299 start_va = 0x7ff8dd630000 end_va = 0x7ff8dd8edfff entry_point = 0x7ff8dd630000 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\amd64\\filesyncshell64.dll") Region: id = 1300 start_va = 0x7ff8dd8f0000 end_va = 0x7ff8dd8fcfff entry_point = 0x7ff8dd8f0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 1301 start_va = 0x7ff8dd900000 end_va = 0x7ff8dd94afff entry_point = 0x7ff8dd900000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 1302 start_va = 0x7ff8dd950000 end_va = 0x7ff8dd967fff entry_point = 0x7ff8dd950000 region_type = mapped_file name = "elscore.dll" filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll") Region: id = 1303 start_va = 0x7ff8dd970000 end_va = 0x7ff8dda8afff entry_point = 0x7ff8dd970000 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 1304 start_va = 0x7ff8dda90000 end_va = 0x7ff8ddb69fff entry_point = 0x7ff8dda90000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 1305 start_va = 0x7ff8ddb70000 end_va = 0x7ff8ddb7ffff entry_point = 0x7ff8ddb70000 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 1306 start_va = 0x7ff8ddb80000 end_va = 0x7ff8ddbccfff entry_point = 0x7ff8ddb80000 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 1307 start_va = 0x7ff8ddbd0000 end_va = 0x7ff8de6dcfff entry_point = 0x7ff8ddbd0000 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 1308 start_va = 0x7ff8de6e0000 end_va = 0x7ff8deb6ffff entry_point = 0x7ff8de6e0000 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 1309 start_va = 0x7ff8deb70000 end_va = 0x7ff8debb5fff entry_point = 0x7ff8deb70000 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 1310 start_va = 0x7ff8debc0000 end_va = 0x7ff8dec28fff entry_point = 0x7ff8debc0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1311 start_va = 0x7ff8dec30000 end_va = 0x7ff8dec94fff entry_point = 0x7ff8dec30000 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 1312 start_va = 0x7ff8deca0000 end_va = 0x7ff8ded65fff entry_point = 0x7ff8deca0000 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 1313 start_va = 0x7ff8ded70000 end_va = 0x7ff8dee50fff entry_point = 0x7ff8ded70000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 1314 start_va = 0x7ff8dee60000 end_va = 0x7ff8dee70fff entry_point = 0x7ff8dee60000 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 1315 start_va = 0x7ff8dee80000 end_va = 0x7ff8dee95fff entry_point = 0x7ff8dee80000 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 1316 start_va = 0x7ff8deeb0000 end_va = 0x7ff8df0bcfff entry_point = 0x7ff8deeb0000 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 1317 start_va = 0x7ff8df0c0000 end_va = 0x7ff8df179fff entry_point = 0x7ff8df0c0000 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 1318 start_va = 0x7ff8df190000 end_va = 0x7ff8df1a4fff entry_point = 0x7ff8df190000 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 1319 start_va = 0x7ff8df400000 end_va = 0x7ff8df40bfff entry_point = 0x7ff8df400000 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 1320 start_va = 0x7ff8df410000 end_va = 0x7ff8df418fff entry_point = 0x7ff8df410000 region_type = mapped_file name = "wpportinglibrary.dll" filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll") Region: id = 1321 start_va = 0x7ff8df640000 end_va = 0x7ff8dfaa9fff entry_point = 0x7ff8df640000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1322 start_va = 0x7ff8dfab0000 end_va = 0x7ff8dfd10fff entry_point = 0x7ff8dfab0000 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 1323 start_va = 0x7ff8dff00000 end_va = 0x7ff8e01a6fff entry_point = 0x7ff8dff00000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1324 start_va = 0x7ff8e05b0000 end_va = 0x7ff8e05c1fff entry_point = 0x7ff8e05b0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1325 start_va = 0x7ff8e09f0000 end_va = 0x7ff8e0a0dfff entry_point = 0x7ff8e09f0000 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 1326 start_va = 0x7ff8e0a60000 end_va = 0x7ff8e0bf6fff entry_point = 0x7ff8e0a60000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1327 start_va = 0x7ff8e0f70000 end_va = 0x7ff8e0f7dfff entry_point = 0x7ff8e0f70000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1328 start_va = 0x7ff8e15f0000 end_va = 0x7ff8e164efff entry_point = 0x7ff8e15f0000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1329 start_va = 0x7ff8e1650000 end_va = 0x7ff8e165bfff entry_point = 0x7ff8e1650000 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 1330 start_va = 0x7ff8e1780000 end_va = 0x7ff8e17c0fff entry_point = 0x7ff8e1780000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1331 start_va = 0x7ff8e2760000 end_va = 0x7ff8e279efff entry_point = 0x7ff8e2760000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1332 start_va = 0x7ff8e2ea0000 end_va = 0x7ff8e2ea9fff entry_point = 0x7ff8e2ea0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1333 start_va = 0x7ff8e2f70000 end_va = 0x7ff8e2fdafff entry_point = 0x7ff8e2f70000 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 1334 start_va = 0x7ff8e3040000 end_va = 0x7ff8e3066fff entry_point = 0x7ff8e3040000 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 1335 start_va = 0x7ff8e3190000 end_va = 0x7ff8e3212fff entry_point = 0x7ff8e3190000 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 1336 start_va = 0x7ff8e3220000 end_va = 0x7ff8e3565fff entry_point = 0x7ff8e3220000 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 1337 start_va = 0x7ff8e3570000 end_va = 0x7ff8e35affff entry_point = 0x7ff8e3570000 region_type = mapped_file name = "windows.gaming.input.dll" filename = "\\Windows\\System32\\Windows.Gaming.Input.dll" (normalized: "c:\\windows\\system32\\windows.gaming.input.dll") Region: id = 1338 start_va = 0x7ff8e35b0000 end_va = 0x7ff8e360cfff entry_point = 0x7ff8e35b0000 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 1339 start_va = 0x7ff8e3610000 end_va = 0x7ff8e365ffff entry_point = 0x7ff8e3610000 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 1340 start_va = 0x7ff8e3a50000 end_va = 0x7ff8e3a59fff entry_point = 0x7ff8e3a50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1341 start_va = 0x7ff8e3a70000 end_va = 0x7ff8e3c26fff entry_point = 0x7ff8e3a70000 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 1342 start_va = 0x7ff8e3c30000 end_va = 0x7ff8e3fa5fff entry_point = 0x7ff8e3c30000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1343 start_va = 0x7ff8e4fb0000 end_va = 0x7ff8e504dfff entry_point = 0x7ff8e4fb0000 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 1344 start_va = 0x7ff8e5050000 end_va = 0x7ff8e515efff entry_point = 0x7ff8e5050000 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1345 start_va = 0x7ff8e5160000 end_va = 0x7ff8e51c9fff entry_point = 0x7ff8e5160000 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 1346 start_va = 0x7ff8e51d0000 end_va = 0x7ff8e51d8fff entry_point = 0x7ff8e51d0000 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 1347 start_va = 0x7ff8e51e0000 end_va = 0x7ff8e51ecfff entry_point = 0x7ff8e51e0000 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 1348 start_va = 0x7ff8e51f0000 end_va = 0x7ff8e52b3fff entry_point = 0x7ff8e51f0000 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 1349 start_va = 0x7ff8e5310000 end_va = 0x7ff8e531efff entry_point = 0x7ff8e5310000 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 1350 start_va = 0x7ff8e53b0000 end_va = 0x7ff8e53b9fff entry_point = 0x7ff8e53b0000 region_type = mapped_file name = "msiltcfg.dll" filename = "\\Windows\\System32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll") Region: id = 1351 start_va = 0x7ff8e5480000 end_va = 0x7ff8e548bfff entry_point = 0x7ff8e5480000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1352 start_va = 0x7ff8e54e0000 end_va = 0x7ff8e5511fff entry_point = 0x7ff8e54e0000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 1353 start_va = 0x7ff8e57b0000 end_va = 0x7ff8e5a23fff entry_point = 0x7ff8e57b0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 1354 start_va = 0x7ff8e5a30000 end_va = 0x7ff8e5d6cfff entry_point = 0x7ff8e5a30000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 1355 start_va = 0x7ff8e5dd0000 end_va = 0x7ff8e5ea5fff entry_point = 0x7ff8e5dd0000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1356 start_va = 0x7ff8e60a0000 end_va = 0x7ff8e6131fff entry_point = 0x7ff8e60a0000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1357 start_va = 0x7ff8e6140000 end_va = 0x7ff8e6178fff entry_point = 0x7ff8e6140000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1358 start_va = 0x7ff8e6330000 end_va = 0x7ff8e6365fff entry_point = 0x7ff8e6330000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1359 start_va = 0x7ff8e6440000 end_va = 0x7ff8e646ffff entry_point = 0x7ff8e6440000 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 1360 start_va = 0x7ff8e6470000 end_va = 0x7ff8e657bfff entry_point = 0x7ff8e6470000 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 1361 start_va = 0x7ff8e6640000 end_va = 0x7ff8e6b84fff entry_point = 0x7ff8e6640000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 1362 start_va = 0x7ff8e6c30000 end_va = 0x7ff8e6d21fff entry_point = 0x7ff8e6c30000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1363 start_va = 0x7ff8e7280000 end_va = 0x7ff8e7299fff entry_point = 0x7ff8e7280000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1364 start_va = 0x7ff8e72a0000 end_va = 0x7ff8e72b5fff entry_point = 0x7ff8e72a0000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1365 start_va = 0x7ff8e7400000 end_va = 0x7ff8e741bfff entry_point = 0x7ff8e7400000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1366 start_va = 0x7ff8e7430000 end_va = 0x7ff8e7560fff entry_point = 0x7ff8e7430000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1367 start_va = 0x7ff8e75b0000 end_va = 0x7ff8e75bafff entry_point = 0x7ff8e75b0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1368 start_va = 0x7ff8e76f0000 end_va = 0x7ff8e7707fff entry_point = 0x7ff8e76f0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1369 start_va = 0x7ff8e79b0000 end_va = 0x7ff8e7b32fff entry_point = 0x7ff8e79b0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1370 start_va = 0x7ff8e7b40000 end_va = 0x7ff8e7bb1fff entry_point = 0x7ff8e7b40000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1371 start_va = 0x7ff8e7cd0000 end_va = 0x7ff8e7ce5fff entry_point = 0x7ff8e7cd0000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1372 start_va = 0x7ff8e7d90000 end_va = 0x7ff8e7da0fff entry_point = 0x7ff8e7d90000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1373 start_va = 0x7ff8e7f00000 end_va = 0x7ff8e7f79fff entry_point = 0x7ff8e7f00000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1374 start_va = 0x7ff8e8140000 end_va = 0x7ff8e81e0fff entry_point = 0x7ff8e8140000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 1375 start_va = 0x7ff8e81f0000 end_va = 0x7ff8e8254fff entry_point = 0x7ff8e81f0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1376 start_va = 0x7ff8e8460000 end_va = 0x7ff8e846afff entry_point = 0x7ff8e8460000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1377 start_va = 0x7ff8e8480000 end_va = 0x7ff8e84b7fff entry_point = 0x7ff8e8480000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1378 start_va = 0x7ff8e84e0000 end_va = 0x7ff8e84f7fff entry_point = 0x7ff8e84e0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1379 start_va = 0x7ff8e8650000 end_va = 0x7ff8e869afff entry_point = 0x7ff8e8650000 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 1380 start_va = 0x7ff8e86a0000 end_va = 0x7ff8e8851fff entry_point = 0x7ff8e86a0000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1381 start_va = 0x7ff8e8860000 end_va = 0x7ff8e8acdfff entry_point = 0x7ff8e8860000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 1382 start_va = 0x7ff8e8ad0000 end_va = 0x7ff8e8ae2fff entry_point = 0x7ff8e8ad0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1383 start_va = 0x7ff8e8af0000 end_va = 0x7ff8e8b55fff entry_point = 0x7ff8e8af0000 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1384 start_va = 0x7ff8e8b60000 end_va = 0x7ff8e8b84fff entry_point = 0x7ff8e8b60000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 1385 start_va = 0x7ff8e8b90000 end_va = 0x7ff8e8bb5fff entry_point = 0x7ff8e8b90000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1386 start_va = 0x7ff8e8bc0000 end_va = 0x7ff8e8bfefff entry_point = 0x7ff8e8bc0000 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 1387 start_va = 0x7ff8e8c00000 end_va = 0x7ff8e8c31fff entry_point = 0x7ff8e8c00000 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 1388 start_va = 0x7ff8e8c40000 end_va = 0x7ff8e8c54fff entry_point = 0x7ff8e8c40000 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 1389 start_va = 0x7ff8e8c60000 end_va = 0x7ff8e8cfbfff entry_point = 0x7ff8e8c60000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1390 start_va = 0x7ff8e8d00000 end_va = 0x7ff8e8fa2fff entry_point = 0x7ff8e8d00000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 1391 start_va = 0x7ff8e8fb0000 end_va = 0x7ff8e8fd1fff entry_point = 0x7ff8e8fb0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1392 start_va = 0x7ff8e9000000 end_va = 0x7ff8e905bfff entry_point = 0x7ff8e9000000 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 1393 start_va = 0x7ff8e9060000 end_va = 0x7ff8e9127fff entry_point = 0x7ff8e9060000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 1394 start_va = 0x7ff8e9130000 end_va = 0x7ff8e9200fff entry_point = 0x7ff8e9130000 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 1395 start_va = 0x7ff8e9500000 end_va = 0x7ff8e9577fff entry_point = 0x7ff8e9500000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1396 start_va = 0x7ff8e9680000 end_va = 0x7ff8e9715fff entry_point = 0x7ff8e9680000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1397 start_va = 0x7ff8e9720000 end_va = 0x7ff8e9746fff entry_point = 0x7ff8e9720000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1398 start_va = 0x7ff8e9860000 end_va = 0x7ff8e994dfff entry_point = 0x7ff8e9860000 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1399 start_va = 0x7ff8e99e0000 end_va = 0x7ff8e9a07fff entry_point = 0x7ff8e99e0000 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 1400 start_va = 0x7ff8e9e00000 end_va = 0x7ff8e9e0bfff entry_point = 0x7ff8e9e00000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1401 start_va = 0x7ff8e9fe0000 end_va = 0x7ff8e9ffbfff entry_point = 0x7ff8e9fe0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1402 start_va = 0x7ff8ea000000 end_va = 0x7ff8ea00bfff entry_point = 0x7ff8ea000000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1403 start_va = 0x7ff8ea010000 end_va = 0x7ff8ea035fff entry_point = 0x7ff8ea010000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1404 start_va = 0x7ff8ea0f0000 end_va = 0x7ff8ea121fff entry_point = 0x7ff8ea0f0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1405 start_va = 0x7ff8ea1d0000 end_va = 0x7ff8ea1d9fff entry_point = 0x7ff8ea1d0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1406 start_va = 0x7ff8ea270000 end_va = 0x7ff8ea2a2fff entry_point = 0x7ff8ea270000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1407 start_va = 0x7ff8ea360000 end_va = 0x7ff8ea37efff entry_point = 0x7ff8ea360000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1408 start_va = 0x7ff8ea3c0000 end_va = 0x7ff8ea467fff entry_point = 0x7ff8ea3c0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1409 start_va = 0x7ff8ea5c0000 end_va = 0x7ff8ea61cfff entry_point = 0x7ff8ea5c0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1410 start_va = 0x7ff8ea620000 end_va = 0x7ff8ea636fff entry_point = 0x7ff8ea620000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1411 start_va = 0x7ff8ea790000 end_va = 0x7ff8ea79afff entry_point = 0x7ff8ea790000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1412 start_va = 0x7ff8ea820000 end_va = 0x7ff8ea877fff entry_point = 0x7ff8ea820000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1413 start_va = 0x7ff8ea880000 end_va = 0x7ff8ea8b5fff entry_point = 0x7ff8ea880000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1414 start_va = 0x7ff8ea8c0000 end_va = 0x7ff8ea8e5fff entry_point = 0x7ff8ea8c0000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1415 start_va = 0x7ff8ea9d0000 end_va = 0x7ff8ea9fbfff entry_point = 0x7ff8ea9d0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1416 start_va = 0x7ff8eabd0000 end_va = 0x7ff8eabf7fff entry_point = 0x7ff8eabd0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1417 start_va = 0x7ff8eac00000 end_va = 0x7ff8eac6afff entry_point = 0x7ff8eac00000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1418 start_va = 0x7ff8eac70000 end_va = 0x7ff8ead07fff entry_point = 0x7ff8eac70000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1419 start_va = 0x7ff8eadb0000 end_va = 0x7ff8eadc0fff entry_point = 0x7ff8eadb0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1420 start_va = 0x7ff8eadd0000 end_va = 0x7ff8eae19fff entry_point = 0x7ff8eadd0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1421 start_va = 0x7ff8eae20000 end_va = 0x7ff8eae2efff entry_point = 0x7ff8eae20000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1422 start_va = 0x7ff8eae30000 end_va = 0x7ff8eae42fff entry_point = 0x7ff8eae30000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1423 start_va = 0x7ff8eae50000 end_va = 0x7ff8eaea3fff entry_point = 0x7ff8eae50000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1424 start_va = 0x7ff8eaf60000 end_va = 0x7ff8eafa3fff entry_point = 0x7ff8eaf60000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1425 start_va = 0x7ff8eafb0000 end_va = 0x7ff8eb170fff entry_point = 0x7ff8eafb0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1426 start_va = 0x7ff8eb180000 end_va = 0x7ff8eb7a7fff entry_point = 0x7ff8eb180000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1427 start_va = 0x7ff8eb7b0000 end_va = 0x7ff8eb862fff entry_point = 0x7ff8eb7b0000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1428 start_va = 0x7ff8eb870000 end_va = 0x7ff8eba4cfff entry_point = 0x7ff8eb870000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1429 start_va = 0x7ff8ebb30000 end_va = 0x7ff8ebbedfff entry_point = 0x7ff8ebb30000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1430 start_va = 0x7ff8ebbf0000 end_va = 0x7ff8ebdb4fff entry_point = 0x7ff8ebbf0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1431 start_va = 0x7ff8ebdc0000 end_va = 0x7ff8ebf0dfff entry_point = 0x7ff8ebdc0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1432 start_va = 0x7ff8ec0c0000 end_va = 0x7ff8ec21bfff entry_point = 0x7ff8ec0c0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1433 start_va = 0x7ff8ec220000 end_va = 0x7ff8ec23bfff entry_point = 0x7ff8ec220000 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1434 start_va = 0x7ff8ec240000 end_va = 0x7ff8ec29afff entry_point = 0x7ff8ec240000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1435 start_va = 0x7ff8ec2a0000 end_va = 0x7ff8ec2fafff entry_point = 0x7ff8ec2a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1436 start_va = 0x7ff8ec300000 end_va = 0x7ff8ec440fff entry_point = 0x7ff8ec300000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1437 start_va = 0x7ff8ec450000 end_va = 0x7ff8ec575fff entry_point = 0x7ff8ec450000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1438 start_va = 0x7ff8ec580000 end_va = 0x7ff8edaa4fff entry_point = 0x7ff8ec580000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1439 start_va = 0x7ff8edb10000 end_va = 0x7ff8edbb4fff entry_point = 0x7ff8edb10000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1440 start_va = 0x7ff8edbc0000 end_va = 0x7ff8edd44fff entry_point = 0x7ff8edbc0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1441 start_va = 0x7ff8edd60000 end_va = 0x7ff8edfdbfff entry_point = 0x7ff8edd60000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1442 start_va = 0x7ff8edfe0000 end_va = 0x7ff8ee030fff entry_point = 0x7ff8edfe0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1443 start_va = 0x7ff8ee040000 end_va = 0x7ff8ee0a8fff entry_point = 0x7ff8ee040000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1444 start_va = 0x7ff8ee0b0000 end_va = 0x7ff8ee14cfff entry_point = 0x7ff8ee0b0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1445 start_va = 0x7ff8ee150000 end_va = 0x7ff8ee185fff entry_point = 0x7ff8ee150000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1446 start_va = 0x7ff8ee190000 end_va = 0x7ff8ee235fff entry_point = 0x7ff8ee190000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1447 start_va = 0x7ff8ee250000 end_va = 0x7ff8ee257fff entry_point = 0x7ff8ee250000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1448 start_va = 0x7ff8ee260000 end_va = 0x7ff8ee2cefff entry_point = 0x7ff8ee260000 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1449 start_va = 0x7ff8ee2d0000 end_va = 0x7ff8ee37cfff entry_point = 0x7ff8ee2d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1450 start_va = 0x7ff8ee380000 end_va = 0x7ff8ee541fff entry_point = 0x7ff8ee380000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1452 start_va = 0x6260000 end_va = 0x6392fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006260000" filename = "" Region: id = 1453 start_va = 0xf80000 end_va = 0xf80fff entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1454 start_va = 0x7ff8d5240000 end_va = 0x7ff8d525ffff entry_point = 0x7ff8d5240000 region_type = mapped_file name = "avifil32.dll" filename = "\\Windows\\System32\\avifil32.dll" (normalized: "c:\\windows\\system32\\avifil32.dll") Region: id = 1455 start_va = 0x4510000 end_va = 0x458ffff entry_point = 0x0 region_type = private name = "private_0x0000000004510000" filename = "" Region: id = 1456 start_va = 0x7ff79ee6c000 end_va = 0x7ff79ee6dfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee6c000" filename = "" Region: id = 1457 start_va = 0x7ff8d64c0000 end_va = 0x7ff8d64e8fff entry_point = 0x7ff8d64c0000 region_type = mapped_file name = "msvfw32.dll" filename = "\\Windows\\System32\\msvfw32.dll" (normalized: "c:\\windows\\system32\\msvfw32.dll") Region: id = 1458 start_va = 0xfc0000 end_va = 0xfc1fff entry_point = 0xfc0000 region_type = mapped_file name = "msvfw32.dll.mui" filename = "\\Windows\\System32\\en-US\\msvfw32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msvfw32.dll.mui") Region: id = 1459 start_va = 0x7ff8d5220000 end_va = 0x7ff8d523bfff entry_point = 0x7ff8d5220000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 1460 start_va = 0xe3e0000 end_va = 0xe91ffff entry_point = 0x0 region_type = private name = "private_0x000000000e3e0000" filename = "" Region: id = 1461 start_va = 0x7ff8ee240000 end_va = 0x7ff8ee247fff entry_point = 0x7ff8ee240000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1462 start_va = 0x48d0000 end_va = 0x48d6fff entry_point = 0x0 region_type = private name = "private_0x00000000048d0000" filename = "" Region: id = 1463 start_va = 0x50f0000 end_va = 0x516ffff entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1464 start_va = 0x7ff79ee66000 end_va = 0x7ff79ee67fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee66000" filename = "" Region: id = 1465 start_va = 0x5490000 end_va = 0x550ffff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 1466 start_va = 0x5e90000 end_va = 0x5f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000005e90000" filename = "" Region: id = 1467 start_va = 0x7ff79ee56000 end_va = 0x7ff79ee57fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee56000" filename = "" Region: id = 1468 start_va = 0x7ff79ee62000 end_va = 0x7ff79ee63fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee62000" filename = "" Region: id = 1469 start_va = 0x64d0000 end_va = 0x654ffff entry_point = 0x0 region_type = private name = "private_0x00000000064d0000" filename = "" Region: id = 1470 start_va = 0x6e80000 end_va = 0x6efffff entry_point = 0x0 region_type = private name = "private_0x0000000006e80000" filename = "" Region: id = 1471 start_va = 0x7ff79ee4a000 end_va = 0x7ff79ee4bfff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee4a000" filename = "" Region: id = 1472 start_va = 0x7ff79ee52000 end_va = 0x7ff79ee53fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee52000" filename = "" Region: id = 1473 start_va = 0x3000000 end_va = 0x3003fff entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1474 start_va = 0x3010000 end_va = 0x3040fff entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 1475 start_va = 0x3050000 end_va = 0x3052fff entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 1476 start_va = 0x93f0000 end_va = 0x946ffff entry_point = 0x0 region_type = private name = "private_0x00000000093f0000" filename = "" Region: id = 1477 start_va = 0x9470000 end_va = 0x94effff entry_point = 0x0 region_type = private name = "private_0x0000000009470000" filename = "" Region: id = 1478 start_va = 0x94f0000 end_va = 0x956ffff entry_point = 0x0 region_type = private name = "private_0x00000000094f0000" filename = "" Region: id = 1479 start_va = 0xe920000 end_va = 0xee11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000e920000" filename = "" Region: id = 1480 start_va = 0x7ff79ee44000 end_va = 0x7ff79ee45fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee44000" filename = "" Region: id = 1481 start_va = 0x7ff79ee48000 end_va = 0x7ff79ee49fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee48000" filename = "" Region: id = 1482 start_va = 0x7ff79ef94000 end_va = 0x7ff79ef95fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ef94000" filename = "" Region: id = 1483 start_va = 0x7ff8d63f0000 end_va = 0x7ff8d641ffff entry_point = 0x7ff8d63f0000 region_type = mapped_file name = "shutdownux.dll" filename = "\\Windows\\System32\\shutdownux.dll" (normalized: "c:\\windows\\system32\\shutdownux.dll") Region: id = 1484 start_va = 0x7ff8df180000 end_va = 0x7ff8df18dfff entry_point = 0x7ff8df180000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1485 start_va = 0x3000000 end_va = 0x3004fff entry_point = 0x3000000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1486 start_va = 0x3060000 end_va = 0x3062fff entry_point = 0x3060000 region_type = mapped_file name = "shutdownux.dll.mui" filename = "\\Windows\\System32\\en-US\\ShutdownUX.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shutdownux.dll.mui") Region: id = 1487 start_va = 0x5f40000 end_va = 0x5f70fff entry_point = 0x0 region_type = private name = "private_0x0000000005f40000" filename = "" Region: id = 1488 start_va = 0x7ff8e8260000 end_va = 0x7ff8e826bfff entry_point = 0x7ff8e8260000 region_type = mapped_file name = "navshutdown.dll" filename = "\\Windows\\System32\\navshutdown.dll" (normalized: "c:\\windows\\system32\\navshutdown.dll") Region: id = 1489 start_va = 0x4be0000 end_va = 0x4c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 1490 start_va = 0x7ff79ee42000 end_va = 0x7ff79ee43fff entry_point = 0x0 region_type = private name = "private_0x00007ff79ee42000" filename = "" Thread: id = 31 os_tid = 0xc5c [0181.268] StrCmpIW (psz1="VirtualDesktop", psz2="DelegateExecute") returned 1 [0181.268] RegGetValueW (in: hkey=0x66c, lpSubKey="W32:000000000004022C", lpValue="VirtualDesktop", dwFlags=0x8, pdwType=0x0, pvData=0x2e2f540, pcbData=0x2e2f510*=0x18 | out: pdwType=0x0, pvData=0x2e2f540, pcbData=0x2e2f510*=0x18) returned 0x2 Thread: id = 32 os_tid = 0x6a8 Thread: id = 33 os_tid = 0xc88 [0186.306] StrCmpIW (psz1="ActivationType", psz2="DelegateExecute") returned -1 [0186.306] RegGetValueW (in: hkey=0x20f8, lpSubKey=0x0, lpValue="ActivationType", dwFlags=0x10, pdwType=0x0, pvData=0x6e7e708, pcbData=0x6e7e520*=0x4 | out: pdwType=0x0, pvData=0x6e7e708, pcbData=0x6e7e520*=0x4) returned 0x0 [0186.306] StrCmpIW (psz1="Threading", psz2="DelegateExecute") returned 1 [0186.306] RegGetValueW (in: hkey=0x20f8, lpSubKey=0x0, lpValue="Threading", dwFlags=0x10, pdwType=0x0, pvData=0x6e7e73c, pcbData=0x6e7e520*=0x4 | out: pdwType=0x0, pvData=0x6e7e73c, pcbData=0x6e7e520*=0x4) returned 0x2 [0186.306] StrCmpIW (psz1="TrustLevel", psz2="DelegateExecute") returned 1 [0186.306] RegGetValueW (in: hkey=0x20f8, lpSubKey=0x0, lpValue="TrustLevel", dwFlags=0x10, pdwType=0x0, pvData=0x6e7e744, pcbData=0x6e7e520*=0x4 | out: pdwType=0x0, pvData=0x6e7e744, pcbData=0x6e7e520*=0x4) returned 0x0 [0186.306] StrCmpIW (psz1="ActivateAsUser", psz2="DelegateExecute") returned -1 [0186.306] RegGetValueW (in: hkey=0x20f8, lpSubKey=0x0, lpValue="ActivateAsUser", dwFlags=0x10, pdwType=0x0, pvData=0x6e7e764, pcbData=0x6e7e520*=0x4 | out: pdwType=0x0, pvData=0x6e7e764, pcbData=0x6e7e520*=0x4) returned 0x2 Thread: id = 34 os_tid = 0x90c Thread: id = 35 os_tid = 0x960 Thread: id = 36 os_tid = 0x7c8 Thread: id = 37 os_tid = 0x7e8 Thread: id = 38 os_tid = 0x95c Thread: id = 39 os_tid = 0x974 Thread: id = 40 os_tid = 0x46c Thread: id = 41 os_tid = 0xbe0 [0183.407] RegGetValueW (in: hkey=0x2022, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0x471d640, pcbData=0x471d588*=0xc8 | out: pdwType=0x0, pvData=0x471d640, pcbData=0x471d588*=0xc8) returned 0x2 [0183.408] RegGetValueW (in: hkey=0x2022, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x471d490, pvData=0x0, pcbData=0x471d4e8*=0x0 | out: pdwType=0x471d490*=0x1, pvData=0x0, pcbData=0x471d4e8*=0x1e) returned 0x0 [0183.408] RegGetValueW (in: hkey=0x2022, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x471d490, pvData=0xad18b40, pcbData=0x471d4e8*=0x1e | out: pdwType=0x471d490*=0x1, pvData="PSOAInterface", pcbData=0x471d4e8*=0x1c) returned 0x0 [0183.408] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0183.408] RegGetValueW (in: hkey=0x20b2, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0x471d3e0, pvData=0x0, pcbData=0x471d438*=0x0 | out: pdwType=0x471d3e0*=0x0, pvData=0x0, pcbData=0x471d438*=0x0) returned 0x2 [0183.408] RegGetValueW (in: hkey=0x20b2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x471d420, pvData=0x0, pcbData=0x471d478*=0x0 | out: pdwType=0x471d420*=0x1, pvData=0x0, pcbData=0x471d478*=0x44) returned 0x0 [0183.408] RegGetValueW (in: hkey=0x20b2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x471d420, pvData=0xad75ce0, pcbData=0x471d478*=0x44 | out: pdwType=0x471d420*=0x1, pvData="C:\\Windows\\System32\\oleaut32.dll", pcbData=0x471d478*=0x42) returned 0x0 [0183.408] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0183.408] RegGetValueW (in: hkey=0x20b2, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0x471d3d0, pvData=0x471d3f0, pcbData=0x471d3b8*=0x3c | out: pdwType=0x471d3d0*=0x1, pvData="Both", pcbData=0x471d3b8*=0xa) returned 0x0 [0183.408] RegGetValueW (in: hkey=0x2022, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0x471d440, pvData=0x0, pcbData=0x471d498*=0x0 | out: pdwType=0x471d440*=0x0, pvData=0x0, pcbData=0x471d498*=0x0) returned 0x2 [0183.408] RegGetValueW (in: hkey=0x2022, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0x471d440, pvData=0x0, pcbData=0x471d498*=0x0 | out: pdwType=0x471d440*=0x0, pvData=0x0, pcbData=0x471d498*=0x0) returned 0x2 [0183.409] RegGetValueW (in: hkey=0x2022, lpSubKey=0x0, lpValue=0x0, dwFlags=0x6, pdwType=0x0, pvData=0x471db00, pcbData=0x471daf0*=0x4e | out: pdwType=0x0, pvData=0x471db00, pcbData=0x471daf0*=0x4e) returned 0x0 [0183.472] RegGetValueW (in: hkey=0x2156, lpSubKey=0x0, lpValue=0x0, dwFlags=0x6, pdwType=0x0, pvData=0x471eb20, pcbData=0x471e8f0*=0x50 | out: pdwType=0x0, pvData=0x471eb20, pcbData=0x471e8f0*=0x4e) returned 0x0 [0183.473] RegGetValueW (in: hkey=0x20ca, lpSubKey=0x0, lpValue=0x0, dwFlags=0x6, pdwType=0x0, pvData=0x471eba0, pcbData=0x471ea5c*=0x208 | out: pdwType=0x0, pvData=0x471eba0, pcbData=0x471ea5c*=0x40) returned 0x0 Thread: id = 42 os_tid = 0xbdc Thread: id = 43 os_tid = 0xa98 Thread: id = 44 os_tid = 0xa94 [0179.805] RegGetValueW (in: hkey=0x211a, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f8*=0x80 | out: pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f8*=0x80) returned 0x2 [0179.805] RegGetValueW (in: hkey=0x2106, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed8c0, pcbData=0xaaed8b0*=0x4e | out: pdwType=0x0, pvData=0xaaed8c0, pcbData=0xaaed8b0*=0x4e) returned 0x2 [0180.073] RegGetValueW (in: hkey=0x20f2, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed768*=0x80 | out: pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed768*=0x80) returned 0x2 [0180.073] RegGetValueW (in: hkey=0x20e2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x20e6, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x210e, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x20e2, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed830, pcbData=0xaaed820*=0x4e | out: pdwType=0x0, pvData=0xaaed830, pcbData=0xaaed820*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x2106, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.074] RegGetValueW (in: hkey=0x2126, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.163] RegGetValueW (in: hkey=0x2126, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0180.163] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.163] RegGetValueW (in: hkey=0x2106, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.165] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrCmpIW") returned 0x7ff8edfebe50 [0180.165] StrCmpIW (psz1=".ods", psz2="DelegateExecute") returned -1 [0180.165] RegGetValueW (in: hkey=0x2130, lpSubKey=0x0, lpValue=".ods", dwFlags=0x2, pdwType=0x0, pvData=0xaaec240, pcbData=0xaaebfd8*=0x208 | out: pdwType=0x0, pvData=0xaaec240, pcbData=0xaaebfd8*=0x12) returned 0x0 [0180.165] StrCmpIW (psz1="Content Type", psz2="DelegateExecute") returned -1 [0180.165] RegGetValueW (in: hkey=0x2132, lpSubKey=0x0, lpValue="Content Type", dwFlags=0x2, pdwType=0x0, pvData=0xaaec030, pcbData=0xaaebfd8*=0x208 | out: pdwType=0x0, pvData=0xaaec030, pcbData=0xaaebfd8*=0x5e) returned 0x0 [0180.166] RegGetValueW (in: hkey=0x212a, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec790, pcbData=0xaaec788*=0x80 | out: pdwType=0x0, pvData=0xaaec790, pcbData=0xaaec788*=0x80) returned 0x2 [0180.166] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.166] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x50 | out: pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x12) returned 0x0 [0180.196] RegGetValueW (in: hkey=0x2106, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f8*=0x80 | out: pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f8*=0x80) returned 0x2 [0180.197] RegGetValueW (in: hkey=0x2126, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaea5f0, pcbData=0xaaea5e8*=0x80 | out: pdwType=0x0, pvData=0xaaea5f0, pcbData=0xaaea5e8*=0x80) returned 0x2 [0180.197] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaea780, pcbData=0xaaea770*=0x4e | out: pdwType=0x0, pvData=0xaaea780, pcbData=0xaaea770*=0x4e) returned 0x2 [0180.197] RegGetValueW (in: hkey=0x2106, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaea800, pcbData=0xaaea7f0*=0x4e | out: pdwType=0x0, pvData=0xaaea800, pcbData=0xaaea7f0*=0x4e) returned 0x2 [0180.197] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.198] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaea5f0, pcbData=0xaaea5e0*=0x50 | out: pdwType=0x0, pvData=0xaaea5f0, pcbData=0xaaea5e0*=0x12) returned 0x0 [0180.198] RegGetValueW (in: hkey=0x211a, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaea6b0, pcbData=0xaaea6a0*=0x4e | out: pdwType=0x0, pvData=0xaaea6b0, pcbData=0xaaea6a0*=0x4e) returned 0x0 [0180.198] RegGetValueW (in: hkey=0x210e, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaea800, pcbData=0xaaea7f0*=0x4e | out: pdwType=0x0, pvData=0xaaea800, pcbData=0xaaea7f0*=0x4e) returned 0x2 [0180.198] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaea800, pcbData=0xaaea7f0*=0x4e | out: pdwType=0x0, pvData=0xaaea800, pcbData=0xaaea7f0*=0x4e) returned 0x2 [0180.199] StrCmpIW (psz1=".ods", psz2="DelegateExecute") returned -1 [0180.199] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers", lpValue=".ods", dwFlags=0x2, pdwType=0x0, pvData=0xaaec230, pcbData=0xaaec220*=0x4e | out: pdwType=0x0, pvData=0xaaec230, pcbData=0xaaec220*=0x4e) returned 0x2 [0180.199] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ods", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec230, pcbData=0xaaec220*=0x4e | out: pdwType=0x0, pvData=0xaaec230, pcbData=0xaaec220*=0x4e) returned 0x2 [0180.199] RegGetValueW (in: hkey=0x2126, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaebfa0, pcbData=0xaaebf98*=0x80 | out: pdwType=0x0, pvData=0xaaebfa0, pcbData=0xaaebf98*=0x80) returned 0x2 [0180.199] RegGetValueW (in: hkey=0x210e, lpSubKey="ShellEx\\PropertyHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec130, pcbData=0xaaec120*=0x4e | out: pdwType=0x0, pvData=0xaaec130, pcbData=0xaaec120*=0x4e) returned 0x2 [0180.199] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\PropertyHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec1b0, pcbData=0xaaec1a0*=0x4e | out: pdwType=0x0, pvData=0xaaec1b0, pcbData=0xaaec1a0*=0x4e) returned 0x2 [0180.200] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.200] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaebfa0, pcbData=0xaaebf90*=0x50 | out: pdwType=0x0, pvData=0xaaebfa0, pcbData=0xaaebf90*=0x12) returned 0x0 [0180.200] RegGetValueW (in: hkey=0x210e, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec060, pcbData=0xaaec050*=0x4e | out: pdwType=0x0, pvData=0xaaec060, pcbData=0xaaec050*=0x4e) returned 0x0 [0180.200] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\PropertyHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec1b0, pcbData=0xaaec1a0*=0x4e | out: pdwType=0x0, pvData=0xaaec1b0, pcbData=0xaaec1a0*=0x4e) returned 0x2 [0180.200] RegGetValueW (in: hkey=0x2106, lpSubKey="ShellEx\\PropertyHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec1b0, pcbData=0xaaec1a0*=0x4e | out: pdwType=0x0, pvData=0xaaec1b0, pcbData=0xaaec1a0*=0x4e) returned 0x2 [0180.249] RegGetValueW (in: hkey=0x2126, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec608*=0x80 | out: pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec608*=0x80) returned 0x2 [0180.249] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec7a0, pcbData=0xaaec790*=0x4e | out: pdwType=0x0, pvData=0xaaec7a0, pcbData=0xaaec790*=0x4e) returned 0x2 [0180.249] RegGetValueW (in: hkey=0x2106, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e | out: pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e) returned 0x2 [0180.249] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.249] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x50 | out: pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x12) returned 0x0 [0180.249] RegGetValueW (in: hkey=0x211a, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec6d0, pcbData=0xaaec6c0*=0x4e | out: pdwType=0x0, pvData=0xaaec6d0, pcbData=0xaaec6c0*=0x4e) returned 0x0 [0180.250] RegGetValueW (in: hkey=0x210e, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e | out: pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e) returned 0x2 [0180.250] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e | out: pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e) returned 0x2 [0180.251] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.251] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaecda0, pcbData=0xaaecd90*=0x50 | out: pdwType=0x0, pvData=0xaaecda0, pcbData=0xaaecd90*=0x12) returned 0x0 [0180.251] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed8f0, pcbData=0xaaed8e0*=0x208 | out: pdwType=0x0, pvData=0xaaed8f0, pcbData=0xaaed8e0*=0x42) returned 0x0 [0180.253] StrCmpIW (psz1="DelegateExecute", psz2="DelegateExecute") returned 0 [0180.253] NtQueryKey (in: KeyHandle=0x2076, KeyInformationClass=0x3, KeyInformation=0x0, Length=0x0, ResultLength=0xaaed788 | out: KeyInformation=0x0, ResultLength=0xaaed788) returned 0xc0000023 [0180.253] lstrlenW (lpString="command") returned 7 [0180.253] NtQueryKey (in: KeyHandle=0x2076, KeyInformationClass=0x3, KeyInformation=0xe90e480, Length=0xae, ResultLength=0xaaed788 | out: KeyInformation=0xe90e480, ResultLength=0xaaed788) returned 0x0 [0180.253] lstrcpyW (in: lpString1=0xe90e522, lpString2="command" | out: lpString1="command") returned="command" [0180.253] StrStrIW (lpFirst="\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\Excel.OpenDocumentSpreadsheet.12\\shell\\Open\\command", lpSrch="SOFTWARE\\Classes\\Chrome") returned 0x0 [0180.253] RegGetValueW (in: hkey=0x2076, lpSubKey="command", lpValue="DelegateExecute", dwFlags=0x2, pdwType=0x0, pvData=0xaaed7d0, pcbData=0xaaed7c0*=0x4e | out: pdwType=0x0, pvData=0xaaed7d0, pcbData=0xaaed7c0*=0x4e) returned 0x2 [0180.277] RegGetValueW (in: hkey=0x2132, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed768*=0x80 | out: pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed768*=0x80) returned 0x2 [0180.277] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0180.277] RegGetValueW (in: hkey=0x212e, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.277] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.277] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed760*=0x50 | out: pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed760*=0x12) returned 0x0 [0180.278] RegGetValueW (in: hkey=0x210e, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.278] RegGetValueW (in: hkey=0x20f2, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed830, pcbData=0xaaed820*=0x4e | out: pdwType=0x0, pvData=0xaaed830, pcbData=0xaaed820*=0x4e) returned 0x0 [0180.278] RegGetValueW (in: hkey=0x2126, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.278] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.279] RegGetValueW (in: hkey=0x210e, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec430, pcbData=0xaaec428*=0x80 | out: pdwType=0x0, pvData=0xaaec430, pcbData=0xaaec428*=0x80) returned 0x2 [0180.279] RegGetValueW (in: hkey=0x2126, lpSubKey="ShellEx\\{000214F9-0000-0000-C000-000000000046}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec5c0, pcbData=0xaaec5b0*=0x4e | out: pdwType=0x0, pvData=0xaaec5c0, pcbData=0xaaec5b0*=0x4e) returned 0x2 [0180.280] RegGetValueW (in: hkey=0x211a, lpSubKey="ShellEx\\{000214F9-0000-0000-C000-000000000046}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec640, pcbData=0xaaec630*=0x4e | out: pdwType=0x0, pvData=0xaaec640, pcbData=0xaaec630*=0x4e) returned 0x2 [0180.280] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0180.280] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".ods", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaec430, pcbData=0xaaec420*=0x50 | out: pdwType=0x0, pvData=0xaaec430, pcbData=0xaaec420*=0x12) returned 0x0 [0180.280] RegGetValueW (in: hkey=0x2126, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec4f0, pcbData=0xaaec4e0*=0x4e | out: pdwType=0x0, pvData=0xaaec4f0, pcbData=0xaaec4e0*=0x4e) returned 0x0 [0180.280] RegGetValueW (in: hkey=0x2132, lpSubKey="ShellEx\\{000214F9-0000-0000-C000-000000000046}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec640, pcbData=0xaaec630*=0x4e | out: pdwType=0x0, pvData=0xaaec640, pcbData=0xaaec630*=0x4e) returned 0x2 [0180.280] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\{000214F9-0000-0000-C000-000000000046}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec640, pcbData=0xaaec630*=0x4e | out: pdwType=0x0, pvData=0xaaec640, pcbData=0xaaec630*=0x4e) returned 0x2 [0180.461] RegGetValueW (in: hkey=0x2130, lpSubKey=0x0, lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaae8570, pcbData=0xaae8070*=0x1048 | out: pdwType=0x0, pvData=0xaae8570, pcbData=0xaae8070*=0x1048) returned 0x2 [0180.462] RegGetValueW (in: hkey=0x2130, lpSubKey=0x0, lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaae82b0, pcbData=0xaae7f74*=0x208 | out: pdwType=0x0, pvData=0xaae82b0, pcbData=0xaae7f74*=0x208) returned 0x2 [0180.475] RegGetValueW (in: hkey=0x210e, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0180.475] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.476] RegGetValueW (in: hkey=0x2132, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0180.512] RegGetValueW (in: hkey=0x2132, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f8*=0x80 | out: pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f8*=0x80) returned 0x2 [0180.512] RegGetValueW (in: hkey=0x212a, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed8c0, pcbData=0xaaed8b0*=0x4e | out: pdwType=0x0, pvData=0xaaed8c0, pcbData=0xaaed8b0*=0x4e) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x2132, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed768*=0x80 | out: pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed768*=0x80) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x2126, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x2132, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x212a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x2136, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.853] RegGetValueW (in: hkey=0x20f2, lpSubKey="Clsid", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed830, pcbData=0xaaed820*=0x4e | out: pdwType=0x0, pvData=0xaaed830, pcbData=0xaaed820*=0x4e) returned 0x2 [0181.854] RegGetValueW (in: hkey=0x20da, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.854] RegGetValueW (in: hkey=0x211e, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.944] RegGetValueW (in: hkey=0x2130, lpSubKey=0x0, lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaae8570, pcbData=0xaae8070*=0x1048 | out: pdwType=0x0, pvData=0xaae8570, pcbData=0xaae8070*=0x1048) returned 0x2 [0181.945] RegGetValueW (in: hkey=0x2130, lpSubKey=0x0, lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaae82b0, pcbData=0xaae7f74*=0x208 | out: pdwType=0x0, pvData=0xaae82b0, pcbData=0xaae7f74*=0x208) returned 0x2 [0181.958] RegGetValueW (in: hkey=0x2126, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0181.958] RegGetValueW (in: hkey=0x20f2, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.958] RegGetValueW (in: hkey=0x2132, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0181.988] RegGetValueW (in: hkey=0x1a96, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaeda30, pcbData=0xaaeda28*=0x80 | out: pdwType=0x0, pvData=0xaaeda30, pcbData=0xaaeda28*=0x80) returned 0x2 [0181.989] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0181.989] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f0*=0x50 | out: pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f0*=0x50) returned 0x2 [0181.989] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0181.989] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey="SystemFileAssociations\\.flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f0*=0x50 | out: pdwType=0x0, pvData=0xaaed800, pcbData=0xaaed7f0*=0x50) returned 0x2 [0182.870] RegGetValueW (in: hkey=0x22e6, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec840, pcbData=0xaaec838*=0x80 | out: pdwType=0x0, pvData=0xaaec840, pcbData=0xaaec838*=0x80) returned 0x2 [0182.873] RegGetValueW (in: hkey=0x22ee, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec7a0, pcbData=0xaaec790*=0x4e | out: pdwType=0x0, pvData=0xaaec7a0, pcbData=0xaaec790*=0x4e) returned 0x2 [0182.873] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0182.873] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x50 | out: pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x50) returned 0x2 [0182.873] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0182.873] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey="SystemFileAssociations\\.flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x50 | out: pdwType=0x0, pvData=0xaaec610, pcbData=0xaaec600*=0x50) returned 0x2 [0182.873] RegGetValueW (in: hkey=0x22de, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e | out: pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e) returned 0x2 [0182.873] RegGetValueW (in: hkey=0x22e6, lpSubKey="ShellEx\\{973810AE-9599-4B88-9E4D-6EE98C9552DA}", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e | out: pdwType=0x0, pvData=0xaaec820, pcbData=0xaaec810*=0x4e) returned 0x2 [0182.874] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0182.874] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaecda0, pcbData=0xaaecd90*=0x50 | out: pdwType=0x0, pvData=0xaaecda0, pcbData=0xaaecd90*=0x50) returned 0x2 [0182.874] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0182.874] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey="SystemFileAssociations\\.flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaecda0, pcbData=0xaaecd90*=0x50 | out: pdwType=0x0, pvData=0xaaecda0, pcbData=0xaaecd90*=0x50) returned 0x2 [0182.874] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".flv", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed8f0, pcbData=0xaaed8e0*=0x208 | out: pdwType=0x0, pvData=0xaaed8f0, pcbData=0xaaed8e0*=0x208) returned 0x2 [0182.874] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.874] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x4, pvData=0xaaed9b8*=0x0, pcbData=0xaaed9b4*=0x4) returned 0x0 [0182.874] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.874] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.874] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.874] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.874] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.874] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.875] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.875] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.875] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.875] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.875] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.875] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.875] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.875] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.875] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.875] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.875] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.876] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.876] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.876] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.876] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.876] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.876] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.876] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.876] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.876] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.876] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.877] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.877] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.877] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.877] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.877] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.877] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.877] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.877] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.877] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.877] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.878] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.878] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.878] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.878] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.878] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.878] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.878] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.878] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.878] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.879] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.879] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.879] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.879] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0182.879] StrCmpIW (psz1="Hidden", psz2="DelegateExecute") returned 1 [0182.879] RegGetValueW (in: hkey=0x22d4, lpSubKey=0x0, lpValue="Hidden", dwFlags=0x10000012, pdwType=0xaaed9b0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4 | out: pdwType=0xaaed9b0*=0x0, pvData=0xaaed9b8, pcbData=0xaaed9b4*=0x4) returned 0x2 [0182.879] StrCmpIW (psz1=".flv", psz2="DelegateExecute") returned -1 [0182.879] RegGetValueW (in: hkey=0x22d4, lpSubKey="FileAssociations", lpValue=".flv", dwFlags=0x2, pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e | out: pdwType=0x0, pvData=0xaaeda20, pcbData=0xaaeda10*=0x4e) returned 0x2 [0183.010] RegGetValueW (in: hkey=0x1a96, lpSubKey="CurVer", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed9a0, pcbData=0xaaed998*=0x80 | out: pdwType=0x0, pvData=0xaaed9a0, pcbData=0xaaed998*=0x80) returned 0x2 [0183.010] RegGetValueW (in: hkey=0x213a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0183.010] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0183.010] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey=".flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed760*=0x50 | out: pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed760*=0x50) returned 0x2 [0183.010] StrCmpIW (psz1="PerceivedType", psz2="DelegateExecute") returned 1 [0183.010] RegGetValueW (in: hkey=0xffffffff80000000, lpSubKey="SystemFileAssociations\\.flv", lpValue="PerceivedType", dwFlags=0x2, pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed760*=0x50 | out: pdwType=0x0, pvData=0xaaed770, pcbData=0xaaed760*=0x50) returned 0x2 [0183.011] RegGetValueW (in: hkey=0x22de, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0183.011] RegGetValueW (in: hkey=0x1a96, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0183.081] RegGetValueW (in: hkey=0x22dc, lpSubKey=0x0, lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaae8570, pcbData=0xaae8070*=0x1048 | out: pdwType=0x0, pvData=0xaae8570, pcbData=0xaae8070*=0x1048) returned 0x2 [0183.081] RegGetValueW (in: hkey=0x22dc, lpSubKey=0x0, lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaae82b0, pcbData=0xaae7f74*=0x208 | out: pdwType=0x0, pvData=0xaae82b0, pcbData=0xaae7f74*=0x208) returned 0x2 [0183.092] RegGetValueW (in: hkey=0x213a, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e | out: pdwType=0x0, pvData=0xaaed900, pcbData=0xaaed8f0*=0x4e) returned 0x2 [0183.093] RegGetValueW (in: hkey=0x1a96, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 [0183.093] RegGetValueW (in: hkey=0x22de, lpSubKey="ShellEx\\LibraryDescriptionHandler", lpValue=0x0, dwFlags=0x2, pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e | out: pdwType=0x0, pvData=0xaaed980, pcbData=0xaaed970*=0x4e) returned 0x2 Thread: id = 45 os_tid = 0xa18 Thread: id = 46 os_tid = 0x970 Thread: id = 47 os_tid = 0x964 Thread: id = 48 os_tid = 0x950 Thread: id = 49 os_tid = 0x948 Thread: id = 50 os_tid = 0x930 [0181.296] StrCmpIW (psz1="providerId", psz2="DelegateExecute") returned 1 [0181.296] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\TokenBroker\\DefaultAccount", lpValue="providerId", dwFlags=0x2, pdwType=0x0, pvData=0x0, pcbData=0x9feedb4*=0x0 | out: pdwType=0x0, pvData=0x0, pcbData=0x9feedb4*=0x0) returned 0x2 Thread: id = 51 os_tid = 0x92c Thread: id = 52 os_tid = 0x8fc Thread: id = 53 os_tid = 0x8f8 Thread: id = 54 os_tid = 0x8f4 Thread: id = 55 os_tid = 0x8f0 Thread: id = 56 os_tid = 0x8a4 Thread: id = 57 os_tid = 0x878 Thread: id = 58 os_tid = 0x86c Thread: id = 59 os_tid = 0x848 [0185.797] StrCmpIW (psz1="DisableAntiSpyware", psz2="DelegateExecute") returned 1 [0185.797] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", lpValue="DisableAntiSpyware", dwFlags=0x10, pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4 | out: pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4) returned 0x0 [0185.798] StrCmpIW (psz1="DisableRealtimeMonitoring", psz2="DelegateExecute") returned 1 [0185.798] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-time Protection", lpValue="DisableRealtimeMonitoring", dwFlags=0x10, pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4 | out: pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4) returned 0x2 [0185.799] StrCmpIW (psz1="DisableAntiSpyware", psz2="DelegateExecute") returned 1 [0185.799] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", lpValue="DisableAntiSpyware", dwFlags=0x10, pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4 | out: pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4) returned 0x0 [0185.799] StrCmpIW (psz1="DisableRealtimeMonitoring", psz2="DelegateExecute") returned 1 [0185.799] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-time Protection", lpValue="DisableRealtimeMonitoring", dwFlags=0x10, pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4 | out: pdwType=0x0, pvData=0x64ce550, pcbData=0x64ce558*=0x4) returned 0x2 Thread: id = 60 os_tid = 0x840 Thread: id = 61 os_tid = 0x830 Thread: id = 62 os_tid = 0x82c Thread: id = 63 os_tid = 0x810 Thread: id = 64 os_tid = 0x80c [0182.803] StrCmpIW (psz1="VKToggleGameBar", psz2="DelegateExecute") returned 1 [0182.803] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\GameDVR", lpValue="VKToggleGameBar", dwFlags=0x10, pdwType=0x0, pvData=0x49ce130, pcbData=0x49ce138*=0x4 | out: pdwType=0x0, pvData=0x49ce130, pcbData=0x49ce138*=0x4) returned 0x2 [0183.781] StrCmpIW (psz1="AllowAutoAppRestartOnCrash", psz2="DelegateExecute") returned -1 [0183.781] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\Launcher", lpValue="AllowAutoAppRestartOnCrash", dwFlags=0x10000012, pdwType=0x49cdd50, pvData=0x49cdd88, pcbData=0x49cdd54*=0x4 | out: pdwType=0x49cdd50*=0x0, pvData=0x49cdd88, pcbData=0x49cdd54*=0x4) returned 0x2 [0183.882] StrCmpIW (psz1="AllowAutoAppRestartOnCrash", psz2="DelegateExecute") returned -1 [0183.882] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\Launcher", lpValue="AllowAutoAppRestartOnCrash", dwFlags=0x10000012, pdwType=0x49cdd40, pvData=0x49cdd78, pcbData=0x49cdd44*=0x4 | out: pdwType=0x49cdd40*=0x0, pvData=0x49cdd78, pcbData=0x49cdd44*=0x4) returned 0x2 [0183.954] StrCmpIW (psz1="VKToggleGameBar", psz2="DelegateExecute") returned 1 [0183.954] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\GameDVR", lpValue="VKToggleGameBar", dwFlags=0x10, pdwType=0x0, pvData=0x49ce130, pcbData=0x49ce138*=0x4 | out: pdwType=0x0, pvData=0x49ce130, pcbData=0x49ce138*=0x4) returned 0x2 Thread: id = 65 os_tid = 0x804 Thread: id = 66 os_tid = 0x478 [0180.605] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0180.605] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317e830, pvData=0x317e868, pcbData=0x317e834*=0x4 | out: pdwType=0x317e830*=0x0, pvData=0x317e868, pcbData=0x317e834*=0x4) returned 0x2 [0180.605] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0180.605] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317ea20, pcbData=0x317ea28*=0x4 | out: pdwType=0x0, pvData=0x317ea20, pcbData=0x317ea28*=0x4) returned 0x0 [0180.605] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0180.605] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317e7a0, pvData=0x317e7d8, pcbData=0x317e7a4*=0x4 | out: pdwType=0x317e7a0*=0x0, pvData=0x317e7d8, pcbData=0x317e7a4*=0x4) returned 0x2 [0180.605] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0180.605] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317e990, pcbData=0x317e998*=0x4 | out: pdwType=0x0, pvData=0x317e990, pcbData=0x317e998*=0x4) returned 0x0 [0180.605] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0180.605] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317e7a0, pvData=0x317e7d8, pcbData=0x317e7a4*=0x4 | out: pdwType=0x317e7a0*=0x0, pvData=0x317e7d8, pcbData=0x317e7a4*=0x4) returned 0x2 [0180.605] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0180.605] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317e990, pcbData=0x317e998*=0x4 | out: pdwType=0x0, pvData=0x317e990, pcbData=0x317e998*=0x4) returned 0x0 [0180.820] RegGetValueW (in: hkey=0x1fde, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0x317ea30, pcbData=0x317e978*=0xc8 | out: pdwType=0x0, pvData=0x317ea30, pcbData=0x317e978*=0xc8) returned 0x2 [0180.820] RegGetValueW (in: hkey=0x1fde, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x317e880, pvData=0x0, pcbData=0x317e8d8*=0x0 | out: pdwType=0x317e880*=0x1, pvData=0x0, pcbData=0x317e8d8*=0x54) returned 0x0 [0180.820] RegGetValueW (in: hkey=0x1fde, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x317e880, pvData=0x9615500, pcbData=0x317e8d8*=0x54 | out: pdwType=0x317e880*=0x1, pvData="Authentication UI Legacy Shutdown Dialog", pcbData=0x317e8d8*=0x52) returned 0x0 [0180.820] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0180.820] RegGetValueW (in: hkey=0x1ff6, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0x317e7d0, pvData=0x0, pcbData=0x317e828*=0x0 | out: pdwType=0x317e7d0*=0x0, pvData=0x0, pcbData=0x317e828*=0x0) returned 0x2 [0180.820] RegGetValueW (in: hkey=0x1ff6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x317e810, pvData=0x0, pcbData=0x317e868*=0x0 | out: pdwType=0x317e810*=0x1, pvData=0x0, pcbData=0x317e868*=0x4a) returned 0x0 [0180.820] RegGetValueW (in: hkey=0x1ff6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x317e810, pvData=0x9614e40, pcbData=0x317e868*=0x4a | out: pdwType=0x317e810*=0x1, pvData="C:\\Windows\\system32\\shutdownux.dll", pcbData=0x317e868*=0x4a) returned 0x0 [0180.820] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0180.820] RegGetValueW (in: hkey=0x1ff6, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0x317e7c0, pvData=0x317e7e0, pcbData=0x317e7a8*=0x3c | out: pdwType=0x317e7c0*=0x1, pvData="Apartment", pcbData=0x317e7a8*=0x14) returned 0x0 [0180.820] RegGetValueW (in: hkey=0x1fde, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0x317e830, pvData=0x0, pcbData=0x317e888*=0x0 | out: pdwType=0x317e830*=0x0, pvData=0x0, pcbData=0x317e888*=0x0) returned 0x2 [0180.820] RegGetValueW (in: hkey=0x1fde, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0x317e830, pvData=0x0, pcbData=0x317e888*=0x0 | out: pdwType=0x317e830*=0x0, pvData=0x0, pcbData=0x317e888*=0x0) returned 0x2 [0180.862] StrCmpIW (psz1="Reason Setting", psz2="DelegateExecute") returned 1 [0180.862] RegGetValueW (in: hkey=0x1ff4, lpSubKey=0x0, lpValue="Reason Setting", dwFlags=0x10, pdwType=0x0, pvData=0x317eff8, pcbData=0x317ef50*=0x4 | out: pdwType=0x0, pvData=0x317eff8, pcbData=0x317ef50*=0x4) returned 0x0 [0180.862] StrCmpIW (psz1="NoDisconnect", psz2="DelegateExecute") returned 1 [0180.862] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", lpValue="NoDisconnect", dwFlags=0x10000012, pdwType=0x317c154, pvData=0x317c150, pcbData=0x317c158*=0x4 | out: pdwType=0x317c154*=0x0, pvData=0x317c150, pcbData=0x317c158*=0x4) returned 0x2 [0180.862] StrCmpIW (psz1="NoDisconnect", psz2="DelegateExecute") returned 1 [0180.862] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", lpValue="NoDisconnect", dwFlags=0x10000012, pdwType=0x317c154, pvData=0x317c150, pcbData=0x317c158*=0x4 | out: pdwType=0x317c154*=0x0, pvData=0x317c150, pcbData=0x317c158*=0x4) returned 0x2 [0180.863] StrCmpIW (psz1="NoLogoff", psz2="DelegateExecute") returned 1 [0180.863] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", lpValue="NoLogoff", dwFlags=0x10000012, pdwType=0x317c154, pvData=0x317c150, pcbData=0x317c158*=0x4 | out: pdwType=0x317c154*=0x0, pvData=0x317c150, pcbData=0x317c158*=0x4) returned 0x2 [0180.863] StrCmpIW (psz1="NoLogoff", psz2="DelegateExecute") returned 1 [0180.863] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", lpValue="NoLogoff", dwFlags=0x10000012, pdwType=0x317c154, pvData=0x317c150, pcbData=0x317c158*=0x4 | out: pdwType=0x317c154*=0x0, pvData=0x317c150, pcbData=0x317c158*=0x4) returned 0x2 [0180.865] StrCmpIW (psz1="ShowHibernateOption", psz2="DelegateExecute") returned 1 [0180.865] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FlyoutMenuSettings", lpValue="ShowHibernateOption", dwFlags=0x10000012, pdwType=0x317c044, pvData=0x317c040, pcbData=0x317c048*=0x4 | out: pdwType=0x317c044*=0x0, pvData=0x317c040, pcbData=0x317c048*=0x4) returned 0x2 [0180.865] StrCmpIW (psz1="ShowSleepOption", psz2="DelegateExecute") returned 1 [0180.865] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FlyoutMenuSettings", lpValue="ShowSleepOption", dwFlags=0x10000012, pdwType=0x317c044, pvData=0x317c040, pcbData=0x317c048*=0x4 | out: pdwType=0x317c044*=0x0, pvData=0x317c040, pcbData=0x317c048*=0x4) returned 0x2 [0180.865] StrCmpIW (psz1="NoAUShutdownOption", psz2="DelegateExecute") returned 1 [0180.865] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", lpValue="NoAUShutdownOption", dwFlags=0x10000012, pdwType=0x317c044, pvData=0x317c040, pcbData=0x317c048*=0x4 | out: pdwType=0x317c044*=0x0, pvData=0x317c040, pcbData=0x317c048*=0x4) returned 0x2 [0180.865] StrCmpIW (psz1="NoAUShutdownOption", psz2="DelegateExecute") returned 1 [0180.865] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", lpValue="NoAUShutdownOption", dwFlags=0x10000012, pdwType=0x317c044, pvData=0x317c040, pcbData=0x317c048*=0x4 | out: pdwType=0x317c044*=0x0, pvData=0x317c040, pcbData=0x317c048*=0x4) returned 0x2 [0180.867] StrCmpIW (psz1="NoAUAsDefaultShutdownOption", psz2="DelegateExecute") returned 1 [0180.867] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", lpValue="NoAUAsDefaultShutdownOption", dwFlags=0x10000012, pdwType=0x317c044, pvData=0x317c040, pcbData=0x317c048*=0x4 | out: pdwType=0x317c044*=0x0, pvData=0x317c040, pcbData=0x317c048*=0x4) returned 0x2 [0180.868] StrCmpIW (psz1="NoAUAsDefaultShutdownOption", psz2="DelegateExecute") returned 1 [0180.868] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU", lpValue="NoAUAsDefaultShutdownOption", dwFlags=0x10000012, pdwType=0x317c044, pvData=0x317c040, pcbData=0x317c048*=0x4 | out: pdwType=0x317c044*=0x0, pvData=0x317c040, pcbData=0x317c048*=0x4) returned 0x2 [0181.099] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0181.099] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317b120, pvData=0x317b158, pcbData=0x317b124*=0x4 | out: pdwType=0x317b120*=0x0, pvData=0x317b158, pcbData=0x317b124*=0x4) returned 0x2 [0181.100] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0181.100] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317b310, pcbData=0x317b318*=0x4 | out: pdwType=0x0, pvData=0x317b310, pcbData=0x317b318*=0x4) returned 0x0 [0181.100] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0181.100] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317b090, pvData=0x317b0c8, pcbData=0x317b094*=0x4 | out: pdwType=0x317b090*=0x0, pvData=0x317b0c8, pcbData=0x317b094*=0x4) returned 0x2 [0181.100] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0181.100] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317b280, pcbData=0x317b288*=0x4 | out: pdwType=0x0, pvData=0x317b280, pcbData=0x317b288*=0x4) returned 0x0 [0181.100] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0181.100] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317b090, pvData=0x317b0c8, pcbData=0x317b094*=0x4 | out: pdwType=0x317b090*=0x0, pvData=0x317b0c8, pcbData=0x317b094*=0x4) returned 0x2 [0181.100] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0181.100] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317b280, pcbData=0x317b288*=0x4 | out: pdwType=0x0, pvData=0x317b280, pcbData=0x317b288*=0x4) returned 0x0 [0183.307] StrCmpIW (psz1="AutoColorization", psz2="DelegateExecute") returned -1 [0183.307] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="AutoColorization", dwFlags=0x10000012, pdwType=0x317e8b0, pvData=0x317e8e8, pcbData=0x317e8b4*=0x4 | out: pdwType=0x317e8b0*=0x0, pvData=0x317e8e8, pcbData=0x317e8b4*=0x4) returned 0x2 [0183.350] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0183.350] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317dfa0, pvData=0x317dfd8, pcbData=0x317dfa4*=0x4 | out: pdwType=0x317dfa0*=0x0, pvData=0x317dfd8, pcbData=0x317dfa4*=0x4) returned 0x2 [0183.350] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0183.350] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317e190, pcbData=0x317e198*=0x4 | out: pdwType=0x0, pvData=0x317e190, pcbData=0x317e198*=0x4) returned 0x0 [0183.350] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0183.350] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317df10, pvData=0x317df48, pcbData=0x317df14*=0x4 | out: pdwType=0x317df10*=0x0, pvData=0x317df48, pcbData=0x317df14*=0x4) returned 0x2 [0183.350] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0183.351] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317e100, pcbData=0x317e108*=0x4 | out: pdwType=0x0, pvData=0x317e100, pcbData=0x317e108*=0x4) returned 0x0 [0183.351] StrCmpIW (psz1="UseApp", psz2="DelegateExecute") returned 1 [0183.351] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="UseApp", dwFlags=0x10000012, pdwType=0x317df10, pvData=0x317df48, pcbData=0x317df14*=0x4 | out: pdwType=0x317df10*=0x0, pvData=0x317df48, pcbData=0x317df14*=0x4) returned 0x2 [0183.351] StrCmpIW (psz1="SearchboxTaskbarMode", psz2="DelegateExecute") returned 1 [0183.351] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Search", lpValue="SearchboxTaskbarMode", dwFlags=0x10, pdwType=0x0, pvData=0x317e100, pcbData=0x317e108*=0x4 | out: pdwType=0x0, pvData=0x317e100, pcbData=0x317e108*=0x4) returned 0x0 Thread: id = 67 os_tid = 0x5b4 Thread: id = 68 os_tid = 0x5e8 [0180.830] StrCmpIW (psz1="providerId", psz2="DelegateExecute") returned 1 [0180.830] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\TokenBroker\\DefaultAccount", lpValue="providerId", dwFlags=0x2, pdwType=0x0, pvData=0x0, pcbData=0x2daed84*=0x0 | out: pdwType=0x0, pvData=0x0, pcbData=0x2daed84*=0x0) returned 0x2 [0180.854] RegGetValueW (in: hkey=0x1f7e, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0x2dae720, pcbData=0x2dae668*=0xc8 | out: pdwType=0x0, pvData=0x2dae720, pcbData=0x2dae668*=0xc8) returned 0x2 [0180.854] RegGetValueW (in: hkey=0x1f7e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae570, pvData=0x0, pcbData=0x2dae5c8*=0x0 | out: pdwType=0x2dae570*=0x1, pvData=0x0, pcbData=0x2dae5c8*=0x20) returned 0x0 [0180.854] RegGetValueW (in: hkey=0x1f7e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae570, pvData=0xad20850, pcbData=0x2dae5c8*=0x20 | out: pdwType=0x2dae570*=0x1, pvData="Identity Store", pcbData=0x2dae5c8*=0x1e) returned 0x0 [0180.854] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0180.854] RegGetValueW (in: hkey=0x1fa6, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0x2dae4c0, pvData=0x0, pcbData=0x2dae518*=0x0 | out: pdwType=0x2dae4c0*=0x0, pvData=0x0, pcbData=0x2dae518*=0x0) returned 0x2 [0180.854] RegGetValueW (in: hkey=0x1fa6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae500, pvData=0x0, pcbData=0x2dae558*=0x0 | out: pdwType=0x2dae500*=0x1, pvData=0x0, pcbData=0x2dae558*=0x44) returned 0x0 [0180.854] RegGetValueW (in: hkey=0x1fa6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae500, pvData=0xad71c80, pcbData=0x2dae558*=0x44 | out: pdwType=0x2dae500*=0x1, pvData="C:\\Windows\\System32\\IDStore.dll", pcbData=0x2dae558*=0x44) returned 0x0 [0180.854] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0180.855] RegGetValueW (in: hkey=0x1fa6, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0x2dae4b0, pvData=0x2dae4d0, pcbData=0x2dae498*=0x3c | out: pdwType=0x2dae4b0*=0x1, pvData="Both", pcbData=0x2dae498*=0xa) returned 0x0 [0180.855] RegGetValueW (in: hkey=0x1f7e, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0x2dae520, pvData=0x0, pcbData=0x2dae578*=0x0 | out: pdwType=0x2dae520*=0x0, pvData=0x0, pcbData=0x2dae578*=0x0) returned 0x2 [0180.855] RegGetValueW (in: hkey=0x1f7e, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0x2dae520, pvData=0x0, pcbData=0x2dae578*=0x0 | out: pdwType=0x2dae520*=0x0, pvData=0x0, pcbData=0x2dae578*=0x0) returned 0x2 [0180.856] RegGetValueW (in: hkey=0x1fa6, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0x2dae6a0, pcbData=0x2dae5e8*=0xc8 | out: pdwType=0x0, pvData=0x2dae6a0, pcbData=0x2dae5e8*=0xc8) returned 0x2 [0180.856] RegGetValueW (in: hkey=0x1fa6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae4f0, pvData=0x0, pcbData=0x2dae548*=0x0 | out: pdwType=0x2dae4f0*=0x1, pvData=0x0, pcbData=0x2dae548*=0x2c) returned 0x0 [0180.856] RegGetValueW (in: hkey=0x1fa6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae4f0, pvData=0xadb6710, pcbData=0x2dae548*=0x2c | out: pdwType=0x2dae4f0*=0x1, pvData="Connected User Store", pcbData=0x2dae548*=0x2a) returned 0x0 [0180.856] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0180.857] RegGetValueW (in: hkey=0x1fee, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0x2dae440, pvData=0x0, pcbData=0x2dae498*=0x0 | out: pdwType=0x2dae440*=0x0, pvData=0x0, pcbData=0x2dae498*=0x0) returned 0x2 [0180.857] RegGetValueW (in: hkey=0x1fee, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae480, pvData=0x0, pcbData=0x2dae4d8*=0x0 | out: pdwType=0x2dae480*=0x1, pvData=0x0, pcbData=0x2dae4d8*=0x44) returned 0x0 [0180.857] RegGetValueW (in: hkey=0x1fee, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x2dae480, pvData=0xad716e0, pcbData=0x2dae4d8*=0x44 | out: pdwType=0x2dae480*=0x1, pvData="C:\\Windows\\System32\\IDStore.dll", pcbData=0x2dae4d8*=0x44) returned 0x0 [0180.857] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0180.857] RegGetValueW (in: hkey=0x1fee, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0x2dae430, pvData=0x2dae450, pcbData=0x2dae418*=0x3c | out: pdwType=0x2dae430*=0x1, pvData="Both", pcbData=0x2dae418*=0xa) returned 0x0 [0180.857] RegGetValueW (in: hkey=0x1fa6, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0x2dae4a0, pvData=0x0, pcbData=0x2dae4f8*=0x0 | out: pdwType=0x2dae4a0*=0x0, pvData=0x0, pcbData=0x2dae4f8*=0x0) returned 0x2 [0180.857] RegGetValueW (in: hkey=0x1fa6, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0x2dae4a0, pvData=0x0, pcbData=0x2dae4f8*=0x0 | out: pdwType=0x2dae4a0*=0x0, pvData=0x0, pcbData=0x2dae4f8*=0x0) returned 0x2 [0180.873] StrCmpIW (psz1="providerId", psz2="DelegateExecute") returned 1 [0180.873] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\TokenBroker\\DefaultAccount", lpValue="providerId", dwFlags=0x2, pdwType=0x0, pvData=0x0, pcbData=0x2daed84*=0x0 | out: pdwType=0x0, pvData=0x0, pcbData=0x2daed84*=0x0) returned 0x2 Thread: id = 69 os_tid = 0x55c [0180.351] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0180.351] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d824, pcbData=0xe7d820*=0x4 | out: pdwType=0x0, pvData=0xe7d824, pcbData=0xe7d820*=0x4) returned 0x2 [0180.351] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0180.351] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d7c0, pcbData=0xe7d780*=0x4 | out: pdwType=0x0, pvData=0xe7d7c0, pcbData=0xe7d780*=0x4) returned 0x0 [0180.553] RegGetValueW (in: hkey=0x2106, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0xe7ea60, pcbData=0xe7e9a8*=0xc8 | out: pdwType=0x0, pvData=0xe7ea60, pcbData=0xe7e9a8*=0xc8) returned 0x2 [0180.554] RegGetValueW (in: hkey=0x2106, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7e8b0, pvData=0x0, pcbData=0xe7e908*=0x0 | out: pdwType=0xe7e8b0*=0x0, pvData=0x0, pcbData=0xe7e908*=0x0) returned 0x2 [0180.554] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0180.554] RegGetValueW (in: hkey=0x20e2, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0xe7e800, pvData=0x0, pcbData=0xe7e858*=0x0 | out: pdwType=0xe7e800*=0x0, pvData=0x0, pcbData=0xe7e858*=0x0) returned 0x2 [0180.554] RegGetValueW (in: hkey=0x20e2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7e840, pvData=0x0, pcbData=0xe7e898*=0x0 | out: pdwType=0xe7e840*=0x1, pvData=0x0, pcbData=0xe7e898*=0x4e) returned 0x0 [0180.554] RegGetValueW (in: hkey=0x20e2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7e840, pvData=0x96142a0, pcbData=0xe7e898*=0x4e | out: pdwType=0xe7e840*=0x1, pvData="C:\\Windows\\system32\\dataexchange.dll", pcbData=0xe7e898*=0x4e) returned 0x0 [0180.554] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0180.554] RegGetValueW (in: hkey=0x20e2, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0xe7e7f0, pvData=0xe7e810, pcbData=0xe7e7d8*=0x3c | out: pdwType=0xe7e7f0*=0x1, pvData="Both", pcbData=0xe7e7d8*=0xa) returned 0x0 [0180.554] RegGetValueW (in: hkey=0x2106, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0xe7e860, pvData=0x0, pcbData=0xe7e8b8*=0x0 | out: pdwType=0xe7e860*=0x0, pvData=0x0, pcbData=0xe7e8b8*=0x0) returned 0x2 [0180.554] RegGetValueW (in: hkey=0x2106, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0xe7e860, pvData=0x0, pcbData=0xe7e8b8*=0x0 | out: pdwType=0xe7e860*=0x0, pvData=0x0, pcbData=0xe7e8b8*=0x0) returned 0x2 [0180.568] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0180.568] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7ed74, pcbData=0xe7ed70*=0x4 | out: pdwType=0x0, pvData=0xe7ed74, pcbData=0xe7ed70*=0x4) returned 0x2 [0180.568] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0180.569] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7ed10, pcbData=0xe7ecd0*=0x4 | out: pdwType=0x0, pvData=0xe7ed10, pcbData=0xe7ecd0*=0x4) returned 0x0 [0180.615] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0180.615] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d5e4, pcbData=0xe7d5e0*=0x4 | out: pdwType=0x0, pvData=0xe7d5e4, pcbData=0xe7d5e0*=0x4) returned 0x2 [0180.616] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0180.616] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d580, pcbData=0xe7d540*=0x4 | out: pdwType=0x0, pvData=0xe7d580, pcbData=0xe7d540*=0x4) returned 0x0 [0180.794] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0180.794] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d604, pcbData=0xe7d600*=0x4 | out: pdwType=0x0, pvData=0xe7d604, pcbData=0xe7d600*=0x4) returned 0x2 [0180.794] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0180.794] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d5a0, pcbData=0xe7d560*=0x4 | out: pdwType=0x0, pvData=0xe7d5a0, pcbData=0xe7d560*=0x4) returned 0x0 [0180.994] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0180.994] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d5e4, pcbData=0xe7d5e0*=0x4 | out: pdwType=0x0, pvData=0xe7d5e4, pcbData=0xe7d5e0*=0x4) returned 0x2 [0180.994] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0180.994] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d580, pcbData=0xe7d540*=0x4 | out: pdwType=0x0, pvData=0xe7d580, pcbData=0xe7d540*=0x4) returned 0x0 [0181.112] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0181.112] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d824, pcbData=0xe7d820*=0x4 | out: pdwType=0x0, pvData=0xe7d824, pcbData=0xe7d820*=0x4) returned 0x2 [0181.112] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0181.112] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d7c0, pcbData=0xe7d780*=0x4 | out: pdwType=0x0, pvData=0xe7d7c0, pcbData=0xe7d780*=0x4) returned 0x0 [0181.280] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0181.280] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d844, pcbData=0xe7d840*=0x4 | out: pdwType=0x0, pvData=0xe7d844, pcbData=0xe7d840*=0x4) returned 0x2 [0181.281] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0181.281] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d7e0, pcbData=0xe7d7a0*=0x4 | out: pdwType=0x0, pvData=0xe7d7e0, pcbData=0xe7d7a0*=0x4) returned 0x0 [0182.313] StrCmpIW (psz1="DisplayVersion", psz2="DelegateExecute") returned 1 [0182.313] RegGetValueW (in: hkey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows", lpValue="DisplayVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d824, pcbData=0xe7d820*=0x4 | out: pdwType=0x0, pvData=0xe7d824, pcbData=0xe7d820*=0x4) returned 0x2 [0182.313] StrCmpIW (psz1="PaintDesktopVersion", psz2="DelegateExecute") returned 1 [0182.313] RegGetValueW (in: hkey=0xffffffff80000001, lpSubKey="Control Panel\\Desktop", lpValue="PaintDesktopVersion", dwFlags=0x10, pdwType=0x0, pvData=0xe7d7c0, pcbData=0xe7d780*=0x4 | out: pdwType=0x0, pvData=0xe7d7c0, pcbData=0xe7d780*=0x4) returned 0x0 [0183.331] RegGetValueW (in: hkey=0x20b6, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0xe7e180, pcbData=0xe7e0c8*=0xc8 | out: pdwType=0x0, pvData=0xe7e180, pcbData=0xe7e0c8*=0xc8) returned 0x2 [0183.332] RegGetValueW (in: hkey=0x20b6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7dfd0, pvData=0x0, pcbData=0xe7e028*=0x0 | out: pdwType=0xe7dfd0*=0x1, pvData=0x0, pcbData=0xe7e028*=0x1c) returned 0x0 [0183.332] RegGetValueW (in: hkey=0x20b6, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7dfd0, pvData=0xad1f7a0, pcbData=0xe7e028*=0x1c | out: pdwType=0xe7dfd0*=0x1, pvData="ShellWindows", pcbData=0xe7e028*=0x1a) returned 0x0 [0183.332] RegGetValueW (in: hkey=0x20b6, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0xe7df80, pvData=0x0, pcbData=0xe7dfd8*=0x0 | out: pdwType=0xe7df80*=0x0, pvData=0x0, pcbData=0xe7dfd8*=0x0) returned 0x2 [0183.332] RegGetValueW (in: hkey=0x20b6, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0xe7df80, pvData=0x0, pcbData=0xe7dfd8*=0x0 | out: pdwType=0xe7df80*=0x0, pvData=0x0, pcbData=0xe7dfd8*=0x0) returned 0x2 [0183.410] RegGetValueW (in: hkey=0x20b2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x6, pdwType=0x0, pvData=0xe7d1c0, pcbData=0xe7d1b0*=0x4e | out: pdwType=0x0, pvData=0xe7d1c0, pcbData=0xe7d1b0*=0x4e) returned 0x0 [0183.467] RegGetValueW (in: hkey=0xd12, lpSubKey=0x0, lpValue=0x0, dwFlags=0x6, pdwType=0x0, pvData=0xe7d0c0, pcbData=0xe7ce90*=0x50 | out: pdwType=0x0, pvData=0xe7d0c0, pcbData=0xe7ce90*=0x4e) returned 0x0 [0183.467] RegGetValueW (in: hkey=0x213e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x6, pdwType=0x0, pvData=0xe7d140, pcbData=0xe7cffc*=0x208 | out: pdwType=0x0, pvData=0xe7d140, pcbData=0xe7cffc*=0x40) returned 0x0 [0183.470] RegGetValueW (in: hkey=0xd12, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0xe7cb20, pcbData=0xe7ca68*=0xc8 | out: pdwType=0x0, pvData=0xe7cb20, pcbData=0xe7ca68*=0xc8) returned 0x2 [0183.470] RegGetValueW (in: hkey=0xd12, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7c970, pvData=0x0, pcbData=0xe7c9c8*=0x0 | out: pdwType=0xe7c970*=0x1, pvData=0x0, pcbData=0xe7c9c8*=0x18) returned 0x0 [0183.470] RegGetValueW (in: hkey=0xd12, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7c970, pvData=0xade2cf0, pcbData=0xe7c9c8*=0x18 | out: pdwType=0xe7c970*=0x1, pvData="PSDispatch", pcbData=0xe7c9c8*=0x16) returned 0x0 [0183.471] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0183.471] RegGetValueW (in: hkey=0x20ca, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0xe7c8c0, pvData=0x0, pcbData=0xe7c918*=0x0 | out: pdwType=0xe7c8c0*=0x0, pvData=0x0, pcbData=0xe7c918*=0x0) returned 0x2 [0183.471] RegGetValueW (in: hkey=0x20ca, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7c900, pvData=0x0, pcbData=0xe7c958*=0x0 | out: pdwType=0xe7c900*=0x1, pvData=0x0, pcbData=0xe7c958*=0x44) returned 0x0 [0183.471] RegGetValueW (in: hkey=0x20ca, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7c900, pvData=0xad77590, pcbData=0xe7c958*=0x44 | out: pdwType=0xe7c900*=0x1, pvData="C:\\Windows\\System32\\oleaut32.dll", pcbData=0xe7c958*=0x42) returned 0x0 [0183.471] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0183.471] RegGetValueW (in: hkey=0x20ca, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0xe7c8b0, pvData=0xe7c8d0, pcbData=0xe7c898*=0x3c | out: pdwType=0xe7c8b0*=0x1, pvData="Both", pcbData=0xe7c898*=0xa) returned 0x0 [0183.471] RegGetValueW (in: hkey=0xd12, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0xe7c920, pvData=0x0, pcbData=0xe7c978*=0x0 | out: pdwType=0xe7c920*=0x0, pvData=0x0, pcbData=0xe7c978*=0x0) returned 0x2 [0183.471] RegGetValueW (in: hkey=0xd12, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0xe7c920, pvData=0x0, pcbData=0xe7c978*=0x0 | out: pdwType=0xe7c920*=0x0, pvData=0x0, pcbData=0xe7c978*=0x0) returned 0x2 [0183.803] RegGetValueW (in: hkey=0x109a, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0xe7f1b0, pcbData=0xe7f0f8*=0xc8 | out: pdwType=0x0, pvData=0xe7f1b0, pcbData=0xe7f0f8*=0xc8) returned 0x2 [0183.803] RegGetValueW (in: hkey=0x109a, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7f000, pvData=0x0, pcbData=0xe7f058*=0x0 | out: pdwType=0xe7f000*=0x1, pvData=0x0, pcbData=0xe7f058*=0x32) returned 0x0 [0183.803] RegGetValueW (in: hkey=0x109a, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7f000, pvData=0x970f910, pcbData=0xe7f058*=0x32 | out: pdwType=0xe7f000*=0x1, pvData="Memory Mapped Cache Mgr", pcbData=0xe7f058*=0x30) returned 0x0 [0183.803] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0183.804] RegGetValueW (in: hkey=0x213e, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0xe7ef50, pvData=0x0, pcbData=0xe7efa8*=0x0 | out: pdwType=0xe7ef50*=0x0, pvData=0x0, pcbData=0xe7efa8*=0x0) returned 0x2 [0183.804] RegGetValueW (in: hkey=0x213e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7ef90, pvData=0x0, pcbData=0xe7efe8*=0x0 | out: pdwType=0xe7ef90*=0x1, pvData=0x0, pcbData=0xe7efe8*=0x44) returned 0x0 [0183.804] RegGetValueW (in: hkey=0x213e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0xe7ef90, pvData=0xad775e0, pcbData=0xe7efe8*=0x44 | out: pdwType=0xe7ef90*=0x1, pvData="C:\\Windows\\system32\\propsys.dll", pcbData=0xe7efe8*=0x44) returned 0x0 [0183.804] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0183.804] RegGetValueW (in: hkey=0x213e, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0xe7ef40, pvData=0xe7ef60, pcbData=0xe7ef28*=0x3c | out: pdwType=0xe7ef40*=0x1, pvData="Both", pcbData=0xe7ef28*=0xa) returned 0x0 [0183.804] RegGetValueW (in: hkey=0x109a, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0xe7efb0, pvData=0x0, pcbData=0xe7f008*=0x0 | out: pdwType=0xe7efb0*=0x0, pvData=0x0, pcbData=0xe7f008*=0x0) returned 0x2 [0183.804] RegGetValueW (in: hkey=0x109a, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0xe7efb0, pvData=0x0, pcbData=0xe7f008*=0x0 | out: pdwType=0xe7efb0*=0x0, pvData=0x0, pcbData=0xe7f008*=0x0) returned 0x2 Thread: id = 70 os_tid = 0x8e8 [0179.138] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0x307fa78 | out: BaseAddress=0x307fa78*=0x7ff8ee380000) returned 0x0 [0179.139] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtCreateSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4139e0) returned 0x0 [0179.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtUnmapViewOfSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4137e0) returned 0x0 [0179.140] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtMapViewOfSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4137c0) returned 0x0 [0179.141] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwOpenProcessToken", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee414680) returned 0x0 [0179.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwClose", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee413630) returned 0x0 [0179.142] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwQueryInformationToken", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee413750) returned 0x0 [0179.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwOpenProcess", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4137a0) returned 0x0 [0179.143] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="NtQuerySystemInformation", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4138a0) returned 0x0 [0179.144] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlNtStatusToDosError", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee38f0c0) returned 0x0 [0179.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwQueryInformationProcess", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4136d0) returned 0x0 [0179.145] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlImageDirectoryEntryToData", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee396850) returned 0x0 [0179.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_wcsupr", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4058a0) returned 0x0 [0179.146] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_strupr", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee404f60) returned 0x0 [0179.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memmove", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee417e80) returned 0x0 [0179.147] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="bsearch", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee406420) returned 0x0 [0179.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee405260) returned 0x0 [0179.148] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_strlwr", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee404e60) returned 0x0 [0179.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="atoi", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4043d0) returned 0x0 [0179.149] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="strstr", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee408bd0) returned 0x0 [0179.150] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="wcscpy", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee409650) returned 0x0 [0179.151] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="ZwQueryKey", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4136a0) returned 0x0 [0179.151] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlUpcaseUnicodeString", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3d3170) returned 0x0 [0179.151] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlFreeUnicodeString", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3a7110) returned 0x0 [0179.152] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="sprintf", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee407fb0) returned 0x0 [0179.152] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="_snprintf", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee404970) returned 0x0 [0179.153] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memset", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4181c0) returned 0x0 [0179.153] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee417e80) returned 0x0 [0179.153] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="strcpy", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4082f0) returned 0x0 [0179.154] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlAdjustPrivilege", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3f32a0) returned 0x0 [0179.154] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="mbstowcs", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4075a0) returned 0x0 [0179.155] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="RtlImageNtHeader", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee396820) returned 0x0 [0179.155] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee4076a0) returned 0x0 [0179.155] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="__C_specific_handler", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee403f20) returned 0x0 [0179.156] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee380000, Name="__chkstk", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee416290) returned 0x0 [0179.156] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x307fa78 | out: BaseAddress=0x307fa78*=0x7ff8ee2d0000) returned 0x0 [0179.157] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetLocalTime", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ee9e0) returned 0x0 [0179.157] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenProcess", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ea8f0) returned 0x0 [0179.158] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualQueryEx", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f24a0) returned 0x0 [0179.158] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateRemoteThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3126d0) returned 0x0 [0179.159] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eeca0) returned 0x0 [0179.159] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetVersion", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f1fd0) returned 0x0 [0179.160] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetEndOfFile", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5ae0) returned 0x0 [0179.160] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RemoveDirectoryW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5ad0) returned 0x0 [0179.160] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetTempFileNameA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f59e0) returned 0x0 [0179.161] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3881b0) returned 0x0 [0179.161] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ebaf0) returned 0x0 [0179.162] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ed680) returned 0x0 [0179.162] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5510) returned 0x0 [0179.162] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WriteProcessMemory", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ee710) returned 0x0 [0179.163] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5760) returned 0x0 [0179.163] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcmpiA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ebb10) returned 0x0 [0179.164] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0c70) returned 0x0 [0179.164] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f2080) returned 0x0 [0179.165] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6580) returned 0x0 [0179.165] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcmpA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2edf40) returned 0x0 [0179.165] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetModuleHandleA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ee6d0) returned 0x0 [0179.166] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateFileMappingA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2d5bc0) returned 0x0 [0179.166] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="MapViewOfFile", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ee950) returned 0x0 [0179.167] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e8f00) returned 0x0 [0179.167] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eecc0) returned 0x0 [0179.167] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GlobalLock", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6230) returned 0x0 [0179.168] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrlenA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ebb80) returned 0x0 [0179.168] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GlobalAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eb810) returned 0x0 [0179.169] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GlobalUnlock", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6170) returned 0x0 [0179.169] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3aebf0) returned 0x0 [0179.170] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcpyA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eedf0) returned 0x0 [0179.170] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6060) returned 0x0 [0179.170] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6050) returned 0x0 [0179.171] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RemoveDirectoryA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5ac0) returned 0x0 [0179.171] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5790) returned 0x0 [0179.172] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcatA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0e30) returned 0x0 [0179.172] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5b80) returned 0x0 [0179.173] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateDirectoryA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5730) returned 0x0 [0179.173] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapDestroy", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f2e50) returned 0x0 [0179.174] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapCreate", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0f80) returned 0x0 [0179.174] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetEvent", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f56b0) returned 0x0 [0179.175] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3ad8d0) returned 0x0 [0179.176] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e60a0) returned 0x0 [0179.176] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindNextFileW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5880) returned 0x0 [0179.177] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CopyFileW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5d70) returned 0x0 [0179.177] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetWaitableTimer", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f56c0) returned 0x0 [0179.178] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LocalAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e9310) returned 0x0 [0179.178] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6470) returned 0x0 [0179.179] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6030) returned 0x0 [0179.179] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e64b0) returned 0x0 [0179.180] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e9490) returned 0x0 [0179.180] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateEventA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5560) returned 0x0 [0179.181] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetWindowsDirectoryA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f41b0) returned 0x0 [0179.181] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DeleteFileW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f57a0) returned 0x0 [0179.181] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateDirectoryW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5740) returned 0x0 [0179.182] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateWaitableTimerA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f3870) returned 0x0 [0179.182] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5a00) returned 0x0 [0179.183] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindFirstFileW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5840) returned 0x0 [0179.183] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e9320) returned 0x0 [0179.184] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f2c00) returned 0x0 [0179.184] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SuspendThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0d70) returned 0x0 [0179.184] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WaitForMultipleObjects", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f56e0) returned 0x0 [0179.185] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ResumeThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ef570) returned 0x0 [0179.185] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcpyW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0a80) returned 0x0 [0179.186] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FileTimeToSystemTime", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5bf0) returned 0x0 [0179.186] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ebc20) returned 0x0 [0179.186] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5770) returned 0x0 [0179.187] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ResetEvent", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f56a0) returned 0x0 [0179.187] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SwitchToThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ea960) returned 0x0 [0179.188] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcatW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f3830) returned 0x0 [0179.188] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateProcessW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2edee0) returned 0x0 [0179.189] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetFileSize", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5950) returned 0x0 [0179.189] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetFileAttributesW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5930) returned 0x0 [0179.190] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ExpandEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ee420) returned 0x0 [0179.190] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6090) returned 0x0 [0179.191] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3b4420) returned 0x0 [0179.191] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6160) returned 0x0 [0179.191] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3b4ec0) returned 0x0 [0179.192] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetComputerNameA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ec250) returned 0x0 [0179.192] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateMutexA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f55a0) returned 0x0 [0179.193] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenWaitableTimerA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee313a10) returned 0x0 [0179.193] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenMutexA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2d5e30) returned 0x0 [0179.193] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetVolumeInformationA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5a20) returned 0x0 [0179.194] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WaitForSingleObject", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5700) returned 0x0 [0179.194] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ReleaseMutex", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5680) returned 0x0 [0179.195] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetComputerNameW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ec3c0) returned 0x0 [0179.195] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3e38f0) returned 0x0 [0179.196] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LoadLibraryExW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eb820) returned 0x0 [0179.196] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eaa40) returned 0x0 [0179.196] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualFree", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ebc10) returned 0x0 [0179.197] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetLogicalDriveStringsW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f59d0) returned 0x0 [0179.197] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetFileAttributesA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5900) returned 0x0 [0179.198] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenFileMappingA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f3c10) returned 0x0 [0179.198] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetExitCodeProcess", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ee450) returned 0x0 [0179.198] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateProcessA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ed5b0) returned 0x0 [0179.199] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcpynA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3136c0) returned 0x0 [0179.199] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LocalReAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f2c80) returned 0x0 [0179.200] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2edec0) returned 0x0 [0179.200] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6020) returned 0x0 [0179.201] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e64c0) returned 0x0 [0179.201] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eed90) returned 0x0 [0179.201] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetVersionExW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eaa30) returned 0x0 [0179.202] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eeb90) returned 0x0 [0179.202] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5a90) returned 0x0 [0179.203] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SetFilePointer", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5b20) returned 0x0 [0179.203] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Thread32First", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f01b0) returned 0x0 [0179.203] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="QueueUserAPC", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2efe40) returned 0x0 [0179.204] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateToolhelp32Snapshot", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f6830) returned 0x0 [0179.204] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenThread", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ea970) returned 0x0 [0179.205] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Thread32Next", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6720) returned 0x0 [0179.205] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindFirstFileA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5800) returned 0x0 [0179.206] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindNextFileA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5860) returned 0x0 [0179.206] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="ConnectNamedPipe", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f30b0) returned 0x0 [0179.207] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetOverlappedResult", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ebb70) returned 0x0 [0179.207] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CancelIo", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f2f50) returned 0x0 [0179.207] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="DisconnectNamedPipe", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f3820) returned 0x0 [0179.208] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5890) returned 0x0 [0179.208] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CallNamedPipeA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee30fe50) returned 0x0 [0179.209] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="CreateNamedPipeA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee310070) returned 0x0 [0179.209] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ea940) returned 0x0 [0179.209] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="WaitNamedPipeA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee310670) returned 0x0 [0179.210] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e6070) returned 0x0 [0179.210] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="SleepEx", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f56d0) returned 0x0 [0179.211] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3fa5b0) returned 0x0 [0179.211] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee3ea7b0) returned 0x0 [0179.212] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="OpenEventA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f5630) returned 0x0 [0179.212] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="lstrcmpiW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2e65d0) returned 0x0 [0179.212] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="RaiseException", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eeba0) returned 0x0 [0179.213] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetSystemInfo", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2ef580) returned 0x0 [0179.213] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Process32NextW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2eb8f0) returned 0x0 [0179.214] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="Process32FirstW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0020) returned 0x0 [0179.214] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="QueueUserWorkItem", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f0f60) returned 0x0 [0179.214] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FileTimeToLocalFileTime", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f57b0) returned 0x0 [0179.215] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f57c0) returned 0x0 [0179.215] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="GetDriveTypeW", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee2f58f0) returned 0x0 [0179.216] LdrGetProcedureAddress (in: BaseAddress=0x7ff8ee2d0000, Name="VirtualProtectEx", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8ee313630) returned 0x0 [0179.216] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="AVIFIL32.dll", BaseAddress=0x307fa78 | out: BaseAddress=0x307fa78*=0x7ff8d5240000) returned 0x0 [0179.277] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIStreamRelease", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d52469a0) returned 0x0 [0179.277] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIStreamWrite", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d5247230) returned 0x0 [0179.278] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileOpenA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d52468b0) returned 0x0 [0179.278] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileCreateStreamA", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d5246c10) returned 0x0 [0179.279] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIStreamSetFormat", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d5247070) returned 0x0 [0179.279] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileExit", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d5246400) returned 0x0 [0179.280] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileInit", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d52463d0) returned 0x0 [0179.281] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIMakeCompressedStream", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d5247910) returned 0x0 [0179.281] LdrGetProcedureAddress (in: BaseAddress=0x7ff8d5240000, Name="AVIFileRelease", Ordinal=0x0, ProcedureAddress=0x307fa60 | out: ProcedureAddress=0x307fa60*=0x7ff8d52469a0) returned 0x0 [0179.281] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa68*=0x6260000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x4, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa68*=0x6260000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.281] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa00*=0x6261000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x20, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa00*=0x6261000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.282] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa00*=0x6299000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x2, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa00*=0x6299000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.283] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa00*=0x62c3000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x4, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa00*=0x62c3000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.283] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa00*=0x62c8000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x2, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa00*=0x62c8000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.283] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa00*=0x62ca000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x4, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa00*=0x62ca000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.283] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x307fa00*=0x62cc000, NumberOfBytesToProtect=0x307fa70, NewAccessProtection=0x2, OldAccessProtection=0x307fa60 | out: BaseAddress=0x307fa00*=0x62cc000, NumberOfBytesToProtect=0x307fa70, OldAccessProtection=0x307fa60*=0x40) returned 0x0 [0179.295] GetTickCount () returned 0x3f4d1 [0179.296] GetModuleHandleA (lpModuleName=0x0) returned 0x7ff79fdc0000 [0179.296] GetVersion () returned 0x2800000a [0179.296] GetCurrentProcessId () returned 0x508 [0179.296] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x20d0 [0179.296] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xe90c830, nSize=0x104 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0179.296] lstrcpynA (in: lpString1=0x307f9b0, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0179.297] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0179.300] GetProcAddress (hModule=0x7ff8ee2d0000, lpProcName="IsWow64Process") returned 0x7ff8ee2ee960 [0179.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x508) returned 0x20cc [0179.300] IsWow64Process (in: hProcess=0x20cc, Wow64Process=0x307f950 | out: Wow64Process=0x307f950) returned 1 [0179.300] CloseHandle (hObject=0x20cc) returned 1 [0179.300] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7ff8ee190000 [0179.301] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7ff8ee1ad610 [0179.301] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0179.303] NtOpenProcess (in: ProcessHandle=0x307f908, DesiredAccess=0x400, ObjectAttributes=0x307f8a0*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x307f890*(UniqueProcess=0x508, UniqueThread=0x0) | out: ProcessHandle=0x307f908*=0x2108) returned 0x0 [0179.303] NtOpenProcessToken (in: ProcessHandle=0x2108, DesiredAccess=0x8, TokenHandle=0x307f900 | out: TokenHandle=0x307f900*=0x2100) returned 0x0 [0179.303] NtQueryInformationToken (in: TokenHandle=0x2100, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x307f8f0 | out: TokenInformation=0x0, ReturnLength=0x307f8f0) returned 0xc0000023 [0179.303] NtQueryInformationToken (in: TokenHandle=0x2100, TokenInformationClass=0x1, TokenInformation=0xe90ca40, TokenInformationLength=0x2c, ReturnLength=0x307f8f0 | out: TokenInformation=0xe90ca40, ReturnLength=0x307f8f0) returned 0x0 [0179.303] NtClose (Handle=0x2100) returned 0x0 [0179.303] NtClose (Handle=0x2108) returned 0x0 [0179.303] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7ff8edfe0000 [0179.304] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrRChrA") returned 0x7ff8edff4dd0 [0179.304] StrRChrA (lpStart="C:\\Windows\\Explorer.EXE", lpEnd=0x0, wMatch=0x5c) returned="\\Explorer.EXE" [0179.304] _strupr (in: _String=0xe90c83b | out: _String="EXPLORER.EXE") returned="EXPLORER.EXE" [0179.304] lstrlenA (lpString="EXPLORER.EXE") returned 12 [0179.304] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2108 [0179.304] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x7ff8ebdc0000 [0179.305] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="wsprintfA") returned 0x7ff8ebde2610 [0179.305] wsprintfA (in: param_1=0xe90ca40, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0179.305] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0179.305] lstrcpyA (in: lpString1=0xe90ca70, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0179.305] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0179.305] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0179.305] lstrlenA (lpString="\\Vars") returned 5 [0179.305] lstrcpyA (in: lpString1=0xe90cad0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0179.305] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Vars" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars" [0179.305] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0179.305] lstrlenA (lpString="\\Files") returned 6 [0179.305] lstrcpyA (in: lpString1=0xe90cb30, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0179.305] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Files" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files" [0179.305] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0179.305] lstrlenA (lpString="\\Run") returned 4 [0179.305] lstrcpyA (in: lpString1=0xe90cb90, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0179.305] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Run" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run" [0179.305] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0179.305] lstrlenA (lpString="\\Config") returned 7 [0179.305] lstrcpyA (in: lpString1=0xe90cbf0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0179.305] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Config" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config" [0179.305] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0179.305] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90cc50, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90cc90, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90ccd0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90cd10, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{62D813F7-59FC-E439-F3B6-9D58D74A210C}" | out: lpString1="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{FB999B87-1EC7-E503-005F-32E93403862D}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90cd50, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{FB999B87-1EC7-E503-005F-32E93403862D}" | out: lpString1="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90cd90, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{A8435A97-E752-1A33-B15C-0BEE75506F02}" | out: lpString1="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90cdd0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.306] lstrcatA (in: lpString1="Local\\", lpString2="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" | out: lpString1="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" [0179.306] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{BEE2402B-052B-A020-7FD2-09D423264D48}") returned 38 [0179.306] lstrlenA (lpString="Local\\") returned 6 [0179.306] lstrcpyA (in: lpString1=0xe90ce10, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.307] lstrcatA (in: lpString1="Local\\", lpString2="{BEE2402B-052B-A020-7FD2-09D423264D48}" | out: lpString1="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}") returned="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned 38 [0179.307] lstrlenA (lpString="\\\\.\\pipe\\") returned 9 [0179.307] lstrcpyA (in: lpString1=0xe90ce50, lpString2="\\\\.\\pipe\\" | out: lpString1="\\\\.\\pipe\\") returned="\\\\.\\pipe\\" [0179.307] lstrcatA (in: lpString1="\\\\.\\pipe\\", lpString2="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" | out: lpString1="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned 38 [0179.307] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0179.307] lstrcpyA (in: lpString1=0xe90ce90, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0179.307] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{24A75F92-33C8-F66F-DD98-178A614C3B5E}" | out: lpString1="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned 38 [0179.307] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0179.307] lstrcpyA (in: lpString1=0xe90cee0, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0179.307] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{25E2F79F-402D-9FBF-7229-7443C66DE827}" | out: lpString1="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned 38 [0179.307] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0179.307] lstrcpyA (in: lpString1=0xe90cf30, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0179.307] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" | out: lpString1="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 38 [0179.307] lstrlenA (lpString="Local\\") returned 6 [0179.307] lstrcpyA (in: lpString1=0xe90cf80, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.307] lstrcatA (in: lpString1="Local\\", lpString2="{53667D0F-9637-FD89-3837-2A81EC5BFE45}" | out: lpString1="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 38 [0179.307] lstrlenA (lpString="Local\\") returned 6 [0179.307] lstrcpyA (in: lpString1=0xe90cfc0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.307] lstrcatA (in: lpString1="Local\\", lpString2="{E089BDC1-BF33-12AE-4914-63668D8847FA}" | out: lpString1="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}" [0179.307] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 38 [0179.307] lstrlenA (lpString="Local\\") returned 6 [0179.307] lstrcpyA (in: lpString1=0xe90d000, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.308] lstrcatA (in: lpString1="Local\\", lpString2="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" | out: lpString1="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0179.308] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned 38 [0179.308] lstrlenA (lpString="Local\\") returned 6 [0179.308] lstrcpyA (in: lpString1=0xe90d040, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0179.308] lstrcatA (in: lpString1="Local\\", lpString2="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" | out: lpString1="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" [0179.308] wsprintfA (in: param_1=0xe90ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{CEF02F91-D541-3029-CFE2-D96473361DD8}") returned 38 [0179.308] lstrcatA (in: lpString1="", lpString2="{CEF02F91-D541-3029-CFE2-D96473361DD8}" | out: lpString1="{CEF02F91-D541-3029-CFE2-D96473361DD8}") returned="{CEF02F91-D541-3029-CFE2-D96473361DD8}" [0179.308] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0x627c4bc) returned 0xad1fc50 [0179.308] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="{CEF02F91-D541-3029-CFE2-D96473361DD8}") returned 0x2100 [0179.308] GetLastError () returned 0x0 [0179.308] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegOpenKeyA") returned 0x7ff8ee1ab9e0 [0179.308] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x307f840 | out: phkResult=0x307f840*=0x20d8) returned 0x0 [0179.309] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegQueryValueExA") returned 0x7ff8ee1a7dd0 [0179.309] RegQueryValueExA (in: hKey=0x20d8, lpValueName="Ini", lpReserved=0x0, lpType=0x307f7c0, lpData=0x0, lpcbData=0x307f838*=0x62cd018 | out: lpType=0x307f7c0*=0x0, lpData=0x0, lpcbData=0x307f838*=0x0) returned 0x2 [0179.309] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegCloseKey") returned 0x7ff8ee1a72e0 [0179.309] RegCloseKey (hKey=0x20d8) returned 0x0 [0179.310] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrToIntExA") returned 0x7ff8edff4e70 [0179.310] StrToIntExA (in: pszString="40", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="1200", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="10", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="1000", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="12", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="60", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x307f838 | out: piRet=0x307f838) returned 1 [0179.310] lstrlenA (lpString="CBA16FFC891E31A5") returned 16 [0179.310] lstrlenA (lpString="makarcheck.com niperola.com") returned 27 [0179.311] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrChrA") returned 0x7ff8edff4cc0 [0179.311] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0179.311] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0179.311] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrTrimA") returned 0x7ff8edff4e80 [0179.311] StrTrimA (in: psz="makarcheck.com niperola.com", pszTrimChars=" \x09" | out: psz="makarcheck.com niperola.com") returned 0 [0179.311] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0179.311] StrTrimA (in: psz="niperola.com", pszTrimChars=" \x09" | out: psz="niperola.com") returned 0 [0179.311] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0179.312] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0179.312] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7ff8ee380000 [0179.313] GetModuleHandleA (lpModuleName="kernelbase") returned 0x7ff8eb870000 [0179.318] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="GetUserNameA") returned 0x7ff8ee1bec40 [0179.318] GetUserNameA (in: lpBuffer=0x0, pcbBuffer=0x307f8f8 | out: lpBuffer=0x0, pcbBuffer=0x307f8f8) returned 0 [0179.318] GetUserNameA (in: lpBuffer=0xe90d1e0, pcbBuffer=0x307f8f8 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0x307f8f8) returned 1 [0179.319] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7ff8ee380000 [0179.319] lstrlenA (lpString="A_SHAFinal") returned 10 [0179.319] lstrlenA (lpString="A_SHAInit") returned 9 [0179.319] lstrlenA (lpString="A_SHAUpdate") returned 11 [0179.319] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0179.319] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0179.319] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0179.319] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0179.319] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0179.319] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0179.319] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0179.319] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0179.319] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0179.319] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0179.319] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0179.319] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0179.319] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0179.319] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0179.319] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0179.320] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0179.320] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0179.320] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0179.320] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0179.320] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0179.320] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0179.320] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0179.320] lstrlenA (lpString="CsrClientCallServer") returned 19 [0179.320] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0179.320] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0179.320] lstrlenA (lpString="CsrGetProcessId") returned 15 [0179.320] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0179.320] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0179.320] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0179.320] lstrlenA (lpString="DbgBreakPoint") returned 13 [0179.320] lstrlenA (lpString="DbgPrint") returned 8 [0179.320] lstrlenA (lpString="DbgPrintEx") returned 10 [0179.320] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0179.320] lstrlenA (lpString="DbgPrompt") returned 9 [0179.320] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0179.320] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0179.320] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0179.320] lstrlenA (lpString="DbgUiContinue") returned 13 [0179.320] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0179.320] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0179.320] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0179.320] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0179.320] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0179.320] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0179.320] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0179.320] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0179.320] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0179.320] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0179.320] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0179.320] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0179.320] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0179.320] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0179.320] lstrlenA (lpString="EtwEventEnabled") returned 15 [0179.320] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0179.320] lstrlenA (lpString="EtwEventRegister") returned 16 [0179.320] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0179.320] lstrlenA (lpString="EtwEventUnregister") returned 18 [0179.321] lstrlenA (lpString="EtwEventWrite") returned 13 [0179.321] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0179.321] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0179.321] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0179.321] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0179.321] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0179.321] lstrlenA (lpString="EtwEventWriteString") returned 19 [0179.321] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0179.321] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0179.321] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0179.321] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0179.321] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0179.321] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0179.321] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0179.321] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0179.321] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0179.321] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0179.321] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0179.321] lstrlenA (lpString="EtwReplyNotification") returned 20 [0179.321] lstrlenA (lpString="EtwSendNotification") returned 19 [0179.321] lstrlenA (lpString="EtwSetMark") returned 10 [0179.321] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0179.321] lstrlenA (lpString="EtwTraceMessage") returned 15 [0179.321] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0179.321] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0179.321] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0179.321] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0179.321] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0179.321] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0179.321] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0179.321] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0179.321] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0179.321] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0179.321] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0179.321] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0179.321] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0179.321] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0179.321] lstrlenA (lpString="KiUserInvertedFunctionTable") returned 27 [0179.321] lstrlenA (lpString="LdrAccessResource") returned 17 [0179.321] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0179.321] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0179.321] lstrlenA (lpString="LdrAddRefDll") returned 12 [0179.321] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0179.322] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0179.322] lstrlenA (lpString="LdrEnumResources") returned 16 [0179.322] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0179.322] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0179.322] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0179.322] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0179.322] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0179.322] lstrlenA (lpString="LdrFindResource_U") returned 17 [0179.322] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0179.322] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0179.322] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0179.322] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0179.322] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0179.322] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0179.322] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0179.322] lstrlenA (lpString="LdrGetDllPath") returned 13 [0179.322] lstrlenA (lpString="LdrGetFailureData") returned 17 [0179.322] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0179.322] lstrlenA (lpString="LdrGetKnownDllSectionHandle") returned 27 [0179.322] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0179.322] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0179.322] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0179.322] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0179.322] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0179.322] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0179.322] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0179.322] lstrlenA (lpString="LdrLoadDll") returned 10 [0179.322] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0179.322] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0179.322] lstrlenA (lpString="LdrProcessInitializationComplete") returned 32 [0179.322] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0179.322] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0179.322] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0179.322] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0179.322] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0179.322] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0179.322] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0179.322] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0179.322] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0179.322] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0179.322] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0179.322] lstrlenA (lpString="LdrResFindResource") returned 18 [0179.322] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0179.323] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0179.323] lstrlenA (lpString="LdrResRelease") returned 13 [0179.323] lstrlenA (lpString="LdrResSearchResource") returned 20 [0179.323] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0179.323] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0179.323] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0179.323] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0179.323] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0179.323] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0179.323] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0179.323] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0179.323] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0179.323] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0179.323] lstrlenA (lpString="LdrShutdownThread") returned 17 [0179.323] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0179.323] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0179.323] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0179.323] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0179.323] lstrlenA (lpString="LdrUnloadDll") returned 12 [0179.323] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0179.323] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0179.323] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0179.323] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0179.323] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0179.323] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0179.323] lstrlenA (lpString="MD4Final") returned 8 [0179.323] lstrlenA (lpString="MD4Init") returned 7 [0179.323] lstrlenA (lpString="MD4Update") returned 9 [0179.323] lstrlenA (lpString="MD5Final") returned 8 [0179.323] lstrlenA (lpString="MD5Init") returned 7 [0179.323] lstrlenA (lpString="MD5Update") returned 9 [0179.323] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0179.323] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0179.323] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0179.323] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0179.323] lstrlenA (lpString="NtAccessCheck") returned 13 [0179.323] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0179.323] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0179.323] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0179.323] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0179.323] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0179.323] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0179.323] lstrlenA (lpString="NtAddAtom") returned 9 [0179.323] lstrlenA (lpString="NtAddAtomEx") returned 11 [0179.324] lstrlenA (lpString="NtAddBootEntry") returned 14 [0179.324] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0179.324] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0179.324] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0179.324] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0179.324] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0179.324] lstrlenA (lpString="NtAlertThread") returned 13 [0179.324] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0179.324] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0179.324] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0179.324] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0179.324] lstrlenA (lpString="NtAllocateUuids") returned 15 [0179.324] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0179.324] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0179.324] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0179.324] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0179.324] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0179.324] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0179.324] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0179.324] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0179.324] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0179.324] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0179.324] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0179.324] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0179.324] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0179.324] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0179.324] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0179.324] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0179.324] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0179.324] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0179.324] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0179.324] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0179.324] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0179.324] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0179.324] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0179.324] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0179.324] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0179.324] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0179.324] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0179.324] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0179.324] lstrlenA (lpString="NtCallbackReturn") returned 16 [0179.324] lstrlenA (lpString="NtCancelIoFile") returned 14 [0179.324] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0179.324] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0179.324] lstrlenA (lpString="NtCancelTimer") returned 13 [0179.325] lstrlenA (lpString="NtCancelTimer2") returned 14 [0179.325] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0179.325] lstrlenA (lpString="NtClearEvent") returned 12 [0179.325] lstrlenA (lpString="NtClose") returned 7 [0179.325] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0179.325] lstrlenA (lpString="NtCommitComplete") returned 16 [0179.325] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0179.325] lstrlenA (lpString="NtCommitTransaction") returned 19 [0179.325] lstrlenA (lpString="NtCompactKeys") returned 13 [0179.325] lstrlenA (lpString="NtCompareObjects") returned 16 [0179.325] lstrlenA (lpString="NtCompareTokens") returned 15 [0179.325] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0179.325] lstrlenA (lpString="NtCompressKey") returned 13 [0179.325] lstrlenA (lpString="NtConnectPort") returned 13 [0179.337] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7ff8ee190000 [0179.337] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0179.338] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0179.338] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessW") returned -1 [0179.339] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="Beep", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessW") returned -1 [0179.340] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessW") returned -1 [0179.341] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessW") returned -1 [0179.342] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessW") returned -1 [0179.343] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessW") returned -1 [0179.343] lstrcmpA (lpString1="CreateProcessInternalA", lpString2="CreateProcessW") returned -1 [0179.343] lstrcmpA (lpString1="CreateProcessInternalW", lpString2="CreateProcessW") returned -1 [0179.343] lstrcmpA (lpString1="CreateProcessW", lpString2="CreateProcessW") returned 0 [0179.343] VirtualProtect (in: lpAddress=0x7ff8ee35b780, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x2) returned 1 [0179.343] VirtualProtect (in: lpAddress=0x7ff8ee343a00, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x20) returned 1 [0179.344] VirtualProtect (in: lpAddress=0x7ff8ee343a00, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x40) returned 1 [0179.344] VirtualProtect (in: lpAddress=0x7ff8ee35b780, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x40) returned 1 [0179.344] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f6d0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f6d0, ReturnLength=0x0) returned 0x0 [0179.345] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0179.345] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessA") returned -1 [0179.345] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessA") returned -1 [0179.346] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="Beep", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessA") returned -1 [0179.347] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessA") returned -1 [0179.348] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessA") returned -1 [0179.349] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessA") returned -1 [0179.350] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessA") returned 0 [0179.350] VirtualProtect (in: lpAddress=0x7ff8ee35b76c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x2) returned 1 [0179.350] VirtualProtect (in: lpAddress=0x7ff8ee343a0e, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x20) returned 1 [0179.351] VirtualProtect (in: lpAddress=0x7ff8ee343a0e, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x40) returned 1 [0179.351] VirtualProtect (in: lpAddress=0x7ff8ee35b76c, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x40) returned 1 [0179.351] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f6d0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f6d0, ReturnLength=0x0) returned 0x0 [0179.352] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7ff8ee2d0000 [0179.352] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.352] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessAsUserW") returned -1 [0179.353] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="Beep", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0179.354] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessAsUserW") returned -1 [0179.355] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessAsUserW") returned -1 [0179.356] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserW") returned -1 [0179.357] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessAsUserW") returned 0 [0179.357] VirtualProtect (in: lpAddress=0x7ff8ee35b774, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x2) returned 1 [0179.357] VirtualProtect (in: lpAddress=0x7ff8ee343a1c, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x20) returned 1 [0179.359] VirtualProtect (in: lpAddress=0x7ff8ee343a1c, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x40) returned 1 [0179.359] VirtualProtect (in: lpAddress=0x7ff8ee35b774, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x40) returned 1 [0179.359] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f6d0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f6d0, ReturnLength=0x0) returned 0x0 [0179.359] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7ff8ee190000 [0179.359] lstrcmpA (lpString1="A_SHAFinal", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="A_SHAInit", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="A_SHAUpdate", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AbortSystemShutdownA", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AbortSystemShutdownW", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AccessCheck", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AccessCheckAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AccessCheckByType", lpString2="CreateProcessAsUserA") returned -1 [0179.359] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddConditionalAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddMandatoryAce", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddUsersToEncryptedFile", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AddUsersToEncryptedFileEx", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AuditComputeEffectivePolicyBySid", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AuditComputeEffectivePolicyByToken", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AuditEnumerateCategories", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AuditEnumeratePerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0179.360] lstrcmpA (lpString1="AuditEnumerateSubCategories", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditFree", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditLookupCategoryGuidFromCategoryId", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditLookupCategoryIdFromCategoryGuid", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditLookupCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditLookupCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditLookupSubCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditLookupSubCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditQueryGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditQueryGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditQueryPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditQuerySecurity", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditQuerySystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditSetGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditSetGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditSetPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditSetSecurity", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="AuditSetSystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BackupEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BackupEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegCloseKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegCreateKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegDeleteKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegDeleteValue", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegFlushKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegGetVersion", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegOpenKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegRestoreKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegSaveKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegSetKeySecurity", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegSetValue", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BaseRegUnLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BuildExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BuildExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0179.361] lstrcmpA (lpString1="BuildImpersonateTrusteeA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildImpersonateTrusteeW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithSidA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="BuildTrusteeWithSidW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CancelOverlappedAccess", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ChangeServiceConfig2A", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ChangeServiceConfig2W", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ChangeServiceConfigA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ChangeServiceConfigW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CheckForHiberboot", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CheckTokenMembership", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ClearEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ClearEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CloseCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CloseEncryptedFileRaw", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CloseEventLog", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CloseServiceHandle", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CloseThreadWaitChainSession", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CloseTrace", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="CommandLineFromMsiDescriptor", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ComputeAccessTokenFromCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ControlService", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ControlServiceExA", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ControlServiceExW", lpString2="CreateProcessAsUserA") returned -1 [0179.362] lstrcmpA (lpString1="ControlTraceA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ControlTraceW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSDToStringSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSidToStringSidA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertSidToStringSidW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSDToSDDomainA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSDToSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSidToSidA", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertStringSidToSidW", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="CopySid", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="CreateCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="CreateProcessAsUserA") returned -1 [0179.363] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserA") returned 0 [0179.363] VirtualProtect (in: lpAddress=0x7ff8ee21ba88, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x2) returned 1 [0179.364] VirtualProtect (in: lpAddress=0x7ff8ee1f3800, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x20) returned 1 [0179.365] VirtualProtect (in: lpAddress=0x7ff8ee1f3800, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x307f730 | out: lpflOldProtect=0x307f730*=0x40) returned 1 [0179.365] VirtualProtect (in: lpAddress=0x7ff8ee21ba88, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x307f738 | out: lpflOldProtect=0x307f738*=0x40) returned 1 [0179.365] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f6d0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f6d0, ReturnLength=0x0) returned 0x0 [0179.365] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x7ff8ee240000 [0179.367] GetProcAddress (hModule=0x7ff8ee240000, lpProcName="EnumProcessModules") returned 0x7ff8ee241040 [0179.367] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xe90e480, cb=0x1000, lpcbNeeded=0x307f7d8 | out: lphModule=0xe90e480, lpcbNeeded=0x307f7d8) returned 1 [0179.371] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff79fdc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff79fdc0000, AllocationBase=0x7ff79fdc0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.371] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.372] lstrcmpiA (lpString1="wcschr", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="_get_errno", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="_set_errno", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="memcpy_s", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="free", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="strchr", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="wcstombs", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="_wtoi", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="_itow_s", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="_wcsicmp", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="bsearch", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="wcsncpy_s", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="memset", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="ceil", lpString2="CreateProcessW") returned -1 [0179.372] lstrcmpiA (lpString1="floor", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="floorf", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="memcmp", lpString2="CreateProcessW") returned 1 [0179.372] lstrcmpiA (lpString1="sqrt", lpString2="CreateProcessW") returned 1 [0179.373] lstrcmpiA (lpString1="wcscspn", lpString2="CreateProcessW") returned 1 [0179.373] lstrcmpiA (lpString1="_wcstoui64", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_errno", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_onexit", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="__dllonexit", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_unlock", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_lock", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_commode", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_fmode", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_wcmdln", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="__C_specific_handler", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="__setusermatherr", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_cexit", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_exit", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="exit", lpString2="CreateProcessW") returned 1 [0179.373] lstrcmpiA (lpString1="__set_app_type", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_snwprintf_s", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_vsnwprintf_s", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="wcsspn", lpString2="CreateProcessW") returned 1 [0179.373] lstrcmpiA (lpString1="_amsg_exit", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="_XcptFilter", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.373] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="CreateProcessW") returned -1 [0179.374] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="CreateProcessW") returned -1 [0179.374] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="CreateProcessW") returned -1 [0179.374] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="CreateProcessW") returned -1 [0179.374] lstrcmpiA (lpString1="_CxxThrowException", lpString2="CreateProcessW") returned -1 [0179.374] lstrcmpiA (lpString1="realloc", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="wcsstr", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="memmove", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="malloc", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="_vsnwprintf", lpString2="CreateProcessW") returned -1 [0179.374] lstrcmpiA (lpString1="wcsrchr", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="wcscmp", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="FindResourceExW", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="LoadResource", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="LockResource", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="SizeofResource", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="GetModuleHandleA", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="LoadStringW", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="GetModuleFileNameW", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="LoadLibraryExA", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="EventEnabled", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="EventUnregister", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="EventSetInformation", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="CreateProcessW") returned 1 [0179.374] lstrcmpiA (lpString1="EventRegister", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="EventWrite", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="OpenThreadToken", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="SetPriorityClass", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="SetProcessShutdownParameters", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetPriorityClass", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="TerminateThread", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="FlushInstructionCache", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetStartupInfoW", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="SetThreadPriority", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="OpenProcess", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="SetThreadPriorityBoost", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetCurrentThread", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="QueueUserAPC", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="TlsAlloc", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetThreadPriority", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="TlsSetValue", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="ResumeThread", lpString2="CreateProcessW") returned 1 [0179.375] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessW") returned 1 [0179.389] lstrcmpiA (lpString1="TlsFree", lpString2="CreateProcessW") returned 1 [0179.389] lstrcmpiA (lpString1="CreateProcessW", lpString2="CreateProcessW") returned 0 [0179.389] VirtualProtect (in: lpAddress=0x7ff79ff888a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.389] VirtualProtect (in: lpAddress=0x7ff79ff888a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.389] lstrcmpiA (lpString1="wcschr", lpString2="CreateProcessA") returned 1 [0179.389] lstrcmpiA (lpString1="_get_errno", lpString2="CreateProcessA") returned -1 [0179.389] lstrcmpiA (lpString1="_set_errno", lpString2="CreateProcessA") returned -1 [0179.389] lstrcmpiA (lpString1="memcpy_s", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="free", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="strchr", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="wcstombs", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="_wtoi", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_itow_s", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_wcsicmp", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="bsearch", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="wcsncpy_s", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="memset", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="ceil", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="floor", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="floorf", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="memcmp", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="sqrt", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="wcscspn", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="_wcstoui64", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_errno", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_onexit", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="__dllonexit", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_unlock", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_lock", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_commode", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_fmode", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_wcmdln", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="__C_specific_handler", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="__setusermatherr", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_cexit", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_exit", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="exit", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="__set_app_type", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_snwprintf_s", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_vsnwprintf_s", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="wcsspn", lpString2="CreateProcessA") returned 1 [0179.390] lstrcmpiA (lpString1="_amsg_exit", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="_XcptFilter", lpString2="CreateProcessA") returned -1 [0179.390] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="_CxxThrowException", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="realloc", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="wcsstr", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="memmove", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="malloc", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="_vsnwprintf", lpString2="CreateProcessA") returned -1 [0179.391] lstrcmpiA (lpString1="wcsrchr", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="wcscmp", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="FindResourceExW", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="LoadResource", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="LockResource", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="SizeofResource", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="GetModuleHandleA", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="LoadStringW", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="GetModuleFileNameW", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="LoadLibraryExA", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="CreateProcessA") returned 1 [0179.391] lstrcmpiA (lpString1="EventEnabled", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="EventUnregister", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="EventSetInformation", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="EventRegister", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="EventWrite", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="OpenThreadToken", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="SetPriorityClass", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="SetProcessShutdownParameters", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetPriorityClass", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="TerminateThread", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="FlushInstructionCache", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetStartupInfoW", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="SetThreadPriority", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="OpenProcess", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="SetThreadPriorityBoost", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetCurrentThread", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="QueueUserAPC", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="TlsAlloc", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetThreadPriority", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="TlsSetValue", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="ResumeThread", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="TlsFree", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="CreateProcessW", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetExitCodeProcess", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="OpenThread", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="CreateThread", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="GetProcessId", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="TlsGetValue", lpString2="CreateProcessA") returned 1 [0179.392] lstrcmpiA (lpString1="OutputDebugStringW", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="OutputDebugStringA", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="GetUserPreferredUILanguages", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="GetThreadUILanguage", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="GetUserGeoID", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="GetUserDefaultLangID", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="FormatMessageW", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="IsValidLocaleName", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="GetLocaleInfoW", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="PropVariantClear", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoUninitialize", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="RoGetAgileReference", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoSetProxyBlanket", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="IIDFromString", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoCreateInstance", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoCreateGuid", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoGetStdMarshalEx", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CreateStreamOnHGlobal", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoFreeUnusedLibraries", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoInitializeEx", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoGetApartmentType", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="StringFromIID", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoCreateFreeThreadedMarshaler", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoDisableCallCancellation", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoTaskMemAlloc", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoRevokeClassObject", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoTaskMemRealloc", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoRegisterClassObject", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoWaitForMultipleHandles", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoGetMalloc", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoTaskMemFree", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoMarshalInterThreadInterfaceInStream", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="StringFromGUID2", lpString2="CreateProcessA") returned 1 [0179.393] lstrcmpiA (lpString1="CoReleaseMarshalData", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoCancelCall", lpString2="CreateProcessA") returned -1 [0179.393] lstrcmpiA (lpString1="CoGetInterfaceAndReleaseStream", lpString2="CreateProcessA") returned -1 [0179.394] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee380000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee380000, AllocationBase=0x7ff8ee380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.394] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.394] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee2d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee2d0000, AllocationBase=0x7ff8ee2d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.394] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.394] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb870000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eb870000, AllocationBase=0x7ff8eb870000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.395] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.395] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9500000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9500000, AllocationBase=0x7ff8e9500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.395] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.395] VirtualProtect (in: lpAddress=0x7ff8e953e1e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.395] VirtualProtect (in: lpAddress=0x7ff8e953e1e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.396] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee0b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee0b0000, AllocationBase=0x7ff8ee0b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.396] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.396] VirtualProtect (in: lpAddress=0x7ff8ee125428, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.396] VirtualProtect (in: lpAddress=0x7ff8ee125428, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.396] VirtualProtect (in: lpAddress=0x7ff8ee125420, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.397] VirtualProtect (in: lpAddress=0x7ff8ee125420, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.397] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebb30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ebb30000, AllocationBase=0x7ff8ebb30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.397] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.398] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edd60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edd60000, AllocationBase=0x7ff8edd60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.398] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.398] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec450000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec450000, AllocationBase=0x7ff8ec450000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.398] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.398] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eadd0000, AllocationBase=0x7ff8eadd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.398] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.399] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebdc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ebdc0000, AllocationBase=0x7ff8ebdc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.399] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.399] VirtualProtect (in: lpAddress=0x7ff8ebe49728, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.399] VirtualProtect (in: lpAddress=0x7ff8ebe49728, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.400] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edbc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edbc0000, AllocationBase=0x7ff8edbc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.400] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.400] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb7b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eb7b0000, AllocationBase=0x7ff8eb7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.400] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.400] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edfe0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edfe0000, AllocationBase=0x7ff8edfe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.400] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.401] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec580000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec580000, AllocationBase=0x7ff8ec580000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.401] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.401] VirtualProtect (in: lpAddress=0x7ff8ecb663b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.401] VirtualProtect (in: lpAddress=0x7ff8ecb663b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.402] VirtualProtect (in: lpAddress=0x7ff8ecb663e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.402] VirtualProtect (in: lpAddress=0x7ff8ecb663e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.403] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb180000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eb180000, AllocationBase=0x7ff8eb180000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.403] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.403] VirtualProtect (in: lpAddress=0x7ff8eb622758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.403] VirtualProtect (in: lpAddress=0x7ff8eb622758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.404] VirtualProtect (in: lpAddress=0x7ff8eb6226b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.404] VirtualProtect (in: lpAddress=0x7ff8eb6226b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.404] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec240000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec240000, AllocationBase=0x7ff8ec240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.405] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.405] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae20000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eae20000, AllocationBase=0x7ff8eae20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.405] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.405] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eae30000, AllocationBase=0x7ff8eae30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.405] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.405] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eafb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eafb0000, AllocationBase=0x7ff8eafb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.405] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.406] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eadb0000, AllocationBase=0x7ff8eadb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.406] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.406] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e79b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e79b0000, AllocationBase=0x7ff8e79b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.406] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.407] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9680000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9680000, AllocationBase=0x7ff8e9680000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.407] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.407] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8fb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8fb0000, AllocationBase=0x7ff8e8fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.407] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.407] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df0c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df0c0000, AllocationBase=0x7ff8df0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.407] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.408] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8d00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8d00000, AllocationBase=0x7ff8e8d00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.408] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.408] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9130000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9130000, AllocationBase=0x7ff8e9130000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.408] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.409] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea9d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea9d0000, AllocationBase=0x7ff8ea9d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.409] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.409] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea360000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea360000, AllocationBase=0x7ff8ea360000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.409] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.409] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8b90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8b90000, AllocationBase=0x7ff8e8b90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.409] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.410] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8c60000, AllocationBase=0x7ff8e8c60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.410] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.410] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8b60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8b60000, AllocationBase=0x7ff8e8b60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.410] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.410] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee150000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee150000, AllocationBase=0x7ff8ee150000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.410] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.411] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec0c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec0c0000, AllocationBase=0x7ff8ec0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.411] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.411] VirtualProtect (in: lpAddress=0x7ff8ec1a1820, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.411] VirtualProtect (in: lpAddress=0x7ff8ec1a1820, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.412] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eac00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eac00000, AllocationBase=0x7ff8eac00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.412] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.412] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec300000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec300000, AllocationBase=0x7ff8ec300000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.412] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.412] VirtualProtect (in: lpAddress=0x7ff8ec3c3020, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.412] VirtualProtect (in: lpAddress=0x7ff8ec3c3020, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.413] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edb10000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edb10000, AllocationBase=0x7ff8edb10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.413] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.413] VirtualProtect (in: lpAddress=0x7ff8edb7a2a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.413] VirtualProtect (in: lpAddress=0x7ff8edb7a2a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.415] VirtualProtect (in: lpAddress=0x7ff8edb7a2b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.415] VirtualProtect (in: lpAddress=0x7ff8edb7a2b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.415] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea820000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea820000, AllocationBase=0x7ff8ea820000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.415] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.416] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea620000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea620000, AllocationBase=0x7ff8ea620000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.416] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.416] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eabd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eabd0000, AllocationBase=0x7ff8eabd0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.416] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.416] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea270000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea270000, AllocationBase=0x7ff8ea270000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.416] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.417] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea790000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea790000, AllocationBase=0x7ff8ea790000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.417] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.417] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df640000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df640000, AllocationBase=0x7ff8df640000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.417] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.417] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3040000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3040000, AllocationBase=0x7ff8e3040000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.418] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.418] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7400000, AllocationBase=0x7ff8e7400000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.418] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.419] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dee60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dee60000, AllocationBase=0x7ff8dee60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.419] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.419] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6140000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6140000, AllocationBase=0x7ff8e6140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.419] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.419] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e60a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e60a0000, AllocationBase=0x7ff8e60a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.420] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.420] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6330000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6330000, AllocationBase=0x7ff8e6330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.420] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.420] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ded70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ded70000, AllocationBase=0x7ff8ded70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.420] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.421] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deca0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8deca0000, AllocationBase=0x7ff8deca0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.421] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.421] VirtualProtect (in: lpAddress=0x7ff8ded202a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.429] VirtualProtect (in: lpAddress=0x7ff8ded202a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.429] lstrcmpiA (lpString1="memset", lpString2="CreateProcessAsUserA") returned 1 [0179.429] lstrcmpiA (lpString1="__C_specific_handler", lpString2="CreateProcessAsUserA") returned -1 [0179.429] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessAsUserA") returned -1 [0179.429] lstrcmpiA (lpString1="_amsg_exit", lpString2="CreateProcessAsUserA") returned -1 [0179.429] lstrcmpiA (lpString1="memcmp", lpString2="CreateProcessAsUserA") returned 1 [0179.429] lstrcmpiA (lpString1="_callnewh", lpString2="CreateProcessAsUserA") returned -1 [0179.429] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="CreateProcessAsUserA") returned -1 [0179.429] lstrcmpiA (lpString1="_lock", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="_unlock", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="malloc", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="__dllonexit", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="_onexit", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="wcscspn", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="??3@YAXPEAX@Z", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="realloc", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="??_V@YAXPEAX@Z", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="_CxxThrowException", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="_purecall", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="free", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="memmove", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="_XcptFilter", lpString2="CreateProcessAsUserA") returned -1 [0179.430] lstrcmpiA (lpString1="wcscmp", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="DecodePointer", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="EncodePointer", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsIsStringEmpty", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsDuplicateString", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsCompareStringOrdinal", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsCreateString", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsCreateStringReference", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsSubstringWithSpecifiedLength", lpString2="CreateProcessAsUserA") returned 1 [0179.430] lstrcmpiA (lpString1="WindowsDeleteString", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="WindowsGetStringLen", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="WindowsStringHasEmbeddedNull", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="WindowsConcatString", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="WindowsGetStringRawBuffer", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserA") returned -1 [0179.431] lstrcmpiA (lpString1="InitOnceExecuteOnce", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="OpenSemaphoreW", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="ReleaseSemaphore", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="CreateEventW", lpString2="CreateProcessAsUserA") returned -1 [0179.431] lstrcmpiA (lpString1="WaitForMultipleObjectsEx", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserA") returned -1 [0179.431] lstrcmpiA (lpString1="DeleteCriticalSection", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="Sleep", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="CreateEventExW", lpString2="CreateProcessAsUserA") returned -1 [0179.431] lstrcmpiA (lpString1="SetEvent", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="InitializeCriticalSectionEx", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="WaitForSingleObject", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessAsUserA") returned 1 [0179.431] lstrcmpiA (lpString1="RoOriginateErrorW", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="GetRestrictedErrorInfo", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="RoOriginateError", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="SetRestrictedErrorInfo", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="RoTransformError", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="RoReportFailedDelegate", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="IsErrorPropagationEnabled", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="RoGetMatchingRestrictedErrorInfo", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="EventUnregister", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="EventRegister", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="EventSetInformation", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="UpdateProcThreadAttribute", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="GetProcessId", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="SetThreadToken", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="GetCurrentThread", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="OpenProcess", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="TlsFree", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="TlsAlloc", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="TlsSetValue", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="CreateThread", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="TlsGetValue", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="InitializeProcThreadAttributeList", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="DeleteProcThreadAttributeList", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="OpenThreadToken", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessAsUserA") returned 1 [0179.432] lstrcmpiA (lpString1="ProcessIdToSessionId", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="GetSystemDirectoryW", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="SetLastError", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RaiseException", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RoActivateInstance", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RoGetActivationFactory", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RoUninitialize", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RoInitialize", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RegDeleteValueW", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RegSetValueExW", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessAsUserA") returned 1 [0179.433] lstrcmpiA (lpString1="CloseHandle", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptGenRandom", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptOpenAlgorithmProvider", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptGetProperty", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptHashData", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptFinishHash", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptCloseAlgorithmProvider", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptCreateHash", lpString2="CreateProcessAsUserA") returned -1 [0179.433] lstrcmpiA (lpString1="BCryptDestroyHash", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="GetLengthSid", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="GetTokenInformation", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="CopySid", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="GetSidSubAuthorityCount", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="DuplicateTokenEx", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="GetSidSubAuthority", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="AllocateAndInitializeSid", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="FreeSid", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="SetTokenInformation", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="GetSidLengthRequired", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="RevertToSelf", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="ImpersonateLoggedOnUser", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="InitializeSid", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="CreateWellKnownSid", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="LocalAlloc", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="LocalFree", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="ConvertSidToStringSidW", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="ConvertStringSidToSidW", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="CreateThreadpoolTimer", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="SetThreadpoolTimer", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="CreateThreadpool", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="TrySubmitThreadpoolCallback", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="SubmitThreadpoolWork", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="CallbackMayRunLong", lpString2="CreateProcessAsUserA") returned -1 [0179.434] lstrcmpiA (lpString1="CreateThreadpoolWork", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="FreeLibraryWhenCallbackReturns", lpString2="CreateProcessAsUserA") returned 1 [0179.434] lstrcmpiA (lpString1="WaitForThreadpoolTimerCallbacks", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="CloseThreadpool", lpString2="CreateProcessAsUserA") returned -1 [0179.435] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserA") returned -1 [0179.435] lstrcmpiA (lpString1="CreateSemaphoreW", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="OutputDebugStringW", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="FormatMessageW", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="_vsnwprintf", lpString2="CreateProcessAsUserA") returned -1 [0179.435] lstrcmpiA (lpString1="memcpy_s", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="memmove_s", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="_wcsicmp", lpString2="CreateProcessAsUserA") returned -1 [0179.435] lstrcmpiA (lpString1="NtQueryInformationProcess", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="NtQueryInformationToken", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlCompareUnicodeString", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlNtStatusToDosErrorNoTeb", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlInitUnicodeString", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlRunOnceExecuteOnce", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlEqualSid", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlPublishWnfStateData", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlDosPathNameToRelativeNtPathName_U", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="NtCreateFile", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="NtClose", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlReleaseRelativeName", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlSetEnvironmentVar", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlLoadString", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="_itow_s", lpString2="CreateProcessAsUserA") returned -1 [0179.435] lstrcmpiA (lpString1="wcscat_s", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="wcscpy_s", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlAllocateHeap", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlFreeHeap", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlNtStatusToDosError", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlGetDeviceFamilyInfoEnum", lpString2="CreateProcessAsUserA") returned 1 [0179.435] lstrcmpiA (lpString1="RtlUnsubscribeWnfStateChangeNotification", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="RtlSubscribeWnfStateChangeNotification", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="NtQueryWnfStateData", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="RtlFreeSid", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="wcschr", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="GetPackageApplicationIds", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="ParseApplicationUserModelId", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="SHCreateThreadRef", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="SHSetThreadRef", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="SHGetThreadRef", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="ApiSetQueryApiSetPresence", lpString2="CreateProcessAsUserA") returned -1 [0179.436] lstrcmpiA (lpString1="TranslateMessage", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="PeekMessageW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="PostThreadMessageW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="DispatchMessageW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="QueryFullProcessImageNameW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="I_RpcExceptionFilter", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="RpcBindingFree", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="NdrClientCall3", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="RpcBindingCreateW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="RpcBindingBind", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="ResolveDelayLoadedAPI", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="DelayLoadFailureHook", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="ExpandEnvironmentStringsForUserW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="CreateAppContainerProfile", lpString2="CreateProcessAsUserA") returned -1 [0179.436] lstrcmpiA (lpString1="CreateEnvironmentBlock", lpString2="CreateProcessAsUserA") returned -1 [0179.436] lstrcmpiA (lpString1="DestroyEnvironmentBlock", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="GetAppContainerFolderPath", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="CharLowerW", lpString2="CreateProcessAsUserA") returned -1 [0179.436] lstrcmpiA (lpString1="FindFirstFileW", lpString2="CreateProcessAsUserA") returned 1 [0179.436] lstrcmpiA (lpString1="FindNextFileW", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="GetFileSizeEx", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CreateDirectoryW", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="DeleteFileW", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CompareFileTime", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="SetEndOfFile", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="FindClose", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CreateFileW", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="WriteFile", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="SetFilePointer", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="ReadFile", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CryptUnprotectData", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CryptBinaryToStringW", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CryptProtectData", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CryptStringToBinaryW", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="RoCreatePropertySetSerializer", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="PathFileExistsW", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CoTaskMemAlloc", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CoTaskMemFree", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CoTaskMemRealloc", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CoGetApartmentType", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CoWaitForMultipleHandles", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CoDecrementMTAUsage", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CoReleaseMarshalData", lpString2="CreateProcessAsUserA") returned -1 [0179.437] lstrcmpiA (lpString1="CreateStreamOnHGlobal", lpString2="CreateProcessAsUserA") returned 1 [0179.437] lstrcmpiA (lpString1="CoMarshalInterface", lpString2="CreateProcessAsUserA") returned -1 [0179.437] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7430000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7430000, AllocationBase=0x7ff8e7430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.437] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.440] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8ad0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8ad0000, AllocationBase=0x7ff8e8ad0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.440] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.440] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8af0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8af0000, AllocationBase=0x7ff8e8af0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.440] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.440] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e57b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e57b0000, AllocationBase=0x7ff8e57b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.440] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.441] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dec30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dec30000, AllocationBase=0x7ff8dec30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.441] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.441] VirtualProtect (in: lpAddress=0x7ff8dec40338, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.442] VirtualProtect (in: lpAddress=0x7ff8dec40338, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.447] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9e00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9e00000, AllocationBase=0x7ff8e9e00000, AllocationProtect=0x80, __alignment1=0x7ff8, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.447] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.448] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7b40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7b40000, AllocationBase=0x7ff8e7b40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.448] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.448] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9720000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9720000, AllocationBase=0x7ff8e9720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.448] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.448] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eaf60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eaf60000, AllocationBase=0x7ff8eaf60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.448] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.448] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8debc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8debc0000, AllocationBase=0x7ff8debc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.449] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.449] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deb70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8deb70000, AllocationBase=0x7ff8deb70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.449] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.449] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6640000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6640000, AllocationBase=0x7ff8e6640000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.449] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.449] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9860000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9860000, AllocationBase=0x7ff8e9860000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.449] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.450] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8de6e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8de6e0000, AllocationBase=0x7ff8de6e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.450] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.450] lstrcmpiA (lpString1="WNetDisconnectDialog", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="WNetGetLastErrorW", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="WNetOpenEnumW", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="WNetEnumResourceW", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="WNetCloseEnum", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="WNetGetUniversalNameW", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="ApphelpCheckShellObject", lpString2="CreateProcessW") returned -1 [0179.450] lstrcmpiA (lpString1="CreateUri", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="CoInternetIsFeatureEnabled", lpString2="CreateProcessW") returned -1 [0179.450] lstrcmpiA (lpString1="DwmExtendFrameIntoClientArea", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="OleSaveToStream", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="ReleaseStgMedium", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="ReadClassStm", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="RevokeDragDrop", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="OleSetClipboard", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="RegisterDragDrop", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="CreateBindCtx", lpString2="CreateProcessW") returned -1 [0179.450] lstrcmpiA (lpString1="CoAllowSetForegroundWindow", lpString2="CreateProcessW") returned -1 [0179.450] lstrcmpiA (lpString1="CoRegisterInitializeSpy", lpString2="CreateProcessW") returned -1 [0179.450] lstrcmpiA (lpString1="OleUninitialize", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="OleRegGetUserType", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="OleGetClipboard", lpString2="CreateProcessW") returned 1 [0179.450] lstrcmpiA (lpString1="OleFlushClipboard", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="CoRevokeInitializeSpy", lpString2="CreateProcessW") returned -1 [0179.451] lstrcmpiA (lpString1="OleInitialize", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="LresultFromObject", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="CreateStdAccessibleObject", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="AccessibleObjectFromWindow", lpString2="CreateProcessW") returned -1 [0179.451] lstrcmpiA (lpString1="UiaRaiseAutomationPropertyChangedEvent", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="UiaRaiseAutomationEvent", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="WerReportSubmit", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="WerReportSetParameter", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="WerReportCreate", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="WerReportAddDump", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="WerReportCloseHandle", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="InternetCrackUrlW", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="InternetCreateUrlW", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="timeGetTime", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="PlaySoundW", lpString2="CreateProcessW") returned 1 [0179.451] lstrcmpiA (lpString1="?SheetProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?Release@HWNDElementProvider@DirectUI@@UEAAKXZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?DoMethod@HWNDElementProxy@DirectUI@@UEAAJHPEAD@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?TossPatternProvider@ElementProvider@DirectUI@@QEAAXW4Pattern@Schema@2@@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?Release@RefcountBase@DirectUI@@QEAAJXZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?AddRef@RefcountBase@DirectUI@@QEAAJXZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?DoInvokeArgs@ElementProvider@DirectUI@@QEAAJHP6APEAVProviderProxy@2@PEAVElement@2@@ZPEAD@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?AddRef@ElementProvider@DirectUI@@UEAAKXZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?Release@ElementProvider@DirectUI@@UEAAKXZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?Find@ElementProviderManager@DirectUI@@SAPEAVElementProvider@2@PEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?QueueDefaultAction@Element@DirectUI@@QEAAJXZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="??1ElementProvider@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.461] lstrcmpiA (lpString1="?EventFromEventId@Schema@DirectUI@@SA?AW4Event@12@H@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?WantEvent@EventManager@DirectUI@@SA_NW4Event@Schema@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetLocation@Element@DirectUI@@QEAAPEBUtagPOINT@@PEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?LastDSConstProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?NeedsDSUpdate@Element@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?HeightProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?WidthProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?SetX@Element@DirectUI@@QEAAJH@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?ShowAccel@HWNDElement@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetShortcut@Element@DirectUI@@QEAAHXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetOverhang@Element@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?SetContentAlign@Element@DirectUI@@QEAAJH@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?HasPadding@Element@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?HasBorder@Element@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="ElementFromGadget", lpString2="CreateProcessW") returned 1 [0179.464] lstrcmpiA (lpString1="?GetAdjacent@FillLayout@DirectUI@@UEAAPEAVElement@2@PEAV32@0HPEBUNavReference@2@K@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?UpdateDesiredSize@FillLayout@DirectUI@@UEAA?AUtagSIZE@@PEAVElement@2@HHPEAVSurface@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="??1FillLayout@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="??0FillLayout@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?Initialize@FillLayout@DirectUI@@QEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?TrackScore@NavScoring@DirectUI@@QEAAHPEAVElement@2@0@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?Init@NavScoring@DirectUI@@QEAAXPEAVElement@2@HPEBUNavReference@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetLayoutIndexFromChild@Layout@DirectUI@@QEAAHPEAVElement@2@0@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetMargin@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?WantPropertyEvent@EventManager@DirectUI@@SA_NH@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?FWantAnyEvent@EventManager@DirectUI@@SA_NPEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetFill@Value@DirectUI@@QEAAPEBUFill@2@XZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetContentAlign@Element@DirectUI@@QEAAHXZ", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="ARGBColorFromEnumI", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?SetXMLFromResourceWithTheme@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@00@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetSheet@DUIXmlParser@DirectUI@@QEAAJPEBGPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?GetAdjacent@BorderLayout@DirectUI@@UEAAPEAVElement@2@PEAV32@0HPEBUNavReference@2@K@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?OnLayoutPosChanged@BorderLayout@DirectUI@@UEAAXPEAVElement@2@0HH@Z", lpString2="CreateProcessW") returned -1 [0179.464] lstrcmpiA (lpString1="?OnRemove@BorderLayout@DirectUI@@UEAAXPEAVElement@2@PEAPEAV32@I@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?OnAdd@BorderLayout@DirectUI@@UEAAXPEAVElement@2@PEAPEAV32@I@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?UpdateDesiredSize@BorderLayout@DirectUI@@UEAA?AUtagSIZE@@PEAVElement@2@HHPEAVSurface@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="??1Layout@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="??0Layout@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="??1BorderLayout@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="??0BorderLayout@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?_ClearNeedsLayout@Element@DirectUI@@QEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Initialize@Layout@DirectUI@@QEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?DoLayout@BorderLayout@DirectUI@@UEAAXPEAVElement@2@HH@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?CreateLayout@Value@DirectUI@@SAPEAV12@PEAVLayout@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetPoint@Value@DirectUI@@QEAAPEBUtagPOINT@@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?PosInLayoutProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetChildFromLayoutIndex@Layout@DirectUI@@QEAAPEAVElement@2@PEAV32@HPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetLayoutChildCount@Layout@DirectUI@@QEAAIPEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetMinSize@Element@DirectUI@@QEAAPEBUtagSIZE@@PEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetLayout@Value@DirectUI@@QEAAPEAVLayout@2@XZ", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@TableLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@VerticalFlowLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@ShellBorderLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@RowLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@NineGridLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@GridLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@FlowLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@FillLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Create@BorderLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetAdjacent@Layout@DirectUI@@UEAAPEAVElement@2@PEAV32@0HPEBUNavReference@2@K@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Detach@Layout@DirectUI@@UEAAXPEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?Attach@Layout@DirectUI@@UEAAXPEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?OnLayoutPosChanged@Layout@DirectUI@@UEAAXPEAVElement@2@0HH@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?OnRemove@Layout@DirectUI@@UEAAXPEAVElement@2@PEAPEAV32@I@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?OnAdd@Layout@DirectUI@@UEAAXPEAVElement@2@PEAPEAV32@I@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?SetAlpha@Element@DirectUI@@QEAAJH@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z", lpString2="CreateProcessW") returned -1 [0179.465] lstrcmpiA (lpString1="?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?IsContentProtected@Edit@DirectUI@@UEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="??1Edit@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="??0Edit@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Register@Edit@DirectUI@@SAJXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetFontSize@Element@DirectUI@@QEAAJH@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetThemedBorder@Edit@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetAbsorbsShortcut@Element@DirectUI@@QEAAJ_N@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetHeight@Element@DirectUI@@QEAAHXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="??1Thumb@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="??0Thumb@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetClassInfoPtr@Thumb@DirectUI@@SAPEAUIClassInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Register@Thumb@DirectUI@@SAJXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="??1RefcountBase@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="??0RefcountBase@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetSizeZero@Value@DirectUI@@SAPEAV12@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetTooltip@Element@DirectUI@@QEAAJ_N@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?HasChildren@Element@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Initialize@Thumb@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?PaintFocusRect@Element@DirectUI@@QEAAXPEAUHDC__@@PEBUtagRECT@@1@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?AccValueProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?OnInput@Thumb@DirectUI@@UEAAXPEAUInputEvent@2@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?CapturedProp@Button@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?PressedProp@Button@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetPressed@Button@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetCursorHandle@Element@DirectUI@@QEAAJPEAUHICON__@@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?GetMouseWithin@Element@DirectUI@@QEAA_NXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?MouseWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Context@Button@DirectUI@@SA?AVUID@@XZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Destroy@Layout@DirectUI@@QEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?Create@BorderLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetAccessible@Element@DirectUI@@QEAAJ_N@Z", lpString2="CreateProcessW") returned -1 [0179.466] lstrcmpiA (lpString1="?SetClass@Element@DirectUI@@QEAAJPEBG@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetLayout@Element@DirectUI@@QEAAPEAVLayout@2@PEAPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?FireStructureChangedEvent@EventManager@DirectUI@@SAJPEAVElement@2@W4StructureChangeType@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Drag@Thumb@DirectUI@@SA?AVUID@@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?LayoutProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?PaintBackground@Element@DirectUI@@QEAAXPEAUHDC__@@PEAVValue@2@AEBUtagRECT@@222@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetRect@Value@DirectUI@@QEAAPEBUtagRECT@@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetRectZero@Value@DirectUI@@SAPEAV12@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetColorTrans@Value@DirectUI@@SAPEAV12@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Init@ProviderProxy@DirectUI@@MEAAXPEAVElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0ProviderProxy@DirectUI@@IEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??1AutoLock@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0ElementProxy@DirectUI@@IEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0ElementProvider@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0HWNDElementProxy@DirectUI@@IEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0HWNDElementProvider@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??1HWNDElementProvider@DirectUI@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="??0IProvider@DirectUI@@QEAA@XZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetFocus@HWNDElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragment@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?ElementProviderFromPoint@HWNDElementProvider@DirectUI@@UEAAJNNPEAPEAUIRawElementProviderFragment@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?SetFocus@ElementProvider@DirectUI@@UEAAJXZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?AddRef@HWNDElementProvider@DirectUI@@UEAAKXZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?QueryInterface@HWNDElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Init@HWNDElementProvider@DirectUI@@MEAAJPEAVHWNDElement@2@PEAVInvokeHelper@2@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?TossElement@ElementProvider@DirectUI@@UEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Init@HWNDElementProxy@DirectUI@@UEAAXPEAVHWNDElement@2@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Create@ElementProvider@DirectUI@@SAJPEAVElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?Create@HWNDElementProvider@DirectUI@@SAJPEAVHWNDElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z", lpString2="CreateProcessW") returned -1 [0179.467] lstrcmpiA (lpString1="?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="InitProcessPriv", lpString2="CreateProcessW") returned 1 [0179.468] lstrcmpiA (lpString1="UnInitProcessPriv", lpString2="CreateProcessW") returned 1 [0179.468] lstrcmpiA (lpString1="InitThread", lpString2="CreateProcessW") returned 1 [0179.468] lstrcmpiA (lpString1="UnInitThread", lpString2="CreateProcessW") returned 1 [0179.468] lstrcmpiA (lpString1="?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?StartDefer@Element@DirectUI@@QEAAXPEAK@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?EndDefer@Element@DirectUI@@QEAAXK@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?GetClassInfoPtr@TouchHWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="StrToID", lpString2="CreateProcessW") returned 1 [0179.468] lstrcmpiA (lpString1="?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Initialize@TouchHWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Destroy@Element@DirectUI@@QEAAJ_N@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?WndProc@TouchHWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?GetFocusedHWNDElement@HWNDElement@DirectUI@@SAPEAV12@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?SetKeyFocus@Element@DirectUI@@UEAAXXZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?KeyboardNavigate@Element@DirectUI@@SA?AVUID@@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?KeyFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?MouseFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Click@Button@DirectUI@@SA?AVUID@@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Register@TouchHWNDElement@DirectUI@@SAJXZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z", lpString2="CreateProcessW") returned -1 [0179.468] lstrcmpiA (lpString1="?Register@ClassInfoBase@DirectUI@@QEAAJXZ", lpString2="CreateProcessW") returned -1 [0179.469] lstrcmpiA (lpString1="?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z", lpString2="CreateProcessW") returned -1 [0179.472] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee260000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee260000, AllocationBase=0x7ff8ee260000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.472] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.472] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddbd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ddbd0000, AllocationBase=0x7ff8ddbd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.472] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.523] VirtualProtect (in: lpAddress=0x7ff8de1ac088, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.524] VirtualProtect (in: lpAddress=0x7ff8de1ac088, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.524] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3a70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3a70000, AllocationBase=0x7ff8e3a70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.524] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.567] VirtualProtect (in: lpAddress=0x7ff8e3b39668, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.568] VirtualProtect (in: lpAddress=0x7ff8e3b39668, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.568] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddb80000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ddb80000, AllocationBase=0x7ff8ddb80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.568] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.568] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddb70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ddb70000, AllocationBase=0x7ff8ddb70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.568] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.569] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae50000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eae50000, AllocationBase=0x7ff8eae50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.569] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.569] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e86a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e86a0000, AllocationBase=0x7ff8e86a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.569] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.569] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2f70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e2f70000, AllocationBase=0x7ff8e2f70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.569] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.569] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dda90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dda90000, AllocationBase=0x7ff8dda90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.569] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.569] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea010000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea010000, AllocationBase=0x7ff8ea010000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.569] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.570] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e05b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e05b0000, AllocationBase=0x7ff8e05b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.570] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea000000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea000000, AllocationBase=0x7ff8ea000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.570] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deeb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8deeb0000, AllocationBase=0x7ff8deeb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.570] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9060000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9060000, AllocationBase=0x7ff8e9060000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.570] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dfab0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dfab0000, AllocationBase=0x7ff8dfab0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.571] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd970000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd970000, AllocationBase=0x7ff8dd970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.571] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.571] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd950000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd950000, AllocationBase=0x7ff8dd950000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.571] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.571] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd900000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd900000, AllocationBase=0x7ff8dd900000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.571] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.571] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd8f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd8f0000, AllocationBase=0x7ff8dd8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.572] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.572] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7cd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7cd0000, AllocationBase=0x7ff8e7cd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.572] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.572] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5050000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5050000, AllocationBase=0x7ff8e5050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.572] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.572] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3c30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3c30000, AllocationBase=0x7ff8e3c30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.572] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.572] VirtualProtect (in: lpAddress=0x7ff8e3cd83e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.573] VirtualProtect (in: lpAddress=0x7ff8e3cd83e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.573] VirtualProtect (in: lpAddress=0x7ff8e3cd8390, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.574] VirtualProtect (in: lpAddress=0x7ff8e3cd8390, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.574] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd630000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd630000, AllocationBase=0x7ff8dd630000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.574] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.574] VirtualProtect (in: lpAddress=0x7ff8dd6c8320, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.575] VirtualProtect (in: lpAddress=0x7ff8dd6c8320, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.575] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dff00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dff00000, AllocationBase=0x7ff8dff00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.575] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.575] VirtualProtect (in: lpAddress=0x7ff8e00e44c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.576] VirtualProtect (in: lpAddress=0x7ff8e00e44c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.576] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3a50000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3a50000, AllocationBase=0x7ff8e3a50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.576] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.576] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd310000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd310000, AllocationBase=0x7ff8dd310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.576] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.576] VirtualProtect (in: lpAddress=0x7ff8dd48c498, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.576] VirtualProtect (in: lpAddress=0x7ff8dd48c498, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.577] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd2f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd2f0000, AllocationBase=0x7ff8dd2f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.577] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.577] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd250000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd250000, AllocationBase=0x7ff8dd250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.577] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.577] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6c30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6c30000, AllocationBase=0x7ff8e6c30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.577] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.577] VirtualProtect (in: lpAddress=0x7ff8e6cda398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.577] VirtualProtect (in: lpAddress=0x7ff8e6cda398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.578] VirtualProtect (in: lpAddress=0x7ff8e6cda3a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.578] VirtualProtect (in: lpAddress=0x7ff8e6cda3a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.578] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5a30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5a30000, AllocationBase=0x7ff8e5a30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.578] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.624] VirtualProtect (in: lpAddress=0x7ff8e5c9c190, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.624] VirtualProtect (in: lpAddress=0x7ff8e5c9c190, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.625] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x6570000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x6570000, AllocationBase=0x6570000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x883000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.625] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.625] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd210000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd210000, AllocationBase=0x7ff8dd210000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.625] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.625] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebbf0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ebbf0000, AllocationBase=0x7ff8ebbf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.625] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.625] VirtualProtect (in: lpAddress=0x7ff8ebc9f568, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.626] VirtualProtect (in: lpAddress=0x7ff8ebc9f568, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.626] VirtualProtect (in: lpAddress=0x7ff8ebc9f5c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.627] VirtualProtect (in: lpAddress=0x7ff8ebc9f5c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.627] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd190000, AllocationBase=0x7ff8dd190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.627] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.627] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee040000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee040000, AllocationBase=0x7ff8ee040000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.627] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.627] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee250000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee250000, AllocationBase=0x7ff8ee250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.627] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.627] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd0b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd0b0000, AllocationBase=0x7ff8dd0b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.627] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.628] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5dd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5dd0000, AllocationBase=0x7ff8e5dd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.628] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.628] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd020000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd020000, AllocationBase=0x7ff8dd020000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.628] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.628] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcfd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcfd0000, AllocationBase=0x7ff8dcfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.628] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.628] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e0a60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e0a60000, AllocationBase=0x7ff8e0a60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.629] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.629] VirtualProtect (in: lpAddress=0x7ff8e0b54528, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.629] VirtualProtect (in: lpAddress=0x7ff8e0b54528, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.629] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df190000, AllocationBase=0x7ff8df190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.629] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.629] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e4fb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e4fb0000, AllocationBase=0x7ff8e4fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.630] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9000000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9000000, AllocationBase=0x7ff8e9000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.630] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcd60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcd60000, AllocationBase=0x7ff8dcd60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.630] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcd40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcd40000, AllocationBase=0x7ff8dcd40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.630] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea0f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea0f0000, AllocationBase=0x7ff8ea0f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.630] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcc90000, AllocationBase=0x7ff8dcc90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.631] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e0f70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e0f70000, AllocationBase=0x7ff8e0f70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.631] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.631] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8480000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8480000, AllocationBase=0x7ff8e8480000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.631] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.631] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8460000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8460000, AllocationBase=0x7ff8e8460000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.631] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.631] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e15f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e15f0000, AllocationBase=0x7ff8e15f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.631] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.631] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcc70000, AllocationBase=0x7ff8dcc70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.631] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.632] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc50000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcc50000, AllocationBase=0x7ff8dcc50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.632] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.632] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e99e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e99e0000, AllocationBase=0x7ff8e99e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.632] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.632] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcbd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcbd0000, AllocationBase=0x7ff8dcbd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.632] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.632] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea5c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea5c0000, AllocationBase=0x7ff8ea5c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.632] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.633] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcba0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcba0000, AllocationBase=0x7ff8dcba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.633] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.633] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcb00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcb00000, AllocationBase=0x7ff8dcb00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.633] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.633] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea3c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea3c0000, AllocationBase=0x7ff8ea3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.633] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.634] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8860000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8860000, AllocationBase=0x7ff8e8860000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.634] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.634] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8650000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8650000, AllocationBase=0x7ff8e8650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.634] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.634] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2ea0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e2ea0000, AllocationBase=0x7ff8e2ea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.634] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.634] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dca80000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dca80000, AllocationBase=0x7ff8dca80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.634] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.634] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dca20000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dca20000, AllocationBase=0x7ff8dca20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.634] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.634] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec2a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec2a0000, AllocationBase=0x7ff8ec2a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.634] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e76f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e76f0000, AllocationBase=0x7ff8e76f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea8c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea8c0000, AllocationBase=0x7ff8ea8c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea880000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea880000, AllocationBase=0x7ff8ea880000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea1d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea1d0000, AllocationBase=0x7ff8ea1d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6470000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6470000, AllocationBase=0x7ff8e6470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6440000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6440000, AllocationBase=0x7ff8e6440000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e75b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e75b0000, AllocationBase=0x7ff8e75b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da9a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da9a0000, AllocationBase=0x7ff8da9a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.636] VirtualProtect (in: lpAddress=0x7ff8da9ca858, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.636] VirtualProtect (in: lpAddress=0x7ff8da9ca858, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9ff0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9ff0000, AllocationBase=0x7ff8d9ff0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7d90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7d90000, AllocationBase=0x7ff8e7d90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df400000, AllocationBase=0x7ff8df400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dc780000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dc780000, AllocationBase=0x7ff8dc780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dc6e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dc6e0000, AllocationBase=0x7ff8dc6e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eac70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eac70000, AllocationBase=0x7ff8eac70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.638] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da950000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da950000, AllocationBase=0x7ff8da950000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.638] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.638] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9eb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9eb0000, AllocationBase=0x7ff8d9eb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.638] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.638] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5160000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5160000, AllocationBase=0x7ff8e5160000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.638] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.639] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7f00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7f00000, AllocationBase=0x7ff8e7f00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.639] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.639] VirtualProtect (in: lpAddress=0x7ff8e7f4a400, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.639] VirtualProtect (in: lpAddress=0x7ff8e7f4a400, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.640] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da8d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da8d0000, AllocationBase=0x7ff8da8d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.640] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.640] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da840000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da840000, AllocationBase=0x7ff8da840000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.640] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.640] VirtualProtect (in: lpAddress=0x7ff8da8872d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.641] VirtualProtect (in: lpAddress=0x7ff8da8872d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.642] VirtualProtect (in: lpAddress=0x7ff8da887298, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.643] VirtualProtect (in: lpAddress=0x7ff8da887298, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.643] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9bf0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9bf0000, AllocationBase=0x7ff8d9bf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.643] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.643] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9a40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9a40000, AllocationBase=0x7ff8d9a40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.643] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d99f0000, AllocationBase=0x7ff8d99f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d99d0000, AllocationBase=0x7ff8d99d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d99c0000, AllocationBase=0x7ff8d99c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9970000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9970000, AllocationBase=0x7ff8d9970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e81f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e81f0000, AllocationBase=0x7ff8e81f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.645] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d98e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d98e0000, AllocationBase=0x7ff8d98e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.645] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.645] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7a10000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7a10000, AllocationBase=0x7ff8d7a10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.645] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.645] VirtualProtect (in: lpAddress=0x7ff8d7ae58a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.645] VirtualProtect (in: lpAddress=0x7ff8d7ae58a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.646] VirtualProtect (in: lpAddress=0x7ff8d7ae5870, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.646] VirtualProtect (in: lpAddress=0x7ff8d7ae5870, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.646] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db940000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db940000, AllocationBase=0x7ff8db940000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.647] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.647] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db910000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db910000, AllocationBase=0x7ff8db910000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.647] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.647] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7850000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7850000, AllocationBase=0x7ff8d7850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.647] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.647] VirtualProtect (in: lpAddress=0x7ff8d7883428, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.647] VirtualProtect (in: lpAddress=0x7ff8d7883428, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7820000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7820000, AllocationBase=0x7ff8d7820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.648] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d77e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d77e0000, AllocationBase=0x7ff8d77e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.648] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e09f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e09f0000, AllocationBase=0x7ff8e09f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.648] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e72a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e72a0000, AllocationBase=0x7ff8e72a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.649] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7280000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7280000, AllocationBase=0x7ff8e7280000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.649] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2760000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e2760000, AllocationBase=0x7ff8e2760000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.649] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3570000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3570000, AllocationBase=0x7ff8e3570000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.649] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8c40000, AllocationBase=0x7ff8e8c40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.649] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8c00000, AllocationBase=0x7ff8e8c00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.649] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8140000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8140000, AllocationBase=0x7ff8e8140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.649] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.650] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8bc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8bc0000, AllocationBase=0x7ff8e8bc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.650] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.650] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e51f0000, AllocationBase=0x7ff8e51f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.650] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.650] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e51e0000, AllocationBase=0x7ff8e51e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.650] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.651] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3610000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3610000, AllocationBase=0x7ff8e3610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.651] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.651] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e35b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e35b0000, AllocationBase=0x7ff8e35b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.651] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.651] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3220000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3220000, AllocationBase=0x7ff8e3220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.651] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.651] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3190000, AllocationBase=0x7ff8e3190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.651] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.652] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7740000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7740000, AllocationBase=0x7ff8d7740000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.652] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.652] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d76a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d76a0000, AllocationBase=0x7ff8d76a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.652] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.652] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e54e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e54e0000, AllocationBase=0x7ff8e54e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.652] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.652] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db610000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db610000, AllocationBase=0x7ff8db610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.652] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.653] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e53b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e53b0000, AllocationBase=0x7ff8e53b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.653] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.653] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dbc00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dbc00000, AllocationBase=0x7ff8dbc00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.653] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.653] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dee80000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dee80000, AllocationBase=0x7ff8dee80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.653] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e84e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e84e0000, AllocationBase=0x7ff8e84e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5310000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5310000, AllocationBase=0x7ff8e5310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9fe0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9fe0000, AllocationBase=0x7ff8e9fe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e51d0000, AllocationBase=0x7ff8e51d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db400000, AllocationBase=0x7ff8db400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df410000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df410000, AllocationBase=0x7ff8df410000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e1650000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e1650000, AllocationBase=0x7ff8e1650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d6770000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d6770000, AllocationBase=0x7ff8d6770000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.654] VirtualProtect (in: lpAddress=0x7ff8d6ce53e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.655] VirtualProtect (in: lpAddress=0x7ff8d6ce53e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.655] VirtualProtect (in: lpAddress=0x7ff8d6ce6c40, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.656] VirtualProtect (in: lpAddress=0x7ff8d6ce6c40, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5480000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5480000, AllocationBase=0x7ff8e5480000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7c60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7c60000, AllocationBase=0x7ff8d7c60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db380000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db380000, AllocationBase=0x7ff8db380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da7b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da7b0000, AllocationBase=0x7ff8da7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.720] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5620000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5620000, AllocationBase=0x7ff8d5620000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.720] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.720] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5520000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5520000, AllocationBase=0x7ff8d5520000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.720] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.721] VirtualProtect (in: lpAddress=0x7ff8d55cd530, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.722] VirtualProtect (in: lpAddress=0x7ff8d55cd530, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.722] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec220000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec220000, AllocationBase=0x7ff8ec220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.722] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.722] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e1780000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e1780000, AllocationBase=0x7ff8e1780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.722] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.722] VirtualProtect (in: lpAddress=0x7ff8e17aa3b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.723] VirtualProtect (in: lpAddress=0x7ff8e17aa3b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.723] VirtualProtect (in: lpAddress=0x7ff8e17aa360, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.724] VirtualProtect (in: lpAddress=0x7ff8e17aa360, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.724] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5430000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5430000, AllocationBase=0x7ff8d5430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.724] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.724] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d52f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d52f0000, AllocationBase=0x7ff8d52f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.725] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.725] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7500000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7500000, AllocationBase=0x7ff8d7500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.725] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.726] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5e90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5e90000, AllocationBase=0x7ff8d5e90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.726] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.726] VirtualProtect (in: lpAddress=0x7ff8d5f04400, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.726] VirtualProtect (in: lpAddress=0x7ff8d5f04400, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.727] VirtualProtect (in: lpAddress=0x7ff8d5f04448, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x2) returned 1 [0179.727] VirtualProtect (in: lpAddress=0x7ff8d5f04448, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.728] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7400000, AllocationBase=0x7ff8d7400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.728] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.728] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d73e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d73e0000, AllocationBase=0x7ff8d73e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.728] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.728] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5240000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5240000, AllocationBase=0x7ff8d5240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.728] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.728] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d64c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d64c0000, AllocationBase=0x7ff8d64c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.728] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.729] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5220000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5220000, AllocationBase=0x7ff8d5220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.729] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.729] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee240000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee240000, AllocationBase=0x7ff8ee240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.729] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f720, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f720, ReturnLength=0x0) returned 0x0 [0179.729] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xe90e480, nSize=0x104 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0179.730] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="StrStrIW") returned 0x7ff8edfeb260 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="electrum-") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="bitcoin") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="multibit-hd") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="bither") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="msigna.") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="Jaxx.") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="JEdudus.") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="armory-") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="veracrypt") returned 0x0 [0179.730] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="truecrypt") returned 0x0 [0179.730] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x307f7c0 | out: phkResult=0x307f7c0*=0x2120) returned 0x0 [0179.730] RegQueryValueExA (in: hKey=0x2120, lpValueName="Install", lpReserved=0x0, lpType=0x307f730, lpData=0x0, lpcbData=0x307f7b0*=0x74 | out: lpType=0x307f730*=0x3, lpData=0x0, lpcbData=0x307f7b0*=0x76) returned 0x0 [0179.731] RegQueryValueExA (in: hKey=0x2120, lpValueName="Install", lpReserved=0x0, lpType=0x307f730, lpData=0xe90fe40, lpcbData=0x307f7b0*=0x76 | out: lpType=0x307f730*=0x3, lpData=0xe90fe40*, lpcbData=0x307f7b0*=0x76) returned 0x0 [0179.731] RegCloseKey (hKey=0x2120) returned 0x0 [0179.731] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2120 [0179.731] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x307f728 | out: phkResult=0x307f728*=0x2104) returned 0x0 [0179.732] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegEnumValueW") returned 0x7ff8ee1a7220 [0179.732] RegEnumValueW (in: hKey=0x2104, dwIndex=0x0, lpValueName=0xe90e690, lpcchValueName=0x307f720, lpReserved=0x0, lpType=0x307f724, lpData=0xe90e898, lpcbData=0x307f778 | out: lpValueName="cabilipc", lpcchValueName=0x307f720, lpType=0x307f724, lpData=0xe90e898, lpcbData=0x307f778) returned 0x0 [0179.732] StrStrIW (lpFirst="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpSrch="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" [0179.732] RegCloseKey (hKey=0x2104) returned 0x0 [0179.732] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", phkResult=0x307f810 | out: phkResult=0x307f810*=0x2104) returned 0x0 [0179.732] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegSetValueExA") returned 0x7ff8ee192680 [0179.733] RegSetValueExA (in: hKey=0x2104, lpValueName="EnableSPDY3_0", Reserved=0x0, dwType=0x4, lpData=0x307f808*=0x0, cbData=0x4 | out: lpData=0x307f808*=0x0) returned 0x0 [0179.733] RegCloseKey (hKey=0x2104) returned 0x0 [0179.733] GetModuleHandleA (lpModuleName="kernelbase") returned 0x7ff8eb870000 [0179.733] lstrcmpA (lpString1="AccessCheck", lpString2="RegGetValueW") returned -1 [0179.733] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AccessCheckByType", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AcquireStateLock", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="ActivateActCtx", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddDllDirectory", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddMandatoryAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddRefActCtx", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="RegGetValueW") returned -1 [0179.734] lstrcmpA (lpString1="AllocConsole", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppContainerDeriveSidFromMoniker", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppContainerFreeMemory", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppContainerLookupDisplayNameMrtReference", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppContainerLookupMoniker", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppContainerRegisterSid", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppContainerUnregisterSid", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXFreeMemory", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXGetApplicationData", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXGetDevelopmentMode", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXGetOSMinVersion", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXGetPackageCapabilities", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXGetPackageSid", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXLookupDisplayName", lpString2="RegGetValueW") returned -1 [0179.735] lstrcmpA (lpString1="AppXLookupMoniker", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AppXPostSuccessExtension", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AppXPreCreationExtension", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AppXReleaseAppXContext", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AppXUpdatePackageCapabilities", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="ApplicationUserModelIdFromProductId", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AreFileApisANSI", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AreThereVisibleLogoffScriptsInternal", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AreThereVisibleShutdownScriptsInternal", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="AttachConsole", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseDllFreeResourceId", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseDllMapResourceIdW", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcess", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseMarkFileForDelete", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseReadAppCompatDataForProcess", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BasepAdjustObjectAttributesForPrivateNamespace", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BasepCopyFileCallback", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BasepCopyFileExW", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="BasepNotifyTrackingService", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="Beep", lpString2="RegGetValueW") returned -1 [0179.736] lstrcmpA (lpString1="CLOSE_LOCAL_HANDLE_INTERNAL", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CancelIo", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CancelIoEx", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharLowerA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharLowerBuffA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharLowerBuffW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharLowerW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharNextA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharNextExA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharNextW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharPrevA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharPrevExA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharPrevW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharUpperA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharUpperBuffA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharUpperBuffW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CharUpperW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CheckGroupPolicyEnabled", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CheckIfStateChangeNotificationExists", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CheckTokenCapability", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CheckTokenMembership", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="ChrCmpIA", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="ChrCmpIW", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="ClearCommBreak", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="ClearCommError", lpString2="RegGetValueW") returned -1 [0179.737] lstrcmpA (lpString1="CloseGlobalizationUserSettingsKey", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseHandle", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ClosePackageInfo", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseState", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseStateAtom", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseStateChangeNotification", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseStateContainer", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseStateLock", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpool", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CommitStateAtom", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CompareFileTime", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CompareObjectHandles", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CompareStringA", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CompareStringEx", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CompareStringW", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CopyContext", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CopyFile2", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CopyFileExW", lpString2="RegGetValueW") returned -1 [0179.738] lstrcmpA (lpString1="CopyFileW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CopySid", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateActCtxW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateAppContainerToken", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateDirectoryA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateDirectoryW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateEventA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateEventExA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateEventExW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateEventW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFiber", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFiberEx", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFile2", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFileA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFileMappingW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateFileW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateHardLinkA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateHardLinkW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateMutexA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateMutexExA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateMutexExW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateMutexW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreatePipe", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateProcessA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="RegGetValueW") returned -1 [0179.739] lstrcmpA (lpString1="CreateProcessInternalA", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateProcessInternalW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateProcessW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateRemoteThread", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateRemoteThreadEx", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateRestrictedToken", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateSemaphoreExW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateSemaphoreW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateStateAtom", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateStateChangeNotification", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateStateContainer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateStateLock", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateStateSubcontainer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateSymbolicLinkW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThread", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThreadpool", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThreadpoolCleanupGroup", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThreadpoolIo", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThreadpoolWait", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateThreadpoolWork", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateTimerQueue", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateTimerQueueTimer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateWaitableTimerExW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateWaitableTimerW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CreateWellKnownSid", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="CtrlRoutine", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeactivateActCtx", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DebugActiveProcess", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DebugActiveProcessStop", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DebugBreak", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DecodePointer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DecodeRemotePointer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DecodeSystemPointer", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DefineDosDeviceW", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DelayLoadFailureHook", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DelayLoadFailureHookLookup", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeleteAce", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeleteBoundaryDescriptor", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeleteCriticalSection", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeleteFiber", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeleteFileA", lpString2="RegGetValueW") returned -1 [0179.740] lstrcmpA (lpString1="DeleteFileW", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteProcThreadAttributeList", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteStateAtomValue", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteStateContainer", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteStateContainerValue", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteSynchronizationBarrier", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteTimerQueueEx", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteTimerQueueTimer", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeleteVolumeMountPointW", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DestroyPrivateObjectSecurity", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DeviceIoControl", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DisablePredefinedHandleTableInternal", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DisableThreadLibraryCalls", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DisassociateCurrentThreadFromCallback", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DiscardVirtualMemory", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DisconnectNamedPipe", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DnsHostnameToComputerNameExW", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DsBindWithSpnExW", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DsCrackNamesW", lpString2="RegGetValueW") returned -1 [0179.741] lstrcmpA (lpString1="DsFreeDomainControllerInfoW", lpString2="RegGetValueW") returned -1 [0179.743] VirtualProtect (in: lpAddress=0x7ff8eb939e00, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x307f6a0 | out: lpflOldProtect=0x307f6a0*=0x40) returned 1 [0179.743] VirtualProtect (in: lpAddress=0x7ff8eba130a8, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x307f6a8 | out: lpflOldProtect=0x307f6a8*=0x40) returned 1 [0179.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f640, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f640, ReturnLength=0x0) returned 0x0 [0179.743] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xe811400, cb=0x1000, lpcbNeeded=0x307f748 | out: lphModule=0xe811400, lpcbNeeded=0x307f748) returned 1 [0179.746] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff79fdc0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff79fdc0000, AllocationBase=0x7ff79fdc0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.747] lstrcmpiA (lpString1="wcschr", lpString2="RegGetValueW") returned 1 [0179.747] lstrcmpiA (lpString1="_get_errno", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_set_errno", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="memcpy_s", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="free", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="strchr", lpString2="RegGetValueW") returned 1 [0179.747] lstrcmpiA (lpString1="wcstombs", lpString2="RegGetValueW") returned 1 [0179.747] lstrcmpiA (lpString1="_wtoi", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_itow_s", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_wcsicmp", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="bsearch", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="wcsncpy_s", lpString2="RegGetValueW") returned 1 [0179.747] lstrcmpiA (lpString1="memset", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="ceil", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="floor", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="floorf", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="memcmp", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="sqrt", lpString2="RegGetValueW") returned 1 [0179.747] lstrcmpiA (lpString1="wcscspn", lpString2="RegGetValueW") returned 1 [0179.747] lstrcmpiA (lpString1="_wcstoui64", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_errno", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_onexit", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="__dllonexit", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_unlock", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_lock", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_commode", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_fmode", lpString2="RegGetValueW") returned -1 [0179.747] lstrcmpiA (lpString1="_wcmdln", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="__C_specific_handler", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_initterm", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="__setusermatherr", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_cexit", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_exit", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="exit", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="__set_app_type", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="__wgetmainargs", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_snwprintf_s", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_vsnwprintf_s", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="wcsspn", lpString2="RegGetValueW") returned 1 [0179.748] lstrcmpiA (lpString1="_amsg_exit", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_XcptFilter", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="memcpy", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_CxxThrowException", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="realloc", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="wcsstr", lpString2="RegGetValueW") returned 1 [0179.748] lstrcmpiA (lpString1="memmove", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="malloc", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="_vsnwprintf", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="wcsrchr", lpString2="RegGetValueW") returned 1 [0179.748] lstrcmpiA (lpString1="wcscmp", lpString2="RegGetValueW") returned 1 [0179.748] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="GetProcAddress", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="FindResourceExW", lpString2="RegGetValueW") returned -1 [0179.748] lstrcmpiA (lpString1="LoadResource", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="LockResource", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="SizeofResource", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="GetModuleHandleA", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="LoadStringW", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="FreeLibrary", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="GetModuleFileNameW", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="LoadLibraryExA", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventEnabled", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventUnregister", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventSetInformation", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventRegister", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="EventWrite", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="OpenThreadToken", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="SetPriorityClass", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="SetProcessShutdownParameters", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="GetPriorityClass", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="OpenProcessToken", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="TerminateThread", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="FlushInstructionCache", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="ExitProcess", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="GetStartupInfoW", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="SetThreadPriority", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="OpenProcess", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="SetThreadPriorityBoost", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="GetCurrentThread", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="QueueUserAPC", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="TlsAlloc", lpString2="RegGetValueW") returned 1 [0179.749] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="RegGetValueW") returned -1 [0179.749] lstrcmpiA (lpString1="GetThreadPriority", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="TlsSetValue", lpString2="RegGetValueW") returned 1 [0179.750] lstrcmpiA (lpString1="ResumeThread", lpString2="RegGetValueW") returned 1 [0179.750] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="TlsFree", lpString2="RegGetValueW") returned 1 [0179.750] lstrcmpiA (lpString1="CreateProcessW", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="GetExitCodeProcess", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="OpenThread", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="CreateThread", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="TerminateProcess", lpString2="RegGetValueW") returned 1 [0179.750] lstrcmpiA (lpString1="GetProcessId", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="TlsGetValue", lpString2="RegGetValueW") returned 1 [0179.750] lstrcmpiA (lpString1="OutputDebugStringW", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="OutputDebugStringA", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="GetUserPreferredUILanguages", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="GetThreadUILanguage", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="GetUserGeoID", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="GetUserDefaultLangID", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="FormatMessageW", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="IsValidLocaleName", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="GetLocaleInfoW", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="PropVariantClear", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="CoUninitialize", lpString2="RegGetValueW") returned -1 [0179.750] lstrcmpiA (lpString1="RoGetAgileReference", lpString2="RegGetValueW") returned 1 [0179.752] lstrcmpiA (lpString1="CoSetProxyBlanket", lpString2="RegGetValueW") returned -1 [0179.752] lstrcmpiA (lpString1="IIDFromString", lpString2="RegGetValueW") returned -1 [0179.752] lstrcmpiA (lpString1="CoCreateInstance", lpString2="RegGetValueW") returned -1 [0179.752] lstrcmpiA (lpString1="CoCreateGuid", lpString2="RegGetValueW") returned -1 [0179.752] lstrcmpiA (lpString1="CoGetStdMarshalEx", lpString2="RegGetValueW") returned -1 [0179.752] lstrcmpiA (lpString1="CreateStreamOnHGlobal", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoFreeUnusedLibraries", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoInitializeEx", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoGetApartmentType", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="StringFromIID", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="CoCreateFreeThreadedMarshaler", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoDisableCallCancellation", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoTaskMemAlloc", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoRevokeClassObject", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoTaskMemRealloc", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoRegisterClassObject", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoWaitForMultipleHandles", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoGetMalloc", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoTaskMemFree", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoMarshalInterThreadInterfaceInStream", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="StringFromGUID2", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="CoReleaseMarshalData", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoCancelCall", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoGetInterfaceAndReleaseStream", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoEnableCallCancellation", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CLSIDFromString", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="CoGetCallContext", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="SetLastError", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="SetErrorMode", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="GetLastError", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="RaiseException", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="OpenSemaphoreW", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="WaitForSingleObject", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="CreateEventExW", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="RegGetValueW") returned -1 [0179.753] lstrcmpiA (lpString1="SetEvent", lpString2="RegGetValueW") returned 1 [0179.753] lstrcmpiA (lpString1="ReleaseSemaphore", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="Sleep", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="InitOnceBeginInitialize", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="InitOnceComplete", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="OpenEventW", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="InitOnceExecuteOnce", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="WaitForSingleObjectEx", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="CreateEventW", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="InitializeCriticalSectionEx", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="SleepEx", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="ResetEvent", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="WaitForMultipleObjectsEx", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="OpenMutexW", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="ReleaseMutex", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="CreateMutexW", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="DeleteCriticalSection", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="InitializeCriticalSection", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="CreateThreadpoolWait", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="CreateThreadpoolWork", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="SubmitThreadpoolWork", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="CreateThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="SetThreadpoolWait", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="TrySubmitThreadpoolCallback", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="SetThreadpoolTimer", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="WaitForThreadpoolTimerCallbacks", lpString2="RegGetValueW") returned 1 [0179.754] lstrcmpiA (lpString1="CloseThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="CallbackMayRunLong", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="FreeLibraryWhenCallbackReturns", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="CloseHandle", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="DuplicateHandle", lpString2="RegGetValueW") returned -1 [0179.754] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetOsSafeBootMode", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetSystemTime", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetWindowsDirectoryW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetTickCount64", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetVersionExW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetSystemDirectoryW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetProductInfo", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetTickCount", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="GetLocalTime", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="CreateSemaphoreW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegDeleteValueW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegCreateKeyExW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegEnumValueW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegDeleteTreeW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegQueryInfoKeyW", lpString2="RegGetValueW") returned 1 [0179.755] lstrcmpiA (lpString1="RegCloseKey", lpString2="RegGetValueW") returned -1 [0179.755] lstrcmpiA (lpString1="RegGetValueW", lpString2="RegGetValueW") returned 0 [0179.755] VirtualProtect (in: lpAddress=0x7ff79ff88938, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.756] VirtualProtect (in: lpAddress=0x7ff79ff88938, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee380000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee380000, AllocationBase=0x7ff8ee380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee2d0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee2d0000, AllocationBase=0x7ff8ee2d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb870000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eb870000, AllocationBase=0x7ff8eb870000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9500000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9500000, AllocationBase=0x7ff8e9500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.756] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="RegGetValueW") returned 1 [0179.756] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="RegGetValueW") returned 1 [0179.756] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="RegGetValueW") returned 1 [0179.756] lstrcmpiA (lpString1="RtlGUIDFromString", lpString2="RegGetValueW") returned 1 [0179.756] lstrcmpiA (lpString1="RtlInitString", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="NlsMbCodePageTag", lpString2="RegGetValueW") returned -1 [0179.757] lstrcmpiA (lpString1="RtlxAnsiStringToUnicodeSize", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlUpcaseUnicodeString", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlUpcaseUnicodeChar", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="toupper", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="wcschr", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlReAllocateHeap", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwClose", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="sprintf_s", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="strchr", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlInitAnsiString", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="strcpy_s", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlEqualString", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="wcscpy_s", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="wcscat_s", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlDosPathNameToNtPathName_U_WithStatus", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwCreateFile", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwQueryInformationFile", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwUnmapViewOfSection", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwMapViewOfSection", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwCreateSection", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlAppendUnicodeStringToString", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlDoesFileExists_U", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwQueryInformationToken", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwOpenKey", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwQueryValueKey", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwCreateKey", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="RtlGetFullPathName_UEx", lpString2="RegGetValueW") returned 1 [0179.757] lstrcmpiA (lpString1="ZwQueryInformationProcess", lpString2="RegGetValueW") returned 1 [0179.757] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee0b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee0b0000, AllocationBase=0x7ff8ee0b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.757] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.758] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebb30000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ebb30000, AllocationBase=0x7ff8ebb30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.758] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.758] VirtualProtect (in: lpAddress=0x7ff8ebbbb398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.759] VirtualProtect (in: lpAddress=0x7ff8ebbbb398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.759] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edd60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8edd60000, AllocationBase=0x7ff8edd60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.759] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.759] VirtualProtect (in: lpAddress=0x7ff8edf0e6d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.759] VirtualProtect (in: lpAddress=0x7ff8edf0e6d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.760] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec450000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec450000, AllocationBase=0x7ff8ec450000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.760] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.760] VirtualProtect (in: lpAddress=0x7ff8ec534270, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.760] VirtualProtect (in: lpAddress=0x7ff8ec534270, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.760] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eadd0000, AllocationBase=0x7ff8eadd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.761] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.761] VirtualProtect (in: lpAddress=0x7ff8eade2188, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.761] VirtualProtect (in: lpAddress=0x7ff8eade2188, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.761] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebdc0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ebdc0000, AllocationBase=0x7ff8ebdc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.761] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.762] VirtualProtect (in: lpAddress=0x7ff8ebe49778, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.762] VirtualProtect (in: lpAddress=0x7ff8ebe49778, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.762] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edbc0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8edbc0000, AllocationBase=0x7ff8edbc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.762] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.762] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb7b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eb7b0000, AllocationBase=0x7ff8eb7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.763] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.763] VirtualProtect (in: lpAddress=0x7ff8eb829380, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.763] VirtualProtect (in: lpAddress=0x7ff8eb829380, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.763] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edfe0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8edfe0000, AllocationBase=0x7ff8edfe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.763] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.763] VirtualProtect (in: lpAddress=0x7ff8ee00a580, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.764] VirtualProtect (in: lpAddress=0x7ff8ee00a580, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.764] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec580000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec580000, AllocationBase=0x7ff8ec580000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.764] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.764] VirtualProtect (in: lpAddress=0x7ff8ecb664d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.765] VirtualProtect (in: lpAddress=0x7ff8ecb664d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.765] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb180000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eb180000, AllocationBase=0x7ff8eb180000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.765] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.765] VirtualProtect (in: lpAddress=0x7ff8eb6227a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.807] VirtualProtect (in: lpAddress=0x7ff8eb6227a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.807] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee190000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee190000, AllocationBase=0x7ff8ee190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.807] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.807] VirtualProtect (in: lpAddress=0x7ff8ee1f4630, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.808] VirtualProtect (in: lpAddress=0x7ff8ee1f4630, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.808] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec240000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec240000, AllocationBase=0x7ff8ec240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.808] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.808] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae20000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eae20000, AllocationBase=0x7ff8eae20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.808] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.808] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae30000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eae30000, AllocationBase=0x7ff8eae30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.808] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.808] VirtualProtect (in: lpAddress=0x7ff8eae391f8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.809] VirtualProtect (in: lpAddress=0x7ff8eae391f8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.809] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eafb0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eafb0000, AllocationBase=0x7ff8eafb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.809] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.809] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadb0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eadb0000, AllocationBase=0x7ff8eadb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.809] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.809] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e79b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e79b0000, AllocationBase=0x7ff8e79b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.809] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.809] VirtualProtect (in: lpAddress=0x7ff8e7a3f720, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.809] VirtualProtect (in: lpAddress=0x7ff8e7a3f720, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.810] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9680000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9680000, AllocationBase=0x7ff8e9680000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.810] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.810] VirtualProtect (in: lpAddress=0x7ff8e96d7990, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.810] VirtualProtect (in: lpAddress=0x7ff8e96d7990, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.810] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8fb0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8fb0000, AllocationBase=0x7ff8e8fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.810] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.810] VirtualProtect (in: lpAddress=0x7ff8e8fc02d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.811] VirtualProtect (in: lpAddress=0x7ff8e8fc02d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.811] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df0c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8df0c0000, AllocationBase=0x7ff8df0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.811] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.811] VirtualProtect (in: lpAddress=0x7ff8df13f398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.811] VirtualProtect (in: lpAddress=0x7ff8df13f398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.811] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8d00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8d00000, AllocationBase=0x7ff8e8d00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.811] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.812] VirtualProtect (in: lpAddress=0x7ff8e8efa230, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.812] VirtualProtect (in: lpAddress=0x7ff8e8efa230, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.812] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9130000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9130000, AllocationBase=0x7ff8e9130000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.812] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.812] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea9d0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea9d0000, AllocationBase=0x7ff8ea9d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.812] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.812] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea360000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea360000, AllocationBase=0x7ff8ea360000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.812] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.812] VirtualProtect (in: lpAddress=0x7ff8ea3712e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.813] VirtualProtect (in: lpAddress=0x7ff8ea3712e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.813] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8b90000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8b90000, AllocationBase=0x7ff8e8b90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.813] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.813] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8c60000, AllocationBase=0x7ff8e8c60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.813] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.814] VirtualProtect (in: lpAddress=0x7ff8e8cbd330, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.814] VirtualProtect (in: lpAddress=0x7ff8e8cbd330, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.814] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8b60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8b60000, AllocationBase=0x7ff8e8b60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.814] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.814] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee150000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee150000, AllocationBase=0x7ff8ee150000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.814] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.814] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec0c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec0c0000, AllocationBase=0x7ff8ec0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.814] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.814] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eac00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eac00000, AllocationBase=0x7ff8eac00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.814] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.815] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec300000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec300000, AllocationBase=0x7ff8ec300000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.815] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.815] VirtualProtect (in: lpAddress=0x7ff8ec3c3128, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.815] VirtualProtect (in: lpAddress=0x7ff8ec3c3128, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.815] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edb10000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8edb10000, AllocationBase=0x7ff8edb10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.815] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.815] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea820000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea820000, AllocationBase=0x7ff8ea820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.815] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea620000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea620000, AllocationBase=0x7ff8ea620000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eabd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eabd0000, AllocationBase=0x7ff8eabd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea270000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea270000, AllocationBase=0x7ff8ea270000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea790000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea790000, AllocationBase=0x7ff8ea790000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df640000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8df640000, AllocationBase=0x7ff8df640000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3040000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3040000, AllocationBase=0x7ff8e3040000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7400000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7400000, AllocationBase=0x7ff8e7400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.816] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.816] VirtualProtect (in: lpAddress=0x7ff8e740c0e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.817] VirtualProtect (in: lpAddress=0x7ff8e740c0e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.817] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dee60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dee60000, AllocationBase=0x7ff8dee60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.817] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.817] VirtualProtect (in: lpAddress=0x7ff8dee69170, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.818] VirtualProtect (in: lpAddress=0x7ff8dee69170, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.818] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6140000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e6140000, AllocationBase=0x7ff8e6140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.818] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.818] VirtualProtect (in: lpAddress=0x7ff8e6164298, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.818] VirtualProtect (in: lpAddress=0x7ff8e6164298, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.818] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e60a0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e60a0000, AllocationBase=0x7ff8e60a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.819] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.819] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6330000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e6330000, AllocationBase=0x7ff8e6330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.819] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.819] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ded70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ded70000, AllocationBase=0x7ff8ded70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.819] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.819] VirtualProtect (in: lpAddress=0x7ff8dedfe308, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.819] VirtualProtect (in: lpAddress=0x7ff8dedfe308, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.819] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deca0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8deca0000, AllocationBase=0x7ff8deca0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.819] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.820] VirtualProtect (in: lpAddress=0x7ff8ded20308, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.820] VirtualProtect (in: lpAddress=0x7ff8ded20308, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.820] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7430000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7430000, AllocationBase=0x7ff8e7430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.820] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.820] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8ad0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8ad0000, AllocationBase=0x7ff8e8ad0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.820] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.820] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8af0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8af0000, AllocationBase=0x7ff8e8af0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.820] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.820] VirtualProtect (in: lpAddress=0x7ff8e8b2b1a8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.821] VirtualProtect (in: lpAddress=0x7ff8e8b2b1a8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.821] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e57b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e57b0000, AllocationBase=0x7ff8e57b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.821] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.821] VirtualProtect (in: lpAddress=0x7ff8e5975f40, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.822] VirtualProtect (in: lpAddress=0x7ff8e5975f40, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.822] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dec30000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dec30000, AllocationBase=0x7ff8dec30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.822] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.822] VirtualProtect (in: lpAddress=0x7ff8dec40378, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.822] VirtualProtect (in: lpAddress=0x7ff8dec40378, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.822] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9e00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9e00000, AllocationBase=0x7ff8e9e00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.822] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.823] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7b40000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7b40000, AllocationBase=0x7ff8e7b40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.823] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.823] VirtualProtect (in: lpAddress=0x7ff8e7b912b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.823] VirtualProtect (in: lpAddress=0x7ff8e7b912b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.823] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9720000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9720000, AllocationBase=0x7ff8e9720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.823] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.823] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eaf60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eaf60000, AllocationBase=0x7ff8eaf60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.823] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.823] VirtualProtect (in: lpAddress=0x7ff8eaf902c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.824] VirtualProtect (in: lpAddress=0x7ff8eaf902c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.824] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8debc0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8debc0000, AllocationBase=0x7ff8debc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.824] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.824] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deb70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8deb70000, AllocationBase=0x7ff8deb70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.824] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.824] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6640000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e6640000, AllocationBase=0x7ff8e6640000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.824] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.824] VirtualProtect (in: lpAddress=0x7ff8e68c61b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.825] VirtualProtect (in: lpAddress=0x7ff8e68c61b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.825] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9860000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9860000, AllocationBase=0x7ff8e9860000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.825] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.825] VirtualProtect (in: lpAddress=0x7ff8e99023e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.825] VirtualProtect (in: lpAddress=0x7ff8e99023e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.826] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8de6e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8de6e0000, AllocationBase=0x7ff8de6e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.826] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.826] VirtualProtect (in: lpAddress=0x7ff8de86e540, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.826] VirtualProtect (in: lpAddress=0x7ff8de86e540, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.826] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee260000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee260000, AllocationBase=0x7ff8ee260000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.826] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.826] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddbd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ddbd0000, AllocationBase=0x7ff8ddbd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.826] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.826] VirtualProtect (in: lpAddress=0x7ff8de1ac1c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.827] VirtualProtect (in: lpAddress=0x7ff8de1ac1c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.827] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3a70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3a70000, AllocationBase=0x7ff8e3a70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.827] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.827] VirtualProtect (in: lpAddress=0x7ff8e3b39758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.828] VirtualProtect (in: lpAddress=0x7ff8e3b39758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.828] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddb80000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ddb80000, AllocationBase=0x7ff8ddb80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.828] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.828] VirtualProtect (in: lpAddress=0x7ff8ddbb1318, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.828] VirtualProtect (in: lpAddress=0x7ff8ddbb1318, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.828] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddb70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ddb70000, AllocationBase=0x7ff8ddb70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.828] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.829] VirtualProtect (in: lpAddress=0x7ff8ddb78218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.830] VirtualProtect (in: lpAddress=0x7ff8ddb78218, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.830] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae50000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eae50000, AllocationBase=0x7ff8eae50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.830] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.830] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e86a0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e86a0000, AllocationBase=0x7ff8e86a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.830] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.830] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2f70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e2f70000, AllocationBase=0x7ff8e2f70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.830] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.830] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dda90000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dda90000, AllocationBase=0x7ff8dda90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.830] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.830] VirtualProtect (in: lpAddress=0x7ff8ddae98d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.831] VirtualProtect (in: lpAddress=0x7ff8ddae98d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.831] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea010000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea010000, AllocationBase=0x7ff8ea010000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.831] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.831] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e05b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e05b0000, AllocationBase=0x7ff8e05b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.831] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.831] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea000000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea000000, AllocationBase=0x7ff8ea000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.831] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.831] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deeb0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8deeb0000, AllocationBase=0x7ff8deeb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.831] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.831] VirtualProtect (in: lpAddress=0x7ff8deff04c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.832] VirtualProtect (in: lpAddress=0x7ff8deff04c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.832] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9060000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9060000, AllocationBase=0x7ff8e9060000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.832] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.832] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dfab0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dfab0000, AllocationBase=0x7ff8dfab0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.832] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.832] VirtualProtect (in: lpAddress=0x7ff8dfbea368, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.832] VirtualProtect (in: lpAddress=0x7ff8dfbea368, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.833] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd970000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd970000, AllocationBase=0x7ff8dd970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.833] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.833] VirtualProtect (in: lpAddress=0x7ff8dd9d3778, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.833] VirtualProtect (in: lpAddress=0x7ff8dd9d3778, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.833] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd950000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd950000, AllocationBase=0x7ff8dd950000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.833] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.833] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd900000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd900000, AllocationBase=0x7ff8dd900000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.833] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.833] VirtualProtect (in: lpAddress=0x7ff8dd9323c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.834] VirtualProtect (in: lpAddress=0x7ff8dd9323c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.834] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd8f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd8f0000, AllocationBase=0x7ff8dd8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.834] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.834] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7cd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7cd0000, AllocationBase=0x7ff8e7cd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.834] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.834] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5050000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e5050000, AllocationBase=0x7ff8e5050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.834] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.834] VirtualProtect (in: lpAddress=0x7ff8e5103430, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.835] VirtualProtect (in: lpAddress=0x7ff8e5103430, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.835] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3c30000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3c30000, AllocationBase=0x7ff8e3c30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.835] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.835] VirtualProtect (in: lpAddress=0x7ff8e3cd8470, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.835] VirtualProtect (in: lpAddress=0x7ff8e3cd8470, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.835] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd630000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd630000, AllocationBase=0x7ff8dd630000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.836] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.836] VirtualProtect (in: lpAddress=0x7ff8dd6c8040, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.836] VirtualProtect (in: lpAddress=0x7ff8dd6c8040, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.836] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dff00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dff00000, AllocationBase=0x7ff8dff00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.836] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.836] VirtualProtect (in: lpAddress=0x7ff8e00e4528, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.837] VirtualProtect (in: lpAddress=0x7ff8e00e4528, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.837] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3a50000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3a50000, AllocationBase=0x7ff8e3a50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.837] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.837] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd310000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd310000, AllocationBase=0x7ff8dd310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.837] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.837] VirtualProtect (in: lpAddress=0x7ff8dd48c080, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.837] VirtualProtect (in: lpAddress=0x7ff8dd48c080, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.837] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd2f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd2f0000, AllocationBase=0x7ff8dd2f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.837] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.837] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd250000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd250000, AllocationBase=0x7ff8dd250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.837] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.837] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6c30000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e6c30000, AllocationBase=0x7ff8e6c30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.837] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.837] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5a30000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e5a30000, AllocationBase=0x7ff8e5a30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.837] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.838] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x6570000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x6570000, AllocationBase=0x6570000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x883000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.838] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.838] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd210000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd210000, AllocationBase=0x7ff8dd210000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.838] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.838] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebbf0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ebbf0000, AllocationBase=0x7ff8ebbf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.838] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.838] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd190000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd190000, AllocationBase=0x7ff8dd190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.838] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.838] VirtualProtect (in: lpAddress=0x7ff8dd1e9218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.839] VirtualProtect (in: lpAddress=0x7ff8dd1e9218, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.839] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee040000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee040000, AllocationBase=0x7ff8ee040000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.839] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.839] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee250000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee250000, AllocationBase=0x7ff8ee250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.839] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.839] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd0b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd0b0000, AllocationBase=0x7ff8dd0b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.839] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.839] VirtualProtect (in: lpAddress=0x7ff8dd13e398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.839] VirtualProtect (in: lpAddress=0x7ff8dd13e398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.840] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5dd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e5dd0000, AllocationBase=0x7ff8e5dd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.840] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.840] VirtualProtect (in: lpAddress=0x7ff8e5e732e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.840] VirtualProtect (in: lpAddress=0x7ff8e5e732e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.840] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd020000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dd020000, AllocationBase=0x7ff8dd020000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.840] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.840] VirtualProtect (in: lpAddress=0x7ff8dd079310, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.841] VirtualProtect (in: lpAddress=0x7ff8dd079310, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.841] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcfd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcfd0000, AllocationBase=0x7ff8dcfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.841] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.841] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e0a60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e0a60000, AllocationBase=0x7ff8e0a60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.841] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.841] VirtualProtect (in: lpAddress=0x7ff8e0b545d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.842] VirtualProtect (in: lpAddress=0x7ff8e0b545d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.842] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df190000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8df190000, AllocationBase=0x7ff8df190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.842] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.842] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e4fb0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e4fb0000, AllocationBase=0x7ff8e4fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.842] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.842] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9000000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9000000, AllocationBase=0x7ff8e9000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.842] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.842] VirtualProtect (in: lpAddress=0x7ff8e9042130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.842] VirtualProtect (in: lpAddress=0x7ff8e9042130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.842] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcd60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcd60000, AllocationBase=0x7ff8dcd60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.843] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.843] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcd40000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcd40000, AllocationBase=0x7ff8dcd40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.843] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.843] VirtualProtect (in: lpAddress=0x7ff8dcd4b270, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.843] VirtualProtect (in: lpAddress=0x7ff8dcd4b270, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.843] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea0f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea0f0000, AllocationBase=0x7ff8ea0f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.843] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.843] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc90000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcc90000, AllocationBase=0x7ff8dcc90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.843] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.843] VirtualProtect (in: lpAddress=0x7ff8dccf13c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.846] VirtualProtect (in: lpAddress=0x7ff8dccf13c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.846] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e0f70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e0f70000, AllocationBase=0x7ff8e0f70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.846] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.847] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8480000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8480000, AllocationBase=0x7ff8e8480000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.847] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.847] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8460000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8460000, AllocationBase=0x7ff8e8460000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.847] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.847] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e15f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e15f0000, AllocationBase=0x7ff8e15f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.847] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.847] VirtualProtect (in: lpAddress=0x7ff8e162f1b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.848] VirtualProtect (in: lpAddress=0x7ff8e162f1b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.848] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcc70000, AllocationBase=0x7ff8dcc70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.848] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.848] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc50000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcc50000, AllocationBase=0x7ff8dcc50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.848] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.848] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e99e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e99e0000, AllocationBase=0x7ff8e99e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.848] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.848] VirtualProtect (in: lpAddress=0x7ff8e99f5130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.849] VirtualProtect (in: lpAddress=0x7ff8e99f5130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.849] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcbd0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcbd0000, AllocationBase=0x7ff8dcbd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.849] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.849] VirtualProtect (in: lpAddress=0x7ff8dcc27220, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.850] VirtualProtect (in: lpAddress=0x7ff8dcc27220, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.850] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea5c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea5c0000, AllocationBase=0x7ff8ea5c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.850] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.850] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcba0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcba0000, AllocationBase=0x7ff8dcba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.850] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.850] VirtualProtect (in: lpAddress=0x7ff8dcbb9378, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.850] VirtualProtect (in: lpAddress=0x7ff8dcbb9378, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.850] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcb00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dcb00000, AllocationBase=0x7ff8dcb00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.850] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.851] VirtualProtect (in: lpAddress=0x7ff8dcb52490, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.851] VirtualProtect (in: lpAddress=0x7ff8dcb52490, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.851] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea3c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea3c0000, AllocationBase=0x7ff8ea3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.851] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.851] VirtualProtect (in: lpAddress=0x7ff8ea4383d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.852] VirtualProtect (in: lpAddress=0x7ff8ea4383d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.852] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8860000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8860000, AllocationBase=0x7ff8e8860000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.852] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.852] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8650000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8650000, AllocationBase=0x7ff8e8650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.852] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.852] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2ea0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e2ea0000, AllocationBase=0x7ff8e2ea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.852] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.852] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dca80000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dca80000, AllocationBase=0x7ff8dca80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.852] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.852] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dca20000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dca20000, AllocationBase=0x7ff8dca20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.852] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.852] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec2a0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec2a0000, AllocationBase=0x7ff8ec2a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.852] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.852] VirtualProtect (in: lpAddress=0x7ff8ec2df140, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.853] VirtualProtect (in: lpAddress=0x7ff8ec2df140, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.853] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e76f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e76f0000, AllocationBase=0x7ff8e76f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.853] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.853] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea8c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea8c0000, AllocationBase=0x7ff8ea8c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.853] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.853] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea880000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea880000, AllocationBase=0x7ff8ea880000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.853] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.853] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea1d0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ea1d0000, AllocationBase=0x7ff8ea1d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.853] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.853] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6470000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e6470000, AllocationBase=0x7ff8e6470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.853] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.854] VirtualProtect (in: lpAddress=0x7ff8e6524288, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.854] VirtualProtect (in: lpAddress=0x7ff8e6524288, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.854] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6440000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e6440000, AllocationBase=0x7ff8e6440000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.854] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.854] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e75b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e75b0000, AllocationBase=0x7ff8e75b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.854] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.854] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da9a0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8da9a0000, AllocationBase=0x7ff8da9a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.854] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.854] VirtualProtect (in: lpAddress=0x7ff8da9ca8c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.855] VirtualProtect (in: lpAddress=0x7ff8da9ca8c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.855] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9ff0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d9ff0000, AllocationBase=0x7ff8d9ff0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.855] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.855] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7d90000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7d90000, AllocationBase=0x7ff8e7d90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.855] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.855] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df400000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8df400000, AllocationBase=0x7ff8df400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.855] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.855] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dc780000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dc780000, AllocationBase=0x7ff8dc780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.855] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.855] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dc6e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dc6e0000, AllocationBase=0x7ff8dc6e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.855] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.855] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eac70000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8eac70000, AllocationBase=0x7ff8eac70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.856] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.856] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da950000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8da950000, AllocationBase=0x7ff8da950000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.856] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.856] VirtualProtect (in: lpAddress=0x7ff8da9774f8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.856] VirtualProtect (in: lpAddress=0x7ff8da9774f8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.856] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9eb0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d9eb0000, AllocationBase=0x7ff8d9eb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.856] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.856] VirtualProtect (in: lpAddress=0x7ff8d9f7c4d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.857] VirtualProtect (in: lpAddress=0x7ff8d9f7c4d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.857] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5160000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e5160000, AllocationBase=0x7ff8e5160000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.857] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.857] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7f00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7f00000, AllocationBase=0x7ff8e7f00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.857] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.857] VirtualProtect (in: lpAddress=0x7ff8e7f4a4c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.858] VirtualProtect (in: lpAddress=0x7ff8e7f4a4c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.858] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da8d0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8da8d0000, AllocationBase=0x7ff8da8d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.858] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.858] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da840000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8da840000, AllocationBase=0x7ff8da840000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.858] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.858] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9bf0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d9bf0000, AllocationBase=0x7ff8d9bf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.858] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.858] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9a40000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d9a40000, AllocationBase=0x7ff8d9a40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.858] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.858] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d99f0000, AllocationBase=0x7ff8d99f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.858] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.858] VirtualProtect (in: lpAddress=0x7ff8d9a045d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.859] VirtualProtect (in: lpAddress=0x7ff8d9a045d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.859] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99d0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d99d0000, AllocationBase=0x7ff8d99d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.859] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.859] VirtualProtect (in: lpAddress=0x7ff8d99df008, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.859] VirtualProtect (in: lpAddress=0x7ff8d99df008, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.859] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d99c0000, AllocationBase=0x7ff8d99c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.860] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.860] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9970000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d9970000, AllocationBase=0x7ff8d9970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.861] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.861] VirtualProtect (in: lpAddress=0x7ff8d9996450, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.861] VirtualProtect (in: lpAddress=0x7ff8d9996450, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.861] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e81f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e81f0000, AllocationBase=0x7ff8e81f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.862] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.862] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d98e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d98e0000, AllocationBase=0x7ff8d98e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.862] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.862] VirtualProtect (in: lpAddress=0x7ff8d99264c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.862] VirtualProtect (in: lpAddress=0x7ff8d99264c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.862] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7a10000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7a10000, AllocationBase=0x7ff8d7a10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.862] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.863] VirtualProtect (in: lpAddress=0x7ff8d7ae5968, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.863] VirtualProtect (in: lpAddress=0x7ff8d7ae5968, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.863] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db940000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8db940000, AllocationBase=0x7ff8db940000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.863] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.863] VirtualProtect (in: lpAddress=0x7ff8db951368, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.864] VirtualProtect (in: lpAddress=0x7ff8db951368, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.864] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db910000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8db910000, AllocationBase=0x7ff8db910000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.864] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.864] VirtualProtect (in: lpAddress=0x7ff8db92d280, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.864] VirtualProtect (in: lpAddress=0x7ff8db92d280, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.865] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7850000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7850000, AllocationBase=0x7ff8d7850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.865] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.865] VirtualProtect (in: lpAddress=0x7ff8d7883468, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.865] VirtualProtect (in: lpAddress=0x7ff8d7883468, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.865] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7820000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7820000, AllocationBase=0x7ff8d7820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.865] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.865] VirtualProtect (in: lpAddress=0x7ff8d7833130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.866] VirtualProtect (in: lpAddress=0x7ff8d7833130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.866] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d77e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d77e0000, AllocationBase=0x7ff8d77e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.866] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.866] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e09f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e09f0000, AllocationBase=0x7ff8e09f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.866] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.866] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e72a0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e72a0000, AllocationBase=0x7ff8e72a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.866] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.866] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7280000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e7280000, AllocationBase=0x7ff8e7280000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.866] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.866] VirtualProtect (in: lpAddress=0x7ff8e728d1e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.867] VirtualProtect (in: lpAddress=0x7ff8e728d1e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.867] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2760000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e2760000, AllocationBase=0x7ff8e2760000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.867] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3570000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3570000, AllocationBase=0x7ff8e3570000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.867] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c40000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8c40000, AllocationBase=0x7ff8e8c40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.867] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8c00000, AllocationBase=0x7ff8e8c00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.867] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8140000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8140000, AllocationBase=0x7ff8e8140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.867] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8bc0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e8bc0000, AllocationBase=0x7ff8e8bc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.868] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.868] VirtualProtect (in: lpAddress=0x7ff8e8be92d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.868] VirtualProtect (in: lpAddress=0x7ff8e8be92d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.868] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e51f0000, AllocationBase=0x7ff8e51f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.868] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.868] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e51e0000, AllocationBase=0x7ff8e51e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.868] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.868] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3610000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3610000, AllocationBase=0x7ff8e3610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.868] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.869] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e35b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e35b0000, AllocationBase=0x7ff8e35b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.869] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.869] VirtualProtect (in: lpAddress=0x7ff8e35d4758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.869] VirtualProtect (in: lpAddress=0x7ff8e35d4758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.869] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3220000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3220000, AllocationBase=0x7ff8e3220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.869] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.869] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3190000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e3190000, AllocationBase=0x7ff8e3190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.869] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.869] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7740000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7740000, AllocationBase=0x7ff8d7740000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.869] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.870] VirtualProtect (in: lpAddress=0x7ff8d779b750, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.870] VirtualProtect (in: lpAddress=0x7ff8d779b750, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.870] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d76a0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d76a0000, AllocationBase=0x7ff8d76a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.870] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.870] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e54e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e54e0000, AllocationBase=0x7ff8e54e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.870] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.870] VirtualProtect (in: lpAddress=0x7ff8e54fe1b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.871] VirtualProtect (in: lpAddress=0x7ff8e54fe1b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.871] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db610000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8db610000, AllocationBase=0x7ff8db610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.871] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.871] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e53b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e53b0000, AllocationBase=0x7ff8e53b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.871] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.871] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dbc00000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dbc00000, AllocationBase=0x7ff8dbc00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.871] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.871] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dee80000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8dee80000, AllocationBase=0x7ff8dee80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.871] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.871] VirtualProtect (in: lpAddress=0x7ff8dee8b0d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.872] VirtualProtect (in: lpAddress=0x7ff8dee8b0d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.872] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e84e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e84e0000, AllocationBase=0x7ff8e84e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.872] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.872] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5310000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e5310000, AllocationBase=0x7ff8e5310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.872] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.872] VirtualProtect (in: lpAddress=0x7ff8e5317188, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.873] VirtualProtect (in: lpAddress=0x7ff8e5317188, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.873] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9fe0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e9fe0000, AllocationBase=0x7ff8e9fe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.873] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.873] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51d0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e51d0000, AllocationBase=0x7ff8e51d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.873] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.873] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db400000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8db400000, AllocationBase=0x7ff8db400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.873] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.873] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df410000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8df410000, AllocationBase=0x7ff8df410000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.873] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.873] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e1650000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e1650000, AllocationBase=0x7ff8e1650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.873] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.873] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d6770000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d6770000, AllocationBase=0x7ff8d6770000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.873] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.873] VirtualProtect (in: lpAddress=0x7ff8d6ce6b78, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.874] VirtualProtect (in: lpAddress=0x7ff8d6ce6b78, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.874] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5480000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e5480000, AllocationBase=0x7ff8e5480000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.874] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.874] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7c60000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7c60000, AllocationBase=0x7ff8d7c60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.874] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.874] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db380000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8db380000, AllocationBase=0x7ff8db380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.874] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.874] VirtualProtect (in: lpAddress=0x7ff8db394090, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.875] VirtualProtect (in: lpAddress=0x7ff8db394090, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.875] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da7b0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8da7b0000, AllocationBase=0x7ff8da7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.875] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.875] VirtualProtect (in: lpAddress=0x7ff8da7c83b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.876] VirtualProtect (in: lpAddress=0x7ff8da7c83b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.876] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5620000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d5620000, AllocationBase=0x7ff8d5620000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.876] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.876] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5520000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d5520000, AllocationBase=0x7ff8d5520000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.876] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.876] VirtualProtect (in: lpAddress=0x7ff8d55cd130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.877] VirtualProtect (in: lpAddress=0x7ff8d55cd130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.877] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec220000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ec220000, AllocationBase=0x7ff8ec220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.877] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.877] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e1780000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8e1780000, AllocationBase=0x7ff8e1780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.877] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.877] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5430000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d5430000, AllocationBase=0x7ff8d5430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.877] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.877] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d52f0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d52f0000, AllocationBase=0x7ff8d52f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.877] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.877] VirtualProtect (in: lpAddress=0x7ff8d5387738, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.878] VirtualProtect (in: lpAddress=0x7ff8d5387738, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.878] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7500000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7500000, AllocationBase=0x7ff8d7500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.878] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.878] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5e90000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d5e90000, AllocationBase=0x7ff8d5e90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.878] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.878] VirtualProtect (in: lpAddress=0x7ff8d5f044c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.879] VirtualProtect (in: lpAddress=0x7ff8d5f044c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.879] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7400000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d7400000, AllocationBase=0x7ff8d7400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.879] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.879] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d73e0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d73e0000, AllocationBase=0x7ff8d73e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.879] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.879] VirtualProtect (in: lpAddress=0x7ff8d73e9158, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x2) returned 1 [0179.879] VirtualProtect (in: lpAddress=0x7ff8d73e9158, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x307f690 | out: lpflOldProtect=0x307f690*=0x40) returned 1 [0179.880] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5240000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d5240000, AllocationBase=0x7ff8d5240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.880] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.880] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d64c0000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d64c0000, AllocationBase=0x7ff8d64c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.880] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.880] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5220000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8d5220000, AllocationBase=0x7ff8d5220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.880] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.880] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee240000, lpBuffer=0x307f760, dwLength=0x30 | out: lpBuffer=0x307f760*(BaseAddress=0x7ff8ee240000, AllocationBase=0x7ff8ee240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.880] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f690, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f690, ReturnLength=0x0) returned 0x0 [0179.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xe814430, Length=0x10000, ResultLength=0x307f800 | out: SystemInformation=0xe814430, ResultLength=0x307f800*=0x12b30) returned 0xc0000004 [0179.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0xe814430, Length=0x12b30, ResultLength=0x307f800 | out: SystemInformation=0xe814430, ResultLength=0x307f800*=0x12b30) returned 0x0 [0179.881] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="System", AllocateDestinationString=1) returned 0x0 [0179.881] RtlFreeAnsiString (AnsiString="S") [0179.881] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="smss.exe", AllocateDestinationString=1) returned 0x0 [0179.881] RtlFreeAnsiString (AnsiString="S") [0179.881] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0179.881] RtlFreeAnsiString (AnsiString="C") [0179.881] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="wininit.exe", AllocateDestinationString=1) returned 0x0 [0179.881] RtlFreeAnsiString (AnsiString="W") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="C") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="winlogon.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="W") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="services.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="lsass.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="L") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="dwm.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="D") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="spoolsv.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="OfficeClickToRun.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="O") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="sihost.exe", AllocateDestinationString=1) returned 0x0 [0179.882] RtlFreeAnsiString (AnsiString="S") [0179.882] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="taskhostw.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="T") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="explorer.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="E") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="RuntimeBroker.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="R") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="ShellExperienceHost.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="S") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="SearchUI.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="S") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="backgroundTaskHost.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="B") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="uni-likely.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="U") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="treo.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="T") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="subsection berry drainage.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="S") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="shade.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="S") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="conversations.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="C") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="maui observation.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="M") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="oldsleepsdelay.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="O") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="interactions-miles-validity.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="I") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="infraredpdf.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="I") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="ranges tremendous.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="R") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="statute lan.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="S") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="batteries.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="B") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="word_societies.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="W") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="gtreserves.exe", AllocateDestinationString=1) returned 0x0 [0179.883] RtlFreeAnsiString (AnsiString="G") [0179.883] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="skiing_layer_resolutions.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="S") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="abortion-auditor.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="A") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="alpine zones.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="A") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="completion.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="C") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="fiscalrkansas.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="F") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="funny.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="F") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="backgroundTaskHost.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="B") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="audiodg.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="A") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="S") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="sc.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="S") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="conhost.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="C") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="backgroundTaskHost.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="B") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="sppsvc.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="S") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="WMIADAP.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="W") [0179.884] RtlUpcaseUnicodeString (DestinationString=0x307f790, SourceString="WmiPrvSE.exe", AllocateDestinationString=1) returned 0x0 [0179.884] RtlFreeAnsiString (AnsiString="W") [0179.884] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0179.885] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegCreateKeyA") returned 0x7ff8ee1d6dc0 [0179.885] RegCreateKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x307f840 | out: phkResult=0x307f840*=0x20f4) returned 0x0 [0179.885] RegQueryValueExA (in: hKey=0x20f4, lpValueName="Client", lpReserved=0x0, lpType=0x307f838, lpData=0x62c6ba0, lpcbData=0x307f830*=0x28 | out: lpType=0x307f838*=0x3, lpData=0x62c6ba0*, lpcbData=0x307f830*=0x28) returned 0x0 [0179.885] RegCloseKey (hKey=0x20f4) returned 0x0 [0179.885] wsprintfA (in: param_1=0xe90fec0, param_2="%08x%08x%08x%08x" | out: param_1="c5449c7a8bfcc0923b720af430d5cede") returned 32 [0179.885] GetComputerNameA (in: lpBuffer=0x307f720, nSize=0x307f830 | out: lpBuffer="LHNIWSJ", nSize=0x307f830) returned 1 [0179.885] lstrlenA (lpString="LHNIWSJ") returned 7 [0179.885] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegOpenKeyExA") returned 0x7ff8ee1a7d70 [0179.885] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x307f710 | out: phkResult=0x307f710*=0x20f4) returned 0x0 [0179.886] RegQueryValueExA (in: hKey=0x20f4, lpValueName="ProductID", lpReserved=0x0, lpType=0x0, lpData=0x307f720, lpcbData=0x307f830*=0x100 | out: lpType=0x0, lpData=0x307f720*=0x30, lpcbData=0x307f830*=0x18) returned 0x0 [0179.886] lstrlenA (lpString="00330-80107-01105-AA992") returned 23 [0179.886] RegQueryValueExA (in: hKey=0x20f4, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x307f720, lpcbData=0x307f830*=0x100 | out: lpType=0x0, lpData=0x307f720*=0x57, lpcbData=0x307f830*=0xf) returned 0x0 [0179.886] lstrlenA (lpString="Windows 10 Pro") returned 14 [0179.886] RegQueryValueExA (in: hKey=0x20f4, lpValueName="CurrentVersion", lpReserved=0x0, lpType=0x0, lpData=0x307f720, lpcbData=0x307f830*=0x100 | out: lpType=0x0, lpData=0x307f720*=0x36, lpcbData=0x307f830*=0x4) returned 0x0 [0179.886] lstrlenA (lpString="6.3") returned 3 [0179.886] RegQueryValueExA (in: hKey=0x20f4, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0x307f718, lpcbData=0x307f830*=0x4 | out: lpType=0x0, lpData=0x307f718*=0x41, lpcbData=0x307f830*=0x4) returned 0x0 [0179.886] RegCloseKey (hKey=0x20f4) returned 0x0 [0179.886] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x307f848, lpMaximumComponentLength=0x307f830, lpFileSystemFlags=0x307f840, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x307f848*=0xd2ca4def, lpMaximumComponentLength=0x307f830*=0xff, lpFileSystemFlags=0x307f840*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1 [0179.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x627c5b8, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x307f908 | out: lpThreadId=0x307f908*=0x4dc) returned 0x20f4 [0179.886] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x7ff8ec300000 [0179.887] GetProcAddress (hModule=0x7ff8ec300000, lpProcName="CreateStreamOnHGlobal") returned 0x7ff8edd870a0 [0179.887] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x62c76a8 | out: ppstm=0x62c76a8*=0xadb6890) returned 0x0 [0179.888] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2080 [0179.888] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x62907f0, lpParameter=0x62c7880, dwCreationFlags=0x0, lpThreadId=0x62c7888 | out: lpThreadId=0x62c7888*=0xdf4) returned 0x20ec [0179.888] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x627eb80, lpParameter=0x62c7710, dwCreationFlags=0x0, lpThreadId=0x62c7718 | out: lpThreadId=0x62c7718*=0xd30) returned 0x20dc [0179.888] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 0x0 [0179.888] CreateWaitableTimerA (lpTimerAttributes=0x62c77b0, bManualReset=1, lpTimerName="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 0x20c4 [0179.888] GetLastError () returned 0x0 [0179.889] GetProcAddress (hModule=0x7ff8edfe0000, lpProcName="PathFindFileNameA") returned 0x7ff8edfecf30 [0179.889] PathFindFileNameA (pszPath="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0179.889] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x307f7d0 | out: phkResult=0x307f7d0*=0x20b8) returned 0x0 [0179.889] RegQueryValueExA (in: hKey=0x20b8, lpValueName="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}", lpReserved=0x0, lpType=0x307f770, lpData=0x0, lpcbData=0x307f818*=0x62c7718 | out: lpType=0x307f770*=0x0, lpData=0x0, lpcbData=0x307f818*=0x0) returned 0x2 [0179.889] RegCloseKey (hKey=0x20b8) returned 0x0 [0179.889] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x307f7a8 | out: lpSystemTimeAsFileTime=0x307f7a8*(dwLowDateTime=0x9b3a2ad4, dwHighDateTime=0x1d471c9)) [0179.889] PathFindFileNameA (pszPath="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0179.889] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x307f740 | out: phkResult=0x307f740*=0x20b8) returned 0x0 [0179.889] RegSetValueExA (in: hKey=0x20b8, lpValueName="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}", Reserved=0x0, dwType=0x3, lpData=0x307f7a8*, cbData=0x8 | out: lpData=0x307f7a8*) returned 0x0 [0179.889] RegCloseKey (hKey=0x20b8) returned 0x0 [0179.889] SetWaitableTimer (hTimer=0x20c4, lpDueTime=0x307f7a8, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0179.889] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 0x0 [0179.889] CreateWaitableTimerA (lpTimerAttributes=0x62c77b0, bManualReset=1, lpTimerName="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 0x20b8 [0179.889] GetLastError () returned 0x0 [0179.889] SetWaitableTimer (hTimer=0x20b8, lpDueTime=0x307f818, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0179.889] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 0x0 [0179.890] CreateMutexA (lpMutexAttributes=0x62c77b0, bInitialOwner=0, lpName="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 0x208c [0179.890] CreateEventA (lpEventAttributes=0x62c77b0, bManualReset=1, bInitialState=0, lpName="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 0x2098 [0179.890] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 0x0 [0179.890] CreateWaitableTimerA (lpTimerAttributes=0x62c77b0, bManualReset=1, lpTimerName="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 0x2090 [0179.890] GetLastError () returned 0x0 [0179.890] SetWaitableTimer (hTimer=0x2090, lpDueTime=0x307f818, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0179.890] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned 0x0 [0179.890] CreateMutexA (lpMutexAttributes=0x62c77b0, bInitialOwner=0, lpName="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned 0x2070 [0179.890] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 0x0 [0179.890] CreateWaitableTimerA (lpTimerAttributes=0x62c77b0, bManualReset=1, lpTimerName="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 0x1f80 [0179.890] GetLastError () returned 0x0 [0179.890] SetWaitableTimer (hTimer=0x1f80, lpDueTime=0x307f818, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0179.890] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 0x0 [0179.890] CreateMutexA (lpMutexAttributes=0x62c77b0, bInitialOwner=0, lpName="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 0x2088 [0179.890] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x7ff8ee190000 [0179.891] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7ff8ee190000 [0179.912] lstrcmpA (lpString1="A_SHAFinal", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="A_SHAInit", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="A_SHAUpdate", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AbortSystemShutdownA", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AbortSystemShutdownW", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheck", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckAndAuditAlarmA", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByType", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmA", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmA", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddConditionalAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddMandatoryAce", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddUsersToEncryptedFile", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AddUsersToEncryptedFileEx", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AuditComputeEffectivePolicyBySid", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AuditComputeEffectivePolicyByToken", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AuditEnumerateCategories", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AuditEnumeratePerUserPolicy", lpString2="CryptGetUserKey") returned -1 [0179.912] lstrcmpA (lpString1="AuditEnumerateSubCategories", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditFree", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditLookupCategoryGuidFromCategoryId", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditLookupCategoryIdFromCategoryGuid", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditLookupCategoryNameA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditLookupCategoryNameW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditLookupSubCategoryNameA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditLookupSubCategoryNameW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditQueryGlobalSaclA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditQueryGlobalSaclW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditQueryPerUserPolicy", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditQuerySecurity", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditQuerySystemPolicy", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditSetGlobalSaclA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditSetGlobalSaclW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditSetPerUserPolicy", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditSetSecurity", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="AuditSetSystemPolicy", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BackupEventLogA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BackupEventLogW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegCloseKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegCreateKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegDeleteKeyEx", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegDeleteValue", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegFlushKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegGetVersion", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegLoadKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegOpenKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegRestoreKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegSaveKeyEx", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegSetKeySecurity", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegSetValue", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BaseRegUnLoadKey", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildExplicitAccessWithNameA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildExplicitAccessWithNameW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildImpersonateTrusteeA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildImpersonateTrusteeW", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0179.913] lstrcmpA (lpString1="BuildSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithNameA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithNameW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithSidA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="BuildTrusteeWithSidW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CancelOverlappedAccess", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ChangeServiceConfig2A", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ChangeServiceConfig2W", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ChangeServiceConfigA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ChangeServiceConfigW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CheckForHiberboot", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CheckTokenMembership", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ClearEventLogA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ClearEventLogW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CloseCodeAuthzLevel", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CloseEncryptedFileRaw", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CloseEventLog", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CloseServiceHandle", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CloseThreadWaitChainSession", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CloseTrace", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="CommandLineFromMsiDescriptor", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ComputeAccessTokenFromCodeAuthzLevel", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ControlService", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ControlServiceExA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ControlServiceExW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ControlTraceA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ControlTraceW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSDToStringSDDomainW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessW", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0179.914] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertSidToStringSidA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertSidToStringSidW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSDToSDDomainA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSDToSDDomainW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSidToSidA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertStringSidToSidW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CopySid", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateCodeAuthzLevel", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateProcessWithLogonW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateProcessWithTokenW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateRestrictedToken", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateServiceA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateServiceW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateTraceInstanceId", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CreateWellKnownSid", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredBackupCredentials", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredDeleteA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredDeleteW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredEncryptAndMarshalBinaryBlob", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredEnumerateA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredEnumerateW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredFindBestCredentialA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredFindBestCredentialW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredFree", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredGetSessionTypes", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredGetTargetInfoA", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredGetTargetInfoW", lpString2="CryptGetUserKey") returned -1 [0179.915] lstrcmpA (lpString1="CredIsMarshaledCredentialA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredIsMarshaledCredentialW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredIsProtectedA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredIsProtectedW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredMarshalCredentialA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredMarshalCredentialW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredProfileLoaded", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredProfileLoadedEx", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredProfileUnloaded", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredProtectA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredProtectW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredReadA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredReadByTokenHandle", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredReadDomainCredentialsA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredReadDomainCredentialsW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredReadW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredRenameA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredRenameW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredRestoreCredentials", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredUnmarshalCredentialA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredUnmarshalCredentialW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredUnprotectA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredUnprotectW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredWriteA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredWriteDomainCredentialsA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredWriteDomainCredentialsW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredWriteW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredpConvertCredential", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredpConvertOneCredentialSize", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredpConvertTargetInfo", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredpDecodeCredential", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredpEncodeCredential", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CredpEncodeSecret", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CryptAcquireContextA", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CryptAcquireContextW", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CryptContextAddRef", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CryptCreateHash", lpString2="CryptGetUserKey") returned -1 [0179.916] lstrcmpA (lpString1="CryptDecrypt", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptDeriveKey", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptDestroyHash", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptDestroyKey", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptDuplicateHash", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptDuplicateKey", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptEncrypt", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptEnumProviderTypesA", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptEnumProviderTypesW", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptEnumProvidersA", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptEnumProvidersW", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptExportKey", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGenKey", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGenRandom", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGetDefaultProviderA", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGetDefaultProviderW", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGetHashParam", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGetKeyParam", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGetProvParam", lpString2="CryptGetUserKey") returned -1 [0179.917] lstrcmpA (lpString1="CryptGetUserKey", lpString2="CryptGetUserKey") returned 0 [0179.917] VirtualProtect (in: lpAddress=0x7ff8ee21bbbc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x307f728 | out: lpflOldProtect=0x307f728*=0x2) returned 1 [0179.917] VirtualProtect (in: lpAddress=0x7ff8ee1f380e, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x20) returned 1 [0179.918] VirtualProtect (in: lpAddress=0x7ff8ee1f380e, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x307f720 | out: lpflOldProtect=0x307f720*=0x40) returned 1 [0179.918] VirtualProtect (in: lpAddress=0x7ff8ee21bbbc, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x307f728 | out: lpflOldProtect=0x307f728*=0x40) returned 1 [0179.918] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f6c0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f6c0, ReturnLength=0x0) returned 0x0 [0179.918] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xe811400, cb=0x1000, lpcbNeeded=0x307f7c8 | out: lphModule=0xe811400, lpcbNeeded=0x307f7c8) returned 1 [0179.921] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff79fdc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff79fdc0000, AllocationBase=0x7ff79fdc0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.921] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.921] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="OLEAUT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-com-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.921] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-winrt-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-eventing-classicprovider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-power-base-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-string-l2-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-path-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-timezone-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-winrt-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-datetime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-util-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-interlocked-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-rtlsupport-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-job-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-kernel32-private-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-registryuserspecific-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-com-private-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-atoms-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.922] lstrcmpiA (lpString1="api-ms-win-core-url-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="KERNEL32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="USER32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="GDI32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="SHCORE.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="SHLWAPI.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="SHELL32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="PROPSYS.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="UxTheme.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="dwmapi.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="TWINAPI.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="combase.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="d3d11.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="dcomp.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-string-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-psapi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="SspiCli.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l2-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-winrt-error-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-io-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-eventing-controller-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-3.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="USERENV.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-file-l2-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-service-management-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="CRYPT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-sidebyside-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="SLC.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="profapi.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="netutils.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.930] lstrcmpiA (lpString1="wkscli.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-security-sddl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="CRYPTSP.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="ole32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="CFGMGR32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="WINTRUST.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="Bcp47Langs.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="WINSTA.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="OLEACC.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="DUser.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="DUI70.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="SndVolSSO.DLL", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="WinLangdb.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="MFPlat.DLL", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="MF.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="SETTINGSYNCPOLICY.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="wlanapi.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="AppXAllUserStore.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-appmodel-state-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="ext-ms-win-ntuser-draw-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="ext-ms-win-ntuser-draw-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-core-biptcltapi-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-core-biptcltapi-l1-1-3.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-core-biplmapi-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="dsreg.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="ext-ms-onecore-appmodel-veventdispatcher-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="SystemEventsBrokerClient.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-service-management-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="api-ms-win-service-winsvc-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="WINMM.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="UIAutomationCore.DLL", lpString2="ADVAPI32.DLL") returned 1 [0179.931] lstrcmpiA (lpString1="XmlLite.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.931] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee380000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee380000, AllocationBase=0x7ff8ee380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.931] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.931] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee2d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee2d0000, AllocationBase=0x7ff8ee2d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.931] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.931] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb870000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eb870000, AllocationBase=0x7ff8eb870000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.931] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.932] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9500000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9500000, AllocationBase=0x7ff8e9500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.932] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.932] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-appcompat-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="KERNEL32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-localization-obsolete-l1-3-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee0b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee0b0000, AllocationBase=0x7ff8ee0b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.932] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.932] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-console-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-datetime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-fibers-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-namedpipe-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.932] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-util-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="KERNELBASE.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebb30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ebb30000, AllocationBase=0x7ff8ebb30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.933] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.933] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="combase.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-com-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-localization-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-datetime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-kernel32-private-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-localization-private-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="KERNELBASE.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="ext-ms-win-ole32-oleautomation-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="ext-ms-win-sxs-oleautomation-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edd60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edd60000, AllocationBase=0x7ff8edd60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.933] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.933] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.933] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-3.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-fibers-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-interlocked-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-heap-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-privateprofile-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-sidebyside-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-string-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-windowserrorreporting-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-quirks-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-util-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="bcrypt.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="CRYPT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="OLEAUT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-security-sddl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-service-core-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-service-winsvc-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-security-cryptoapi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="ext-ms-win-rtcore-ntuser-synch-ext-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.934] lstrcmpiA (lpString1="ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-ntuser-misc-l1-5-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-ntuser-private-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-ntuser-windowstation-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-gdi-dc-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-gdi-draw-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-gdi-metafile-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-rtcore-gdi-object-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-com-clbcatq-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-com-ole32-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-com-coml2-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-advapi32-msi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-kernel32-package-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-kernel32-package-current-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-advapi32-psm-app-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-com-psmregister-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-core-winrt-remote-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-com-suspendresiliency-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ole32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="ext-ms-win-appmodel-state-ext-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec450000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec450000, AllocationBase=0x7ff8ec450000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.935] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.935] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-interlocked-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-io-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-string-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-heap-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-namedpipe-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.935] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-timezone-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-threadpool-legacy-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="KERNELBASE.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="ext-ms-win-core-winrt-remote-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="ext-ms-win-rpc-ssl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="SspiCli.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="WS2_32.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="IPHLPAPI.DLL", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="ext-ms-win-authz-context-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-security-sddl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="bcryptPrimitives.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eadd0000, AllocationBase=0x7ff8eadd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.936] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.936] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-localization-private-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-realtime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="WMICLNT.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.936] lstrcmpiA (lpString1="api-ms-win-devices-query-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-service-private-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebdc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ebdc0000, AllocationBase=0x7ff8ebdc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.937] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.937] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-string-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-privateprofile-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-atoms-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-heap-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-string-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-localization-obsolete-l1-3-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-stringansi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] lstrcmpiA (lpString1="api-ms-win-core-sidebyside-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0179.937] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edbc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edbc0000, AllocationBase=0x7ff8edbc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.937] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.937] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb7b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eb7b0000, AllocationBase=0x7ff8eb7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.937] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.937] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edfe0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edfe0000, AllocationBase=0x7ff8edfe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.937] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.938] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec580000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec580000, AllocationBase=0x7ff8ec580000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.938] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.938] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eb180000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eb180000, AllocationBase=0x7ff8eb180000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.938] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee190000, AllocationBase=0x7ff8ee190000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec240000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec240000, AllocationBase=0x7ff8ec240000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae20000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eae20000, AllocationBase=0x7ff8eae20000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eae30000, AllocationBase=0x7ff8eae30000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eafb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eafb0000, AllocationBase=0x7ff8eafb0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eadb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eadb0000, AllocationBase=0x7ff8eadb0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e79b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e79b0000, AllocationBase=0x7ff8e79b0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.939] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9680000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9680000, AllocationBase=0x7ff8e9680000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.939] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8fb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8fb0000, AllocationBase=0x7ff8e8fb0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df0c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df0c0000, AllocationBase=0x7ff8df0c0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8d00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8d00000, AllocationBase=0x7ff8e8d00000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9130000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9130000, AllocationBase=0x7ff8e9130000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea9d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea9d0000, AllocationBase=0x7ff8ea9d0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea360000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea360000, AllocationBase=0x7ff8ea360000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8b90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8b90000, AllocationBase=0x7ff8e8b90000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8c60000, AllocationBase=0x7ff8e8c60000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8b60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8b60000, AllocationBase=0x7ff8e8b60000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee150000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee150000, AllocationBase=0x7ff8ee150000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.940] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec0c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec0c0000, AllocationBase=0x7ff8ec0c0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.940] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eac00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eac00000, AllocationBase=0x7ff8eac00000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec300000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec300000, AllocationBase=0x7ff8ec300000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8edb10000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8edb10000, AllocationBase=0x7ff8edb10000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea820000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea820000, AllocationBase=0x7ff8ea820000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea620000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea620000, AllocationBase=0x7ff8ea620000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eabd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eabd0000, AllocationBase=0x7ff8eabd0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea270000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea270000, AllocationBase=0x7ff8ea270000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea790000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea790000, AllocationBase=0x7ff8ea790000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df640000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df640000, AllocationBase=0x7ff8df640000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3040000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3040000, AllocationBase=0x7ff8e3040000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7400000, AllocationBase=0x7ff8e7400000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dee60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dee60000, AllocationBase=0x7ff8dee60000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6140000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6140000, AllocationBase=0x7ff8e6140000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.941] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.941] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e60a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e60a0000, AllocationBase=0x7ff8e60a0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6330000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6330000, AllocationBase=0x7ff8e6330000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ded70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ded70000, AllocationBase=0x7ff8ded70000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deca0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8deca0000, AllocationBase=0x7ff8deca0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7430000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7430000, AllocationBase=0x7ff8e7430000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8ad0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8ad0000, AllocationBase=0x7ff8e8ad0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8af0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8af0000, AllocationBase=0x7ff8e8af0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e57b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e57b0000, AllocationBase=0x7ff8e57b0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dec30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dec30000, AllocationBase=0x7ff8dec30000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9e00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9e00000, AllocationBase=0x7ff8e9e00000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7b40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7b40000, AllocationBase=0x7ff8e7b40000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9720000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9720000, AllocationBase=0x7ff8e9720000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.942] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eaf60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eaf60000, AllocationBase=0x7ff8eaf60000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8debc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8debc0000, AllocationBase=0x7ff8debc0000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deb70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8deb70000, AllocationBase=0x7ff8deb70000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6640000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6640000, AllocationBase=0x7ff8e6640000, AllocationProtect=0x80, __alignment1=0xfffff801, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9860000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9860000, AllocationBase=0x7ff8e9860000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8de6e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8de6e0000, AllocationBase=0x7ff8de6e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee260000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee260000, AllocationBase=0x7ff8ee260000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddbd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ddbd0000, AllocationBase=0x7ff8ddbd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3a70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3a70000, AllocationBase=0x7ff8e3a70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.943] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddb80000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ddb80000, AllocationBase=0x7ff8ddb80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.943] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ddb70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ddb70000, AllocationBase=0x7ff8ddb70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eae50000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eae50000, AllocationBase=0x7ff8eae50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e86a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e86a0000, AllocationBase=0x7ff8e86a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2f70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e2f70000, AllocationBase=0x7ff8e2f70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dda90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dda90000, AllocationBase=0x7ff8dda90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea010000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea010000, AllocationBase=0x7ff8ea010000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e05b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e05b0000, AllocationBase=0x7ff8e05b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea000000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea000000, AllocationBase=0x7ff8ea000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8deeb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8deeb0000, AllocationBase=0x7ff8deeb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9060000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9060000, AllocationBase=0x7ff8e9060000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.944] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dfab0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dfab0000, AllocationBase=0x7ff8dfab0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.944] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd970000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd970000, AllocationBase=0x7ff8dd970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd950000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd950000, AllocationBase=0x7ff8dd950000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd900000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd900000, AllocationBase=0x7ff8dd900000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd8f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd8f0000, AllocationBase=0x7ff8dd8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7cd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7cd0000, AllocationBase=0x7ff8e7cd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5050000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5050000, AllocationBase=0x7ff8e5050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.945] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3c30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3c30000, AllocationBase=0x7ff8e3c30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.945] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd630000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd630000, AllocationBase=0x7ff8dd630000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dff00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dff00000, AllocationBase=0x7ff8dff00000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3a50000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3a50000, AllocationBase=0x7ff8e3a50000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd310000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd310000, AllocationBase=0x7ff8dd310000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd2f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd2f0000, AllocationBase=0x7ff8dd2f0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd250000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd250000, AllocationBase=0x7ff8dd250000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6c30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6c30000, AllocationBase=0x7ff8e6c30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5a30000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5a30000, AllocationBase=0x7ff8e5a30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x6570000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x6570000, AllocationBase=0x6570000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x883000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd210000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd210000, AllocationBase=0x7ff8dd210000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ebbf0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ebbf0000, AllocationBase=0x7ff8ebbf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd190000, AllocationBase=0x7ff8dd190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee040000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee040000, AllocationBase=0x7ff8ee040000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee250000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee250000, AllocationBase=0x7ff8ee250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd0b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd0b0000, AllocationBase=0x7ff8dd0b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5dd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5dd0000, AllocationBase=0x7ff8e5dd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.965] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dd020000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dd020000, AllocationBase=0x7ff8dd020000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.965] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcfd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcfd0000, AllocationBase=0x7ff8dcfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e0a60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e0a60000, AllocationBase=0x7ff8e0a60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df190000, AllocationBase=0x7ff8df190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e4fb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e4fb0000, AllocationBase=0x7ff8e4fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9000000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9000000, AllocationBase=0x7ff8e9000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcd60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcd60000, AllocationBase=0x7ff8dcd60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcd40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcd40000, AllocationBase=0x7ff8dcd40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea0f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea0f0000, AllocationBase=0x7ff8ea0f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcc90000, AllocationBase=0x7ff8dcc90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e0f70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e0f70000, AllocationBase=0x7ff8e0f70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.966] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8480000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8480000, AllocationBase=0x7ff8e8480000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.966] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8460000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8460000, AllocationBase=0x7ff8e8460000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e15f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e15f0000, AllocationBase=0x7ff8e15f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcc70000, AllocationBase=0x7ff8dcc70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcc50000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcc50000, AllocationBase=0x7ff8dcc50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e99e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e99e0000, AllocationBase=0x7ff8e99e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcbd0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcbd0000, AllocationBase=0x7ff8dcbd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea5c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea5c0000, AllocationBase=0x7ff8ea5c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcba0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcba0000, AllocationBase=0x7ff8dcba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dcb00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dcb00000, AllocationBase=0x7ff8dcb00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea3c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea3c0000, AllocationBase=0x7ff8ea3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.967] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.967] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8860000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8860000, AllocationBase=0x7ff8e8860000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8650000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8650000, AllocationBase=0x7ff8e8650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2ea0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e2ea0000, AllocationBase=0x7ff8e2ea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dca80000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dca80000, AllocationBase=0x7ff8dca80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dca20000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dca20000, AllocationBase=0x7ff8dca20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec2a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec2a0000, AllocationBase=0x7ff8ec2a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e76f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e76f0000, AllocationBase=0x7ff8e76f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea8c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea8c0000, AllocationBase=0x7ff8ea8c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea880000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea880000, AllocationBase=0x7ff8ea880000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ea1d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ea1d0000, AllocationBase=0x7ff8ea1d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6470000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6470000, AllocationBase=0x7ff8e6470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.968] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.968] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e6440000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e6440000, AllocationBase=0x7ff8e6440000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.969] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.969] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e75b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e75b0000, AllocationBase=0x7ff8e75b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.969] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.969] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da9a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da9a0000, AllocationBase=0x7ff8da9a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.969] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.969] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9ff0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9ff0000, AllocationBase=0x7ff8d9ff0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.969] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.969] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7d90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7d90000, AllocationBase=0x7ff8e7d90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.969] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.969] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df400000, AllocationBase=0x7ff8df400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.969] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dc780000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dc780000, AllocationBase=0x7ff8dc780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dc6e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dc6e0000, AllocationBase=0x7ff8dc6e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8eac70000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8eac70000, AllocationBase=0x7ff8eac70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da950000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da950000, AllocationBase=0x7ff8da950000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9eb0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9eb0000, AllocationBase=0x7ff8d9eb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5160000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5160000, AllocationBase=0x7ff8e5160000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7f00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7f00000, AllocationBase=0x7ff8e7f00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.971] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da8d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da8d0000, AllocationBase=0x7ff8da8d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0179.971] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da840000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da840000, AllocationBase=0x7ff8da840000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9bf0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9bf0000, AllocationBase=0x7ff8d9bf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9a40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9a40000, AllocationBase=0x7ff8d9a40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d99f0000, AllocationBase=0x7ff8d99f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d99d0000, AllocationBase=0x7ff8d99d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d99c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d99c0000, AllocationBase=0x7ff8d99c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d9970000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d9970000, AllocationBase=0x7ff8d9970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e81f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e81f0000, AllocationBase=0x7ff8e81f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d98e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d98e0000, AllocationBase=0x7ff8d98e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7a10000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7a10000, AllocationBase=0x7ff8d7a10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db940000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db940000, AllocationBase=0x7ff8db940000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db910000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db910000, AllocationBase=0x7ff8db910000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7850000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7850000, AllocationBase=0x7ff8d7850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7820000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7820000, AllocationBase=0x7ff8d7820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d77e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d77e0000, AllocationBase=0x7ff8d77e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e09f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e09f0000, AllocationBase=0x7ff8e09f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e72a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e72a0000, AllocationBase=0x7ff8e72a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e7280000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e7280000, AllocationBase=0x7ff8e7280000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e2760000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e2760000, AllocationBase=0x7ff8e2760000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3570000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3570000, AllocationBase=0x7ff8e3570000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c40000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8c40000, AllocationBase=0x7ff8e8c40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8c00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8c00000, AllocationBase=0x7ff8e8c00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8140000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8140000, AllocationBase=0x7ff8e8140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e8bc0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e8bc0000, AllocationBase=0x7ff8e8bc0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e51f0000, AllocationBase=0x7ff8e51f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e51e0000, AllocationBase=0x7ff8e51e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3610000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3610000, AllocationBase=0x7ff8e3610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e35b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e35b0000, AllocationBase=0x7ff8e35b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3220000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3220000, AllocationBase=0x7ff8e3220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e3190000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e3190000, AllocationBase=0x7ff8e3190000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7740000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7740000, AllocationBase=0x7ff8d7740000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d76a0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d76a0000, AllocationBase=0x7ff8d76a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e54e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e54e0000, AllocationBase=0x7ff8e54e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db610000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db610000, AllocationBase=0x7ff8db610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e53b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e53b0000, AllocationBase=0x7ff8e53b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dbc00000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dbc00000, AllocationBase=0x7ff8dbc00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8dee80000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8dee80000, AllocationBase=0x7ff8dee80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e84e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e84e0000, AllocationBase=0x7ff8e84e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5310000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5310000, AllocationBase=0x7ff8e5310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e9fe0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e9fe0000, AllocationBase=0x7ff8e9fe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e51d0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e51d0000, AllocationBase=0x7ff8e51d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db400000, AllocationBase=0x7ff8db400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8df410000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8df410000, AllocationBase=0x7ff8df410000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e1650000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e1650000, AllocationBase=0x7ff8e1650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d6770000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d6770000, AllocationBase=0x7ff8d6770000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e5480000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e5480000, AllocationBase=0x7ff8e5480000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7c60000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7c60000, AllocationBase=0x7ff8d7c60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8db380000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8db380000, AllocationBase=0x7ff8db380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8da7b0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8da7b0000, AllocationBase=0x7ff8da7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5620000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5620000, AllocationBase=0x7ff8d5620000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5520000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5520000, AllocationBase=0x7ff8d5520000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ec220000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ec220000, AllocationBase=0x7ff8ec220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8e1780000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8e1780000, AllocationBase=0x7ff8e1780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5430000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5430000, AllocationBase=0x7ff8d5430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d52f0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d52f0000, AllocationBase=0x7ff8d52f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7500000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7500000, AllocationBase=0x7ff8d7500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5e90000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5e90000, AllocationBase=0x7ff8d5e90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d7400000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d7400000, AllocationBase=0x7ff8d7400000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d73e0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d73e0000, AllocationBase=0x7ff8d73e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5240000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5240000, AllocationBase=0x7ff8d5240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d64c0000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d64c0000, AllocationBase=0x7ff8d64c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8d5220000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8d5220000, AllocationBase=0x7ff8d5220000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff8ee240000, lpBuffer=0x307f7e0, dwLength=0x30 | out: lpBuffer=0x307f7e0*(BaseAddress=0x7ff8ee240000, AllocationBase=0x7ff8ee240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0179.977] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x307f710, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x307f710, ReturnLength=0x0) returned 0x0 [0179.977] CreateNamedPipeA (lpName="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" (normalized: "\\device\\namedpipe\\{072bb6f5-baec-d114-fc2b-8e95f08fa299}"), dwOpenMode=0x40000003, dwPipeMode=0x4, nMaxInstances=0xff, nOutBufferSize=0x100, nInBufferSize=0x100, nDefaultTimeOut=0x0, lpSecurityAttributes=0x62c77b0) returned 0x20a0 [0179.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6278930, lpParameter=0x20a0, dwCreationFlags=0x0, lpThreadId=0x307f878 | out: lpThreadId=0x307f878*=0x91c) returned 0x20a4 [0179.978] wsprintfA (in: param_1=0xe90ff30, param_2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT %u.%u%s)" | out: param_1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0; Win64; x64)") returned 63 [0179.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6267ea4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x307f908 | out: lpThreadId=0x307f908*=0x5f0) returned 0x2084 Thread: id = 71 os_tid = 0x610 Thread: id = 74 os_tid = 0x4dc [0179.896] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x0 [0179.896] CreateEventA (lpEventAttributes=0x62c77b0, bManualReset=1, bInitialState=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x2094 [0179.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x516fbc0*=0x20d0, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 75 os_tid = 0xdf4 [0179.897] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="SetWindowsHookExA") returned 0x7ff8ebdc27a0 [0179.897] SetWindowsHookExA (idHook=13, lpfn=0x629045c, hmod=0x7ff79fdc0000, dwThreadId=0x0) returned 0x3a009f [0179.897] GetTickCount () returned 0x3f732 [0179.897] wsprintfA (in: param_1=0x62c78a0, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{91EA4745-0FE0-01BF-4912-8D6663144788}") returned 38 [0179.897] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="RegisterClassA") returned 0x7ff8ebde1310 [0179.897] RegisterClassA (lpWndClass=0x550fe80) returned 0xc161 [0179.898] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="CreateWindowExA") returned 0x7ff8ebde4df0 [0179.898] CreateWindowExA (dwExStyle=0x0, lpClassName="{91EA4745-0FE0-01BF-4912-8D6663144788}", lpWindowName=0x0, dwStyle=0x0, X=1, Y=1, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x7ff79fdc0000, lpParam=0x62c7880) returned 0x70172 [0179.899] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="GetWindowLongPtrA") returned 0x7ff8ebdccae0 [0179.899] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x0 [0179.899] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="DefWindowProcA") returned 0x7ff8ee413230 [0179.899] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x24, wParam=0x0, lParam=0x550f820) returned 0x0 [0179.899] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x0 [0179.899] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x81, wParam=0x0, lParam=0x550f7c0) returned 0x1 [0179.901] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x0 [0179.901] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x83, wParam=0x0, lParam=0x550f840) returned 0x0 [0179.901] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x0 [0179.902] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="SetWindowLongPtrA") returned 0x7ff8ebdd61f0 [0179.902] SetWindowLongPtrA (hWnd=0x70172, nIndex=-21, dwNewLong=0x62c7880) returned 0x0 [0179.902] SetEvent (hEvent=0x2080) returned 1 [0179.903] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="GetMessageA") returned 0x7ff8ebddaa50 [0179.903] GetMessageA (in: lpMsg=0x550fe50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x550fe50) returned 1 [0179.903] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="TranslateMessage") returned 0x7ff8ebdd36a0 [0179.903] TranslateMessage (lpMsg=0x550fe50) returned 0 [0179.904] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="DispatchMessageA") returned 0x7ff8ebde61e0 [0179.904] DispatchMessageA (lpMsg=0x550fe50) returned 0x0 [0179.904] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x62c7880 [0179.904] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0179.904] GetMessageA (lpMsg=0x550fe50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) [0180.540] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="CallNextHookEx") returned 0x7ff8ebdd52d0 [0180.540] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x550fd98) returned 0x0 [0180.547] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x550fd98) returned 0x0 [0180.555] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x550fd98) returned 0x0 [0180.571] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x550fd98) returned 0x0 [0180.683] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x104, lParam=0x550fd98) returned 0x0 [0180.695] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x104, lParam=0x550fd98) returned 0x0 [0180.703] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x105, lParam=0x550fd98) returned 0x0 [0180.711] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x550fd98) returned 0x0 [0181.209] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x550fd98) returned 0x0 [0181.210] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x550fd98) returned 0x0 [0181.215] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x550fd98) returned 0x0 [0181.262] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x550fd98) returned 0x0 [0182.570] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x62c7880 [0182.570] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1 [0182.570] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x62c7880 [0182.570] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0188.522] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x62c7880 [0188.522] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x3b, wParam=0x50c, lParam=0x0) returned 0x2 [0188.522] GetWindowLongPtrA (hWnd=0x70172, nIndex=-21) returned 0x62c7880 [0188.522] NtdllDefWindowProc_A (hWnd=0x70172, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 Thread: id = 76 os_tid = 0xd30 [0179.905] GetTickCount () returned 0x3f732 [0179.905] wsprintfA (in: param_1=0x62c7720, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{E697FB69-8DB4-DD83-AD06-319A67288BDC}") returned 38 [0179.905] RegisterClassA (lpWndClass=0x5f0fb90) returned 0xc160 [0179.905] CreateWindowExA (dwExStyle=0x0, lpClassName="{E697FB69-8DB4-DD83-AD06-319A67288BDC}", lpWindowName=0x0, dwStyle=0x0, X=1, Y=1, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x7ff79fdc0000, lpParam=0x62c7710) returned 0x501be [0179.905] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x0 [0179.905] NtdllDefWindowProc_A (hWnd=0x501be, Msg=0x24, wParam=0x0, lParam=0x5f0f530) returned 0x0 [0179.905] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x0 [0179.905] NtdllDefWindowProc_A (hWnd=0x501be, Msg=0x81, wParam=0x0, lParam=0x5f0f4d0) returned 0x1 [0179.907] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x0 [0179.907] NtdllDefWindowProc_A (hWnd=0x501be, Msg=0x83, wParam=0x0, lParam=0x5f0f550) returned 0x0 [0179.908] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x0 [0179.908] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="SetClipboardViewer") returned 0x7ff8ebdf0de0 [0179.908] SetClipboardViewer (hWndNewViewer=0x501be) returned 0x0 [0179.909] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x0 [0179.909] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="PostMessageA") returned 0x7ff8ebde4900 [0179.909] PostMessageA (hWnd=0x501be, Msg=0x8001, wParam=0x0, lParam=0x0) returned 1 [0179.909] SetWindowLongPtrA (hWnd=0x501be, nIndex=-21, dwNewLong=0x62c7710) returned 0x0 [0179.910] GetMessageA (in: lpMsg=0x5f0fb60, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5f0fb60) returned 1 [0179.910] TranslateMessage (lpMsg=0x5f0fb60) returned 0 [0179.910] DispatchMessageA (lpMsg=0x5f0fb60) returned 0x0 [0179.910] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x62c7710 [0179.910] NtdllDefWindowProc_A (hWnd=0x501be, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0179.910] GetMessageA (in: lpMsg=0x5f0fb60, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x5f0fb60) returned 1 [0179.910] TranslateMessage (lpMsg=0x5f0fb60) returned 0 [0179.910] DispatchMessageA (lpMsg=0x5f0fb60) returned 0x0 [0179.910] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x62c7710 [0179.910] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="OpenClipboard") returned 0x7ff8ebdeb6c0 [0179.910] OpenClipboard (hWndNewOwner=0x0) returned 1 [0179.911] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="GetClipboardData") returned 0x7ff8ebdeaba0 [0179.911] GetClipboardData (uFormat=0x1) returned 0x0 [0179.911] GetProcAddress (hModule=0x7ff8ebdc0000, lpProcName="CloseClipboard") returned 0x7ff8ebdf0920 [0179.911] CloseClipboard () returned 1 [0179.911] GetMessageA (lpMsg=0x5f0fb60, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) [0182.569] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x62c7710 [0182.569] NtdllDefWindowProc_A (hWnd=0x501be, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1 [0182.569] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x62c7710 [0188.515] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x62c7710 [0188.515] NtdllDefWindowProc_A (hWnd=0x501be, Msg=0x3b, wParam=0x50c, lParam=0x0) returned 0x2 [0188.516] GetWindowLongPtrA (hWnd=0x501be, nIndex=-21) returned 0x62c7710 [0188.516] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x5f0f400 | out: phkResult=0x5f0f400*=0x20d8) returned 0x0 [0188.516] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0188.517] GetProcAddress (hModule=0x7ff8ee190000, lpProcName="RegSetValueExW") returned 0x7ff8ee1a7850 [0188.517] RegSetValueExW (in: hKey=0x20d8, lpValueName="cabilipc", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", cbData=0x76 | out: lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0x0 [0188.517] RegCloseKey (hKey=0x20d8) returned 0x0 Thread: id = 77 os_tid = 0x91c [0179.982] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x20cc [0179.982] WaitForSingleObject (hHandle=0x20d0, dwMilliseconds=0x0) returned 0x102 [0179.982] ConnectNamedPipe (in: hNamedPipe=0x20a0, lpOverlapped=0x654f830 | out: lpOverlapped=0x654f830) returned 0 [0179.982] GetLastError () returned 0x3e5 [0179.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x654f820*=0x20d0, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 78 os_tid = 0x5f0 [0179.982] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 0x20bc [0179.982] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 0x2054 [0179.982] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 0x2040 [0179.982] SetLastError (dwErrCode=0xb7) [0179.982] CreateEventA (lpEventAttributes=0x62c77b0, bManualReset=1, bInitialState=0, lpName="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 0x2064 [0179.982] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 0x205c [0179.982] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned 0x2058 [0179.982] SetLastError (dwErrCode=0xb7) [0179.982] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 0x2068 [0179.982] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 0x204c [0179.982] SetLastError (dwErrCode=0xb7) [0179.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x6eff980*=0x20d0, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 79 os_tid = 0xe1c [0180.806] RegGetValueW (in: hkey=0x1ff2, lpSubKey="TreatAs", lpValue=0x0, dwFlags=0xffff, pdwType=0x0, pvData=0x946f140, pcbData=0x946f088*=0xc8 | out: pdwType=0x0, pvData=0x946f140, pcbData=0x946f088*=0xc8) returned 0x2 [0180.806] RegGetValueW (in: hkey=0x1ff2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x946ef90, pvData=0x0, pcbData=0x946efe8*=0x0 | out: pdwType=0x946ef90*=0x1, pvData=0x0, pcbData=0x946efe8*=0x38) returned 0x0 [0180.806] RegGetValueW (in: hkey=0x1ff2, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x946ef90, pvData=0xadb7250, pcbData=0x946efe8*=0x38 | out: pdwType=0x946ef90*=0x1, pvData="Connected Account Services", pcbData=0x946efe8*=0x36) returned 0x0 [0180.807] StrCmpIW (psz1="InprocServer32", psz2="DelegateExecute") returned 1 [0180.807] RegGetValueW (in: hkey=0x1f7e, lpSubKey=0x0, lpValue="InprocServer32", dwFlags=0x23, pdwType=0x946eee0, pvData=0x0, pcbData=0x946ef38*=0x0 | out: pdwType=0x946eee0*=0x0, pvData=0x0, pcbData=0x946ef38*=0x0) returned 0x2 [0180.807] RegGetValueW (in: hkey=0x1f7e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x946ef20, pvData=0x0, pcbData=0x946ef78*=0x0 | out: pdwType=0x946ef20*=0x1, pvData=0x0, pcbData=0x946ef78*=0x54) returned 0x0 [0180.807] RegGetValueW (in: hkey=0x1f7e, lpSubKey=0x0, lpValue=0x0, dwFlags=0x23, pdwType=0x946ef20, pvData=0x96142a0, pcbData=0x946ef78*=0x54 | out: pdwType=0x946ef20*=0x1, pvData="C:\\Windows\\system32\\SettingSyncCore.dll", pcbData=0x946ef78*=0x54) returned 0x0 [0180.807] StrCmpIW (psz1="ThreadingModel", psz2="DelegateExecute") returned 1 [0180.807] RegGetValueW (in: hkey=0x1f7e, lpSubKey=0x0, lpValue="ThreadingModel", dwFlags=0x20000003, pdwType=0x946eed0, pvData=0x946eef0, pcbData=0x946eeb8*=0x3c | out: pdwType=0x946eed0*=0x1, pvData="Both", pcbData=0x946eeb8*=0xa) returned 0x0 [0180.807] RegGetValueW (in: hkey=0x1ff2, lpSubKey="InprocHandler32", lpValue=0x0, dwFlags=0x23, pdwType=0x946ef40, pvData=0x0, pcbData=0x946ef98*=0x0 | out: pdwType=0x946ef40*=0x0, pvData=0x0, pcbData=0x946ef98*=0x0) returned 0x2 [0180.807] RegGetValueW (in: hkey=0x1ff2, lpSubKey="InprocHandler", lpValue=0x0, dwFlags=0x23, pdwType=0x946ef40, pvData=0x0, pcbData=0x946ef98*=0x0 | out: pdwType=0x946ef40*=0x0, pvData=0x0, pcbData=0x946ef98*=0x0) returned 0x2 [0180.807] StrCmpIW (psz1="ActivationType", psz2="DelegateExecute") returned -1 [0180.807] RegGetValueW (in: hkey=0x1ff0, lpSubKey=0x0, lpValue="ActivationType", dwFlags=0x10, pdwType=0x0, pvData=0x946f0b8, pcbData=0x946eed0*=0x4 | out: pdwType=0x0, pvData=0x946f0b8, pcbData=0x946eed0*=0x4) returned 0x0 [0180.807] StrCmpIW (psz1="Threading", psz2="DelegateExecute") returned 1 [0180.807] RegGetValueW (in: hkey=0x1ff0, lpSubKey=0x0, lpValue="Threading", dwFlags=0x10, pdwType=0x0, pvData=0x946f0ec, pcbData=0x946eed0*=0x4 | out: pdwType=0x0, pvData=0x946f0ec, pcbData=0x946eed0*=0x4) returned 0x0 [0180.808] StrCmpIW (psz1="TrustLevel", psz2="DelegateExecute") returned 1 [0180.808] RegGetValueW (in: hkey=0x1ff0, lpSubKey=0x0, lpValue="TrustLevel", dwFlags=0x10, pdwType=0x0, pvData=0x946f0f4, pcbData=0x946eed0*=0x4 | out: pdwType=0x0, pvData=0x946f0f4, pcbData=0x946eed0*=0x4) returned 0x0 [0180.808] StrCmpIW (psz1="ActivateAsUser", psz2="DelegateExecute") returned -1 [0180.808] RegGetValueW (in: hkey=0x1ff0, lpSubKey=0x0, lpValue="ActivateAsUser", dwFlags=0x10, pdwType=0x0, pvData=0x946f114, pcbData=0x946eed0*=0x4 | out: pdwType=0x0, pvData=0x946f114, pcbData=0x946eed0*=0x4) returned 0x0 Thread: id = 80 os_tid = 0xdcc Thread: id = 81 os_tid = 0xe18 Thread: id = 82 os_tid = 0xdc8 Thread: id = 83 os_tid = 0x32c Process: id = "8" image_name = "autoclb.exe" filename = "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe" page_root = "0x36edf000" os_pid = "0x478" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001a59e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1491 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1492 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1493 start_va = 0x40000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1494 start_va = 0x60000 end_va = 0x9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1495 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1496 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1497 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1498 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1499 start_va = 0x400000 end_va = 0x51efff entry_point = 0x400000 region_type = mapped_file name = "autoclb.exe" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe") Region: id = 1500 start_va = 0x77730000 end_va = 0x778a8fff entry_point = 0x77730000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1501 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1502 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1503 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1504 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1505 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1506 start_va = 0x7fff0000 end_va = 0x7fff1f8fffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1507 start_va = 0x7fff1f900000 end_va = 0x7fff1fac1fff entry_point = 0x7fff1f900000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1508 start_va = 0x7fff1fac2000 end_va = 0x7ffffffeffff entry_point = 0x0 region_type = private name = "private_0x00007fff1fac2000" filename = "" Region: id = 1654 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1655 start_va = 0x75830000 end_va = 0x758a2fff entry_point = 0x75830000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1656 start_va = 0x758b0000 end_va = 0x758fefff entry_point = 0x758b0000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1657 start_va = 0x75820000 end_va = 0x75827fff entry_point = 0x75820000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1658 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1659 start_va = 0x75eb0000 end_va = 0x75f9ffff entry_point = 0x75eb0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1660 start_va = 0x76990000 end_va = 0x76b05fff entry_point = 0x76990000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1661 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1662 start_va = 0x2f0000 end_va = 0x3adfff entry_point = 0x2f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1663 start_va = 0x75af0000 end_va = 0x75b80fff entry_point = 0x75af0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1664 start_va = 0x7feb0000 end_va = 0x7ffaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1665 start_va = 0x20000 end_va = 0x23fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1666 start_va = 0x3b0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1667 start_va = 0x520000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1668 start_va = 0x620000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1669 start_va = 0x660000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1670 start_va = 0x739c0000 end_va = 0x739e0fff entry_point = 0x739c0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1671 start_va = 0x739f0000 end_va = 0x73cb0fff entry_point = 0x739f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1672 start_va = 0x73cc0000 end_va = 0x73cc6fff entry_point = 0x73cc0000 region_type = mapped_file name = "dciman32.dll" filename = "\\Windows\\SysWOW64\\dciman32.dll" (normalized: "c:\\windows\\syswow64\\dciman32.dll") Region: id = 1673 start_va = 0x73cd0000 end_va = 0x73d07fff entry_point = 0x73cd0000 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\SysWOW64\\adsldpc.dll" (normalized: "c:\\windows\\syswow64\\adsldpc.dll") Region: id = 1674 start_va = 0x73d10000 end_va = 0x73dfafff entry_point = 0x73d10000 region_type = mapped_file name = "ddraw.dll" filename = "\\Windows\\SysWOW64\\ddraw.dll" (normalized: "c:\\windows\\syswow64\\ddraw.dll") Region: id = 1675 start_va = 0x73e00000 end_va = 0x73e22fff entry_point = 0x73e00000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 1676 start_va = 0x73e30000 end_va = 0x73f8ffff entry_point = 0x73e30000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1677 start_va = 0x73f90000 end_va = 0x740fafff entry_point = 0x73f90000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\\gdiplus.dll") Region: id = 1678 start_va = 0x74100000 end_va = 0x74142fff entry_point = 0x74100000 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 1679 start_va = 0x74150000 end_va = 0x74373fff entry_point = 0x74150000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1680 start_va = 0x74380000 end_va = 0x7445ffff entry_point = 0x74380000 region_type = mapped_file name = "opengl32.dll" filename = "\\Windows\\SysWOW64\\opengl32.dll" (normalized: "c:\\windows\\syswow64\\opengl32.dll") Region: id = 1681 start_va = 0x74460000 end_va = 0x7581efff entry_point = 0x74460000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1682 start_va = 0x75900000 end_va = 0x75907fff entry_point = 0x75900000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1683 start_va = 0x75910000 end_va = 0x7594afff entry_point = 0x75910000 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\SysWOW64\\activeds.dll" (normalized: "c:\\windows\\syswow64\\activeds.dll") Region: id = 1684 start_va = 0x75950000 end_va = 0x75973fff entry_point = 0x75950000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 1685 start_va = 0x75980000 end_va = 0x759a4fff entry_point = 0x75980000 region_type = mapped_file name = "glu32.dll" filename = "\\Windows\\SysWOW64\\glu32.dll" (normalized: "c:\\windows\\syswow64\\glu32.dll") Region: id = 1686 start_va = 0x759b0000 end_va = 0x75a48fff entry_point = 0x759b0000 region_type = mapped_file name = "odbc32.dll" filename = "\\Windows\\SysWOW64\\odbc32.dll" (normalized: "c:\\windows\\syswow64\\odbc32.dll") Region: id = 1687 start_va = 0x75a50000 end_va = 0x75ae1fff entry_point = 0x75a50000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll") Region: id = 1688 start_va = 0x75b90000 end_va = 0x75be8fff entry_point = 0x75b90000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1689 start_va = 0x75bf0000 end_va = 0x75bf9fff entry_point = 0x75bf0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1690 start_va = 0x75c00000 end_va = 0x75c1dfff entry_point = 0x75c00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1691 start_va = 0x75c70000 end_va = 0x75ca5fff entry_point = 0x75c70000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1692 start_va = 0x75cc0000 end_va = 0x75e0cfff entry_point = 0x75cc0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1693 start_va = 0x75e10000 end_va = 0x75e62fff entry_point = 0x75e10000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1694 start_va = 0x75e70000 end_va = 0x75e9afff entry_point = 0x75e70000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1695 start_va = 0x75ea0000 end_va = 0x75eabfff entry_point = 0x75ea0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1696 start_va = 0x75fa0000 end_va = 0x75fe2fff entry_point = 0x75fa0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1697 start_va = 0x75ff0000 end_va = 0x760d9fff entry_point = 0x75ff0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1698 start_va = 0x760e0000 end_va = 0x7621ffff entry_point = 0x760e0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1699 start_va = 0x76220000 end_va = 0x762cbfff entry_point = 0x76220000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1700 start_va = 0x76330000 end_va = 0x763edfff entry_point = 0x76330000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1701 start_va = 0x763f0000 end_va = 0x76433fff entry_point = 0x763f0000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1702 start_va = 0x76440000 end_va = 0x764ccfff entry_point = 0x76440000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1703 start_va = 0x764d0000 end_va = 0x76689fff entry_point = 0x764d0000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1704 start_va = 0x768d0000 end_va = 0x7698dfff entry_point = 0x768d0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1705 start_va = 0x76b10000 end_va = 0x76b53fff entry_point = 0x76b10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1706 start_va = 0x76bd0000 end_va = 0x770acfff entry_point = 0x76bd0000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1707 start_va = 0x770b0000 end_va = 0x771cffff entry_point = 0x770b0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1708 start_va = 0x77250000 end_va = 0x772e1fff entry_point = 0x77250000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1709 start_va = 0x772f0000 end_va = 0x772fefff entry_point = 0x772f0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1710 start_va = 0x77620000 end_va = 0x7769afff entry_point = 0x77620000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1711 start_va = 0x7ffd5000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1712 start_va = 0x7ffd8000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1713 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1714 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1715 start_va = 0x3f0000 end_va = 0x3f3fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1716 start_va = 0x760000 end_va = 0x8e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 1717 start_va = 0x8f0000 end_va = 0xa70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 1718 start_va = 0xa90000 end_va = 0xa9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 1719 start_va = 0xaa0000 end_va = 0x1e9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 1720 start_va = 0x1f40000 end_va = 0x1f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 1721 start_va = 0x1f50000 end_va = 0x2286fff entry_point = 0x1f50000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1722 start_va = 0x2290000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1723 start_va = 0x7fe50000 end_va = 0x7feaffff entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 1724 start_va = 0x2430000 end_va = 0x282ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002430000" filename = "" Region: id = 1725 start_va = 0x73940000 end_va = 0x739b4fff entry_point = 0x73940000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1726 start_va = 0x2290000 end_va = 0x238ffff entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1727 start_va = 0x2420000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1728 start_va = 0xa80000 end_va = 0xa80fff entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 1729 start_va = 0x1ea0000 end_va = 0x1ea0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 1730 start_va = 0x2290000 end_va = 0x2347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002290000" filename = "" Region: id = 1731 start_va = 0x2380000 end_va = 0x238ffff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1732 start_va = 0x1ea0000 end_va = 0x1ea3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 1733 start_va = 0x73920000 end_va = 0x7393cfff entry_point = 0x73920000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1734 start_va = 0x1eb0000 end_va = 0x1eb4fff entry_point = 0x1eb0000 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 1735 start_va = 0x1ec0000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 1736 start_va = 0x2350000 end_va = 0x2353fff entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1737 start_va = 0x2360000 end_va = 0x2360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 1738 start_va = 0x2390000 end_va = 0x240ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002390000" filename = "" Region: id = 1739 start_va = 0x2830000 end_va = 0x286ffff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 1740 start_va = 0x2870000 end_va = 0x296ffff entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 1741 start_va = 0x7fe4d000 end_va = 0x7fe4ffff entry_point = 0x0 region_type = private name = "private_0x000000007fe4d000" filename = "" Region: id = 1742 start_va = 0x60000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1743 start_va = 0x160000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1744 start_va = 0x2970000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 1745 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 1746 start_va = 0x7ffdb000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1747 start_va = 0x73730000 end_va = 0x7391ffff entry_point = 0x73730000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 1748 start_va = 0x2390000 end_va = 0x2405fff entry_point = 0x2390000 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 1749 start_va = 0x2ab0000 end_va = 0x2baffff entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 1750 start_va = 0x2bb0000 end_va = 0x3baffff entry_point = 0x2bb0000 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 1751 start_va = 0x160000 end_va = 0x163fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1752 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1753 start_va = 0x3bb0000 end_va = 0x3caffff entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 1754 start_va = 0x180000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1755 start_va = 0x3cb0000 end_va = 0x3daffff entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 1756 start_va = 0x180000 end_va = 0x191fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1757 start_va = 0x2360000 end_va = 0x2364fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 1758 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1759 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1760 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1761 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1762 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1763 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1764 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1765 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1766 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1767 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1768 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1769 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1770 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1771 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1772 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1773 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1774 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1775 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1776 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1777 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1778 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1779 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1780 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1781 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1782 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1783 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1784 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1785 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1786 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1787 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1788 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1789 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1790 start_va = 0x180000 end_va = 0x184fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1791 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1792 start_va = 0x3db0000 end_va = 0x4deffff entry_point = 0x3db0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1793 start_va = 0x4df0000 end_va = 0x52e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004df0000" filename = "" Region: id = 1794 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1795 start_va = 0x776a0000 end_va = 0x77721fff entry_point = 0x776a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1796 start_va = 0x2360000 end_va = 0x2360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 1797 start_va = 0x73680000 end_va = 0x73726fff entry_point = 0x73680000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1798 start_va = 0x73710000 end_va = 0x73722fff entry_point = 0x73710000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1799 start_va = 0x736f0000 end_va = 0x7370afff entry_point = 0x736f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1800 start_va = 0x736c0000 end_va = 0x736eefff entry_point = 0x736c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1801 start_va = 0x736a0000 end_va = 0x736b8fff entry_point = 0x736a0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1802 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1803 start_va = 0x2370000 end_va = 0x2376fff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1804 start_va = 0x73640000 end_va = 0x73693fff entry_point = 0x73640000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\SysWOW64\\MMDevAPI.dll" (normalized: "c:\\windows\\syswow64\\mmdevapi.dll") Region: id = 1805 start_va = 0x734f0000 end_va = 0x73631fff entry_point = 0x734f0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1806 start_va = 0x734b0000 end_va = 0x734e7fff entry_point = 0x734b0000 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\SysWOW64\\wdmaud.drv" (normalized: "c:\\windows\\syswow64\\wdmaud.drv") Region: id = 1807 start_va = 0x734a0000 end_va = 0x734a6fff entry_point = 0x734a0000 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\SysWOW64\\ksuser.dll" (normalized: "c:\\windows\\syswow64\\ksuser.dll") Region: id = 1808 start_va = 0x73490000 end_va = 0x73498fff entry_point = 0x73490000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\SysWOW64\\avrt.dll" (normalized: "c:\\windows\\syswow64\\avrt.dll") Region: id = 1809 start_va = 0x2410000 end_va = 0x2410fff entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 1810 start_va = 0x52f0000 end_va = 0x52f0fff entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 1811 start_va = 0x5300000 end_va = 0x5300fff entry_point = 0x5300000 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\SysWOW64\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wdmaud.drv.mui") Region: id = 1812 start_va = 0x5310000 end_va = 0x5327fff entry_point = 0x5310000 region_type = mapped_file name = "hdaudio.pnf" filename = "\\Windows\\INF\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf") Region: id = 1813 start_va = 0x5310000 end_va = 0x5310fff entry_point = 0x5310000 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mmdevapi.dll.mui") Region: id = 1814 start_va = 0x73420000 end_va = 0x73487fff entry_point = 0x73420000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\SysWOW64\\AudioSes.dll" (normalized: "c:\\windows\\syswow64\\audioses.dll") Region: id = 1815 start_va = 0x73350000 end_va = 0x73414fff entry_point = 0x73350000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1816 start_va = 0x5320000 end_va = 0x5337fff entry_point = 0x5320000 region_type = mapped_file name = "hdaudio.pnf" filename = "\\Windows\\INF\\hdaudio.PNF" (normalized: "c:\\windows\\inf\\hdaudio.pnf") Region: id = 1817 start_va = 0x73340000 end_va = 0x73348fff entry_point = 0x73340000 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\SysWOW64\\msacm32.drv" (normalized: "c:\\windows\\syswow64\\msacm32.drv") Region: id = 1818 start_va = 0x73320000 end_va = 0x73337fff entry_point = 0x73320000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\SysWOW64\\msacm32.dll" (normalized: "c:\\windows\\syswow64\\msacm32.dll") Region: id = 1819 start_va = 0x73310000 end_va = 0x73317fff entry_point = 0x73310000 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\SysWOW64\\midimap.dll" (normalized: "c:\\windows\\syswow64\\midimap.dll") Region: id = 1820 start_va = 0x5320000 end_va = 0x535ffff entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 1821 start_va = 0x5360000 end_va = 0x545ffff entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 1822 start_va = 0x5460000 end_va = 0x5461fff entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 1823 start_va = 0x5470000 end_va = 0x5479fff entry_point = 0x0 region_type = private name = "private_0x0000000005470000" filename = "" Region: id = 1824 start_va = 0x5480000 end_va = 0x5481fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005480000" filename = "" Region: id = 1825 start_va = 0x5490000 end_va = 0x5491fff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 1826 start_va = 0x7fe4a000 end_va = 0x7fe4cfff entry_point = 0x0 region_type = private name = "private_0x000000007fe4a000" filename = "" Region: id = 1827 start_va = 0x54a0000 end_va = 0x54dffff entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 1828 start_va = 0x54e0000 end_va = 0x55dffff entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1829 start_va = 0x55e0000 end_va = 0x55e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055e0000" filename = "" Region: id = 1830 start_va = 0x7fe47000 end_va = 0x7fe49fff entry_point = 0x0 region_type = private name = "private_0x000000007fe47000" filename = "" Region: id = 1831 start_va = 0x55f0000 end_va = 0x55f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000055f0000" filename = "" Region: id = 1832 start_va = 0x5600000 end_va = 0x5601fff entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 1833 start_va = 0x732d0000 end_va = 0x7330afff entry_point = 0x732d0000 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\SysWOW64\\adsldp.dll" (normalized: "c:\\windows\\syswow64\\adsldp.dll") Region: id = 1834 start_va = 0x73250000 end_va = 0x732cffff entry_point = 0x73250000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1835 start_va = 0x5610000 end_va = 0x562bfff entry_point = 0x5610000 region_type = mapped_file name = "activeds.tlb" filename = "\\Windows\\SysWOW64\\activeds.tlb" (normalized: "c:\\windows\\syswow64\\activeds.tlb") Region: id = 1836 start_va = 0x73240000 end_va = 0x73249fff entry_point = 0x73240000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 1837 start_va = 0x5630000 end_va = 0x5631fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005630000" filename = "" Region: id = 1838 start_va = 0x5640000 end_va = 0x5641fff entry_point = 0x0 region_type = private name = "private_0x0000000005640000" filename = "" Region: id = 1839 start_va = 0x5650000 end_va = 0x5651fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005650000" filename = "" Region: id = 1840 start_va = 0x5660000 end_va = 0x5661fff entry_point = 0x0 region_type = private name = "private_0x0000000005660000" filename = "" Region: id = 1841 start_va = 0x5670000 end_va = 0x5726fff entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 1842 start_va = 0x5730000 end_va = 0x5732fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005730000" filename = "" Region: id = 1843 start_va = 0x5740000 end_va = 0x5741fff entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 1844 start_va = 0x5750000 end_va = 0x5751fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005750000" filename = "" Region: id = 1845 start_va = 0x5760000 end_va = 0x5761fff entry_point = 0x0 region_type = private name = "private_0x0000000005760000" filename = "" Region: id = 1846 start_va = 0x5770000 end_va = 0x5771fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005770000" filename = "" Region: id = 1847 start_va = 0x5780000 end_va = 0x5781fff entry_point = 0x0 region_type = private name = "private_0x0000000005780000" filename = "" Region: id = 1848 start_va = 0x5790000 end_va = 0x5842fff entry_point = 0x0 region_type = private name = "private_0x0000000005790000" filename = "" Region: id = 1849 start_va = 0x5850000 end_va = 0x5852fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005850000" filename = "" Region: id = 1850 start_va = 0x5860000 end_va = 0x5861fff entry_point = 0x0 region_type = private name = "private_0x0000000005860000" filename = "" Region: id = 1851 start_va = 0x5870000 end_va = 0x5871fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005870000" filename = "" Region: id = 1852 start_va = 0x5880000 end_va = 0x5881fff entry_point = 0x0 region_type = private name = "private_0x0000000005880000" filename = "" Region: id = 1853 start_va = 0x5890000 end_va = 0x5941fff entry_point = 0x0 region_type = private name = "private_0x0000000005890000" filename = "" Region: id = 1854 start_va = 0x5950000 end_va = 0x5952fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005950000" filename = "" Region: id = 1855 start_va = 0x5960000 end_va = 0x5961fff entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 1856 start_va = 0x5970000 end_va = 0x5a28fff entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 1857 start_va = 0x5a30000 end_va = 0x5a32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005a30000" filename = "" Region: id = 1858 start_va = 0x5a40000 end_va = 0x5a41fff entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 1859 start_va = 0x5a50000 end_va = 0x5a53fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 1860 start_va = 0x5a60000 end_va = 0x5a98fff entry_point = 0x5a60000 region_type = mapped_file name = "odbcint.dll" filename = "\\Windows\\SysWOW64\\odbcint.dll" (normalized: "c:\\windows\\syswow64\\odbcint.dll") Region: id = 1861 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1862 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1863 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1864 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1865 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1866 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1867 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1868 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1869 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1870 start_va = 0x5a60000 end_va = 0x5a60fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1871 start_va = 0x5a60000 end_va = 0x5b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 1872 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1873 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1874 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1875 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1876 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1877 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1878 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1879 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1880 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1881 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1882 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1883 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1884 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1885 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1886 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1887 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1888 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1889 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1890 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1891 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1892 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1893 start_va = 0x5b70000 end_va = 0x5d6ffff entry_point = 0x0 region_type = private name = "private_0x0000000005b70000" filename = "" Region: id = 1894 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1895 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1896 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1897 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1898 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1899 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1900 start_va = 0x77470000 end_va = 0x77614fff entry_point = 0x77470000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 1901 start_va = 0x5d70000 end_va = 0x5daffff entry_point = 0x0 region_type = private name = "private_0x0000000005d70000" filename = "" Region: id = 1902 start_va = 0x5db0000 end_va = 0x5eaffff entry_point = 0x0 region_type = private name = "private_0x0000000005db0000" filename = "" Region: id = 1903 start_va = 0x5eb0000 end_va = 0x63affff entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 1904 start_va = 0x7fe44000 end_va = 0x7fe46fff entry_point = 0x0 region_type = private name = "private_0x000000007fe44000" filename = "" Region: id = 1905 start_va = 0x75c20000 end_va = 0x75c61fff entry_point = 0x75c20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 1906 start_va = 0x75cb0000 end_va = 0x75cbdfff entry_point = 0x75cb0000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1907 start_va = 0x76740000 end_va = 0x768b4fff entry_point = 0x76740000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1922 start_va = 0x2830000 end_va = 0x2830fff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 1923 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 1924 start_va = 0x2830000 end_va = 0x2830fff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 1925 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 1926 start_va = 0x2830000 end_va = 0x2830fff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 1927 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 1928 start_va = 0x2830000 end_va = 0x2830fff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 1929 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 1941 start_va = 0x2830000 end_va = 0x2962fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002830000" filename = "" Region: id = 1943 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1944 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 1945 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1946 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Region: id = 1947 start_va = 0x5b60000 end_va = 0x5b60fff entry_point = 0x0 region_type = private name = "private_0x0000000005b60000" filename = "" Region: id = 1948 start_va = 0x63b0000 end_va = 0x6571fff entry_point = 0x0 region_type = private name = "private_0x00000000063b0000" filename = "" Thread: id = 84 os_tid = 0x750 [0250.965] GetStartupInfoW (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0250.965] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0250.967] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75eb0000 [0250.967] GetProcAddress (hModule=0x75eb0000, lpProcName="FlsAlloc") returned 0x75eca330 [0250.967] GetProcAddress (hModule=0x75eb0000, lpProcName="FlsGetValue") returned 0x75ec7580 [0250.967] GetProcAddress (hModule=0x75eb0000, lpProcName="FlsSetValue") returned 0x75ec9910 [0250.967] GetProcAddress (hModule=0x75eb0000, lpProcName="FlsFree") returned 0x75ecf400 [0250.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75eb0000 [0250.969] GetCurrentThreadId () returned 0x750 [0250.970] GetStartupInfoW (in: lpStartupInfo=0x19fea0 | out: lpStartupInfo=0x19fea0*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x24205c8, hStdOutput=0x42ba64, hStdError=0x0)) [0250.970] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0250.970] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0250.970] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0250.970] SetHandleCount (uNumber=0x20) returned 0x20 [0250.970] GetCommandLineA () returned="\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe\" " [0250.970] GetEnvironmentStringsW () returned 0x1f1d90* [0250.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1359, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1359 [0250.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1359, lpMultiByteStr=0x2421038, cbMultiByte=1359, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1359 [0250.970] FreeEnvironmentStringsW (penv=0x1f1d90) returned 1 [0250.970] GetLastError () returned 0xcb [0250.971] SetLastError (dwErrCode=0xcb) [0250.971] GetLastError () returned 0xcb [0250.971] SetLastError (dwErrCode=0xcb) [0250.971] GetLastError () returned 0xcb [0250.971] SetLastError (dwErrCode=0xcb) [0250.971] GetACP () returned 0x4e4 [0250.971] GetLastError () returned 0xcb [0250.971] SetLastError (dwErrCode=0xcb) [0250.971] IsValidCodePage (CodePage=0x4e4) returned 1 [0250.971] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe50 | out: lpCPInfo=0x19fe50) returned 1 [0250.971] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f914 | out: lpCPInfo=0x19f914) returned 1 [0250.971] GetLastError () returned 0xcb [0250.971] SetLastError (dwErrCode=0xcb) [0250.971] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0250.971] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x2421810, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0250.971] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpCharType=0x19fc34 | out: lpCharType=0x19fc34) returned 1 [0250.972] GetLastError () returned 0xcb [0250.972] SetLastError (dwErrCode=0xcb) [0250.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0250.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x2421810, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0250.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0250.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2421a48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0250.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fb34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0250.972] GetLastError () returned 0xcb [0250.972] SetLastError (dwErrCode=0xcb) [0250.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0250.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f92c, cbMultiByte=256, lpWideCharStr=0x2421810, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0250.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0250.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2421a48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽") returned 256 [0250.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fa34, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x48\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x68\x02\x28\x02\x28\x02\x28\x02\x28\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x20\x02\x48\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02\x20\x02", lpUsedDefaultChar=0x0) returned 256 [0250.973] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x463700, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x3a [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.973] SetLastError (dwErrCode=0x0) [0250.973] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.974] SetLastError (dwErrCode=0x0) [0250.974] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.975] SetLastError (dwErrCode=0x0) [0250.975] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.976] SetLastError (dwErrCode=0x0) [0250.976] GetLastError () returned 0x0 [0250.977] SetLastError (dwErrCode=0x0) [0250.977] GetLastError () returned 0x0 [0250.977] SetLastError (dwErrCode=0x0) [0250.977] GetLastError () returned 0x0 [0250.977] SetLastError (dwErrCode=0x0) [0250.977] GetLastError () returned 0x0 [0250.977] SetLastError (dwErrCode=0x0) [0250.977] GetLastError () returned 0x0 [0250.977] SetLastError (dwErrCode=0x0) [0250.977] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.978] SetLastError (dwErrCode=0x0) [0250.978] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.979] SetLastError (dwErrCode=0x0) [0250.979] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.980] GetLastError () returned 0x0 [0250.980] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.981] SetLastError (dwErrCode=0x0) [0250.981] GetLastError () returned 0x0 [0250.982] SetLastError (dwErrCode=0x0) [0250.985] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0250.985] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0250.985] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x435a30) returned 0x0 [0250.986] GetLastError () returned 0x0 [0250.986] SetLastError (dwErrCode=0x0) [0250.986] GetLastError () returned 0x0 [0250.986] SetLastError (dwErrCode=0x0) [0250.986] GetCurrentProcessId () returned 0x478 [0250.986] GetLastError () returned 0x0 [0250.986] SetLastError (dwErrCode=0x0) [0250.986] GetLastError () returned 0x0 [0250.986] SetLastError (dwErrCode=0x0) [0250.986] GetLastError () returned 0x0 [0250.986] SetLastError (dwErrCode=0x0) [0250.987] GetLastError () returned 0x0 [0250.987] SetLastError (dwErrCode=0x0) [0250.987] GetLastError () returned 0x0 [0250.987] SetLastError (dwErrCode=0x0) [0250.987] GetCurrentThread () returned 0xfffffffe [0250.987] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x6, OpenAsSelf=1, TokenHandle=0x19fd78 | out: TokenHandle=0x19fd78*=0x0) returned 0 [0250.987] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x400000, lpName="AtlDebugAllocator_FileMappingNameStatic_100_478") returned 0x1e4 [0250.987] GetLastError () returned 0x0 [0250.987] MapViewOfFile (hFileMappingObject=0x1e4, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2430000 [0250.987] GetSystemInfo (in: lpSystemInfo=0x19fd50 | out: lpSystemInfo=0x19fd50*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0250.987] VirtualAlloc (lpAddress=0x2430000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2430000 [0250.988] GetCurrentProcessId () returned 0x478 [0250.988] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fafc, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x3a [0250.988] VirtualAlloc (lpAddress=0x2431000, dwSize=0x2990, flAllocationType=0x1000, flProtect=0x4) returned 0x2431000 [0250.988] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19fc48, nSize=0x104 | out: lpFilename="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe")) returned 0x3a [0250.988] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.989] lstrlenA (lpString="atlTraceGeneral") returned 15 [0250.989] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bb90, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceGeneral") returned 16 [0250.990] VirtualAlloc (lpAddress=0x282fa10, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x282f000 [0250.990] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.990] lstrlenA (lpString="atlTraceCOM") returned 11 [0250.990] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bba0, cbMultiByte=12, lpWideCharStr=0x19fd88, cchWideChar=12 | out: lpWideCharStr="atlTraceCOM") returned 12 [0250.990] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.990] lstrlenA (lpString="atlTraceQI") returned 10 [0250.990] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbac, cbMultiByte=11, lpWideCharStr=0x19fd88, cchWideChar=11 | out: lpWideCharStr="atlTraceQI") returned 11 [0250.990] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.990] lstrlenA (lpString="atlTraceRegistrar") returned 17 [0250.990] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbb8, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceRegistrar") returned 18 [0250.990] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceRefcount") returned 16 [0250.991] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbcc, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceRefcount") returned 17 [0250.991] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceWindowing") returned 17 [0250.991] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbe0, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceWindowing") returned 18 [0250.991] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceControls") returned 16 [0250.991] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bbf4, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceControls") returned 17 [0250.991] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceHosting") returned 15 [0250.991] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc08, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceHosting") returned 16 [0250.991] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceDBClient") returned 16 [0250.991] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc18, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceDBClient") returned 17 [0250.991] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceDBProvider") returned 18 [0250.991] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc2c, cbMultiByte=19, lpWideCharStr=0x19fd88, cchWideChar=19 | out: lpWideCharStr="atlTraceDBProvider") returned 19 [0250.991] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.991] lstrlenA (lpString="atlTraceSnapin") returned 14 [0250.992] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc40, cbMultiByte=15, lpWideCharStr=0x19fd88, cchWideChar=15 | out: lpWideCharStr="atlTraceSnapin") returned 15 [0250.992] VirtualAlloc (lpAddress=0x282f420, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x282f000 [0250.992] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.992] lstrlenA (lpString="atlTraceNotImpl") returned 15 [0250.992] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc50, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceNotImpl") returned 16 [0250.992] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.992] lstrlenA (lpString="atlTraceAllocation") returned 18 [0250.992] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc60, cbMultiByte=19, lpWideCharStr=0x19fd88, cchWideChar=19 | out: lpWideCharStr="atlTraceAllocation") returned 19 [0250.993] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.993] lstrlenA (lpString="atlTraceException") returned 17 [0250.993] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc74, cbMultiByte=18, lpWideCharStr=0x19fd88, cchWideChar=18 | out: lpWideCharStr="atlTraceException") returned 18 [0250.993] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.993] lstrlenA (lpString="atlTraceTime") returned 12 [0250.993] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc88, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceTime") returned 13 [0250.993] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.993] lstrlenA (lpString="atlTraceCache") returned 13 [0250.993] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bc98, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceCache") returned 14 [0250.993] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.993] lstrlenA (lpString="atlTraceStencil") returned 15 [0250.993] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bca8, cbMultiByte=16, lpWideCharStr=0x19fd88, cchWideChar=16 | out: lpWideCharStr="atlTraceStencil") returned 16 [0250.993] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.993] lstrlenA (lpString="atlTraceString") returned 14 [0250.993] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcb8, cbMultiByte=15, lpWideCharStr=0x19fd88, cchWideChar=15 | out: lpWideCharStr="atlTraceString") returned 15 [0250.993] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.993] lstrlenA (lpString="atlTraceMap") returned 11 [0250.993] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcc8, cbMultiByte=12, lpWideCharStr=0x19fd88, cchWideChar=12 | out: lpWideCharStr="atlTraceMap") returned 12 [0250.994] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.994] lstrlenA (lpString="atlTraceUtil") returned 12 [0250.994] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcd4, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceUtil") returned 13 [0250.994] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.994] lstrlenA (lpString="atlTraceSecurity") returned 16 [0250.994] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bce4, cbMultiByte=17, lpWideCharStr=0x19fd88, cchWideChar=17 | out: lpWideCharStr="atlTraceSecurity") returned 17 [0250.994] VirtualAlloc (lpAddress=0x282ee30, dwSize=0x5f0, flAllocationType=0x1000, flProtect=0x4) returned 0x282e000 [0250.994] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.994] lstrlenA (lpString="atlTraceSync") returned 12 [0250.994] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bcf8, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceSync") returned 13 [0250.994] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.994] lstrlenA (lpString="atlTraceISAPI") returned 13 [0250.994] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd08, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceISAPI") returned 14 [0250.994] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.994] lstrlenA (lpString="atlTraceUser") returned 12 [0250.994] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd18, cbMultiByte=13, lpWideCharStr=0x19fd88, cchWideChar=13 | out: lpWideCharStr="atlTraceUser") returned 13 [0250.995] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.995] lstrlenA (lpString="atlTraceUser2") returned 13 [0250.995] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd28, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser2") returned 14 [0250.995] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.995] lstrlenA (lpString="atlTraceUser3") returned 13 [0250.995] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd38, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser3") returned 14 [0250.995] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.995] lstrlenA (lpString="atlTraceUser4") returned 13 [0250.995] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x44bd48, cbMultiByte=14, lpWideCharStr=0x19fd88, cchWideChar=14 | out: lpWideCharStr="atlTraceUser4") returned 14 [0250.995] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.996] lstrlenA (lpString="atlTraceUI") returned 10 [0250.996] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x456fd0, cbMultiByte=11, lpWideCharStr=0x19fd88, cchWideChar=11 | out: lpWideCharStr="atlTraceUI") returned 11 [0250.996] OpenEventA (dwDesiredAccess=0x2, bInheritHandle=0, lpName="AtlTraceModuleManager_ProcessAddedStatic_100") returned 0x0 [0250.996] GetLastError () returned 0x2 [0250.996] SetLastError (dwErrCode=0x2) [0250.996] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.997] SetLastError (dwErrCode=0x2) [0250.997] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.998] SetLastError (dwErrCode=0x2) [0250.998] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0250.999] SetLastError (dwErrCode=0x2) [0250.999] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.000] SetLastError (dwErrCode=0x2) [0251.000] GetLastError () returned 0x2 [0251.001] SetLastError (dwErrCode=0x2) [0251.001] GetLastError () returned 0x2 [0251.001] SetLastError (dwErrCode=0x2) [0251.001] CoInitialize (pvReserved=0x0) returned 0x0 [0251.094] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0251.094] InitCommonControlsEx (picce=0x19febc) returned 1 [0251.095] GetCurrentThreadId () returned 0x750 [0251.095] GetCurrentThreadId () returned 0x750 [0251.095] GetCurrentThreadId () returned 0x750 [0251.095] SetRectEmpty (in: lprc=0x19fe60 | out: lprc=0x19fe60) returned 1 [0251.096] SetRectEmpty (in: lprc=0x19fea0 | out: lprc=0x19fea0) returned 1 [0251.096] IsProcessorFeaturePresent (ProcessorFeature=0xc) returned 1 [0251.096] RtlInterlockedPopEntrySList (in: ListHead=0x1d0518 | out: ListHead=0x1d0518) returned 0x0 [0251.096] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xa80000 [0251.096] RtlInterlockedPopEntrySList (in: ListHead=0x1d0518 | out: ListHead=0x1d0518) returned 0x0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80000 | out: ListHead=0x1d0518, ListEntry=0xa80000) returned 0x0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80010 | out: ListHead=0x1d0518, ListEntry=0xa80010) returned 0xa80000 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80020 | out: ListHead=0x1d0518, ListEntry=0xa80020) returned 0xa80010 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80030 | out: ListHead=0x1d0518, ListEntry=0xa80030) returned 0xa80020 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80040 | out: ListHead=0x1d0518, ListEntry=0xa80040) returned 0xa80030 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80050 | out: ListHead=0x1d0518, ListEntry=0xa80050) returned 0xa80040 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80060 | out: ListHead=0x1d0518, ListEntry=0xa80060) returned 0xa80050 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80070 | out: ListHead=0x1d0518, ListEntry=0xa80070) returned 0xa80060 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80080 | out: ListHead=0x1d0518, ListEntry=0xa80080) returned 0xa80070 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80090 | out: ListHead=0x1d0518, ListEntry=0xa80090) returned 0xa80080 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa800a0 | out: ListHead=0x1d0518, ListEntry=0xa800a0) returned 0xa80090 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa800b0 | out: ListHead=0x1d0518, ListEntry=0xa800b0) returned 0xa800a0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa800c0 | out: ListHead=0x1d0518, ListEntry=0xa800c0) returned 0xa800b0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa800d0 | out: ListHead=0x1d0518, ListEntry=0xa800d0) returned 0xa800c0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa800e0 | out: ListHead=0x1d0518, ListEntry=0xa800e0) returned 0xa800d0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa800f0 | out: ListHead=0x1d0518, ListEntry=0xa800f0) returned 0xa800e0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80100 | out: ListHead=0x1d0518, ListEntry=0xa80100) returned 0xa800f0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80110 | out: ListHead=0x1d0518, ListEntry=0xa80110) returned 0xa80100 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80120 | out: ListHead=0x1d0518, ListEntry=0xa80120) returned 0xa80110 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80130 | out: ListHead=0x1d0518, ListEntry=0xa80130) returned 0xa80120 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80140 | out: ListHead=0x1d0518, ListEntry=0xa80140) returned 0xa80130 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80150 | out: ListHead=0x1d0518, ListEntry=0xa80150) returned 0xa80140 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80160 | out: ListHead=0x1d0518, ListEntry=0xa80160) returned 0xa80150 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80170 | out: ListHead=0x1d0518, ListEntry=0xa80170) returned 0xa80160 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80180 | out: ListHead=0x1d0518, ListEntry=0xa80180) returned 0xa80170 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80190 | out: ListHead=0x1d0518, ListEntry=0xa80190) returned 0xa80180 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa801a0 | out: ListHead=0x1d0518, ListEntry=0xa801a0) returned 0xa80190 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa801b0 | out: ListHead=0x1d0518, ListEntry=0xa801b0) returned 0xa801a0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa801c0 | out: ListHead=0x1d0518, ListEntry=0xa801c0) returned 0xa801b0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa801d0 | out: ListHead=0x1d0518, ListEntry=0xa801d0) returned 0xa801c0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa801e0 | out: ListHead=0x1d0518, ListEntry=0xa801e0) returned 0xa801d0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa801f0 | out: ListHead=0x1d0518, ListEntry=0xa801f0) returned 0xa801e0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80200 | out: ListHead=0x1d0518, ListEntry=0xa80200) returned 0xa801f0 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80210 | out: ListHead=0x1d0518, ListEntry=0xa80210) returned 0xa80200 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80220 | out: ListHead=0x1d0518, ListEntry=0xa80220) returned 0xa80210 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80230 | out: ListHead=0x1d0518, ListEntry=0xa80230) returned 0xa80220 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80240 | out: ListHead=0x1d0518, ListEntry=0xa80240) returned 0xa80230 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80250 | out: ListHead=0x1d0518, ListEntry=0xa80250) returned 0xa80240 [0251.096] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80260 | out: ListHead=0x1d0518, ListEntry=0xa80260) returned 0xa80250 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80270 | out: ListHead=0x1d0518, ListEntry=0xa80270) returned 0xa80260 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80280 | out: ListHead=0x1d0518, ListEntry=0xa80280) returned 0xa80270 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80290 | out: ListHead=0x1d0518, ListEntry=0xa80290) returned 0xa80280 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa802a0 | out: ListHead=0x1d0518, ListEntry=0xa802a0) returned 0xa80290 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa802b0 | out: ListHead=0x1d0518, ListEntry=0xa802b0) returned 0xa802a0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa802c0 | out: ListHead=0x1d0518, ListEntry=0xa802c0) returned 0xa802b0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa802d0 | out: ListHead=0x1d0518, ListEntry=0xa802d0) returned 0xa802c0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa802e0 | out: ListHead=0x1d0518, ListEntry=0xa802e0) returned 0xa802d0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa802f0 | out: ListHead=0x1d0518, ListEntry=0xa802f0) returned 0xa802e0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80300 | out: ListHead=0x1d0518, ListEntry=0xa80300) returned 0xa802f0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80310 | out: ListHead=0x1d0518, ListEntry=0xa80310) returned 0xa80300 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80320 | out: ListHead=0x1d0518, ListEntry=0xa80320) returned 0xa80310 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80330 | out: ListHead=0x1d0518, ListEntry=0xa80330) returned 0xa80320 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80340 | out: ListHead=0x1d0518, ListEntry=0xa80340) returned 0xa80330 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80350 | out: ListHead=0x1d0518, ListEntry=0xa80350) returned 0xa80340 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80360 | out: ListHead=0x1d0518, ListEntry=0xa80360) returned 0xa80350 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80370 | out: ListHead=0x1d0518, ListEntry=0xa80370) returned 0xa80360 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80380 | out: ListHead=0x1d0518, ListEntry=0xa80380) returned 0xa80370 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80390 | out: ListHead=0x1d0518, ListEntry=0xa80390) returned 0xa80380 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa803a0 | out: ListHead=0x1d0518, ListEntry=0xa803a0) returned 0xa80390 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa803b0 | out: ListHead=0x1d0518, ListEntry=0xa803b0) returned 0xa803a0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa803c0 | out: ListHead=0x1d0518, ListEntry=0xa803c0) returned 0xa803b0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa803d0 | out: ListHead=0x1d0518, ListEntry=0xa803d0) returned 0xa803c0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa803e0 | out: ListHead=0x1d0518, ListEntry=0xa803e0) returned 0xa803d0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa803f0 | out: ListHead=0x1d0518, ListEntry=0xa803f0) returned 0xa803e0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80400 | out: ListHead=0x1d0518, ListEntry=0xa80400) returned 0xa803f0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80410 | out: ListHead=0x1d0518, ListEntry=0xa80410) returned 0xa80400 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80420 | out: ListHead=0x1d0518, ListEntry=0xa80420) returned 0xa80410 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80430 | out: ListHead=0x1d0518, ListEntry=0xa80430) returned 0xa80420 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80440 | out: ListHead=0x1d0518, ListEntry=0xa80440) returned 0xa80430 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80450 | out: ListHead=0x1d0518, ListEntry=0xa80450) returned 0xa80440 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80460 | out: ListHead=0x1d0518, ListEntry=0xa80460) returned 0xa80450 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80470 | out: ListHead=0x1d0518, ListEntry=0xa80470) returned 0xa80460 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80480 | out: ListHead=0x1d0518, ListEntry=0xa80480) returned 0xa80470 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80490 | out: ListHead=0x1d0518, ListEntry=0xa80490) returned 0xa80480 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa804a0 | out: ListHead=0x1d0518, ListEntry=0xa804a0) returned 0xa80490 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa804b0 | out: ListHead=0x1d0518, ListEntry=0xa804b0) returned 0xa804a0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa804c0 | out: ListHead=0x1d0518, ListEntry=0xa804c0) returned 0xa804b0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa804d0 | out: ListHead=0x1d0518, ListEntry=0xa804d0) returned 0xa804c0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa804e0 | out: ListHead=0x1d0518, ListEntry=0xa804e0) returned 0xa804d0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa804f0 | out: ListHead=0x1d0518, ListEntry=0xa804f0) returned 0xa804e0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80500 | out: ListHead=0x1d0518, ListEntry=0xa80500) returned 0xa804f0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80510 | out: ListHead=0x1d0518, ListEntry=0xa80510) returned 0xa80500 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80520 | out: ListHead=0x1d0518, ListEntry=0xa80520) returned 0xa80510 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80530 | out: ListHead=0x1d0518, ListEntry=0xa80530) returned 0xa80520 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80540 | out: ListHead=0x1d0518, ListEntry=0xa80540) returned 0xa80530 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80550 | out: ListHead=0x1d0518, ListEntry=0xa80550) returned 0xa80540 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80560 | out: ListHead=0x1d0518, ListEntry=0xa80560) returned 0xa80550 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80570 | out: ListHead=0x1d0518, ListEntry=0xa80570) returned 0xa80560 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80580 | out: ListHead=0x1d0518, ListEntry=0xa80580) returned 0xa80570 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80590 | out: ListHead=0x1d0518, ListEntry=0xa80590) returned 0xa80580 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa805a0 | out: ListHead=0x1d0518, ListEntry=0xa805a0) returned 0xa80590 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa805b0 | out: ListHead=0x1d0518, ListEntry=0xa805b0) returned 0xa805a0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa805c0 | out: ListHead=0x1d0518, ListEntry=0xa805c0) returned 0xa805b0 [0251.097] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa805d0 | out: ListHead=0x1d0518, ListEntry=0xa805d0) returned 0xa805c0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa805e0 | out: ListHead=0x1d0518, ListEntry=0xa805e0) returned 0xa805d0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa805f0 | out: ListHead=0x1d0518, ListEntry=0xa805f0) returned 0xa805e0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80600 | out: ListHead=0x1d0518, ListEntry=0xa80600) returned 0xa805f0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80610 | out: ListHead=0x1d0518, ListEntry=0xa80610) returned 0xa80600 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80620 | out: ListHead=0x1d0518, ListEntry=0xa80620) returned 0xa80610 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80630 | out: ListHead=0x1d0518, ListEntry=0xa80630) returned 0xa80620 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80640 | out: ListHead=0x1d0518, ListEntry=0xa80640) returned 0xa80630 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80650 | out: ListHead=0x1d0518, ListEntry=0xa80650) returned 0xa80640 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80660 | out: ListHead=0x1d0518, ListEntry=0xa80660) returned 0xa80650 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80670 | out: ListHead=0x1d0518, ListEntry=0xa80670) returned 0xa80660 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80680 | out: ListHead=0x1d0518, ListEntry=0xa80680) returned 0xa80670 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80690 | out: ListHead=0x1d0518, ListEntry=0xa80690) returned 0xa80680 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa806a0 | out: ListHead=0x1d0518, ListEntry=0xa806a0) returned 0xa80690 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa806b0 | out: ListHead=0x1d0518, ListEntry=0xa806b0) returned 0xa806a0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa806c0 | out: ListHead=0x1d0518, ListEntry=0xa806c0) returned 0xa806b0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa806d0 | out: ListHead=0x1d0518, ListEntry=0xa806d0) returned 0xa806c0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa806e0 | out: ListHead=0x1d0518, ListEntry=0xa806e0) returned 0xa806d0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa806f0 | out: ListHead=0x1d0518, ListEntry=0xa806f0) returned 0xa806e0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80700 | out: ListHead=0x1d0518, ListEntry=0xa80700) returned 0xa806f0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80710 | out: ListHead=0x1d0518, ListEntry=0xa80710) returned 0xa80700 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80720 | out: ListHead=0x1d0518, ListEntry=0xa80720) returned 0xa80710 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80730 | out: ListHead=0x1d0518, ListEntry=0xa80730) returned 0xa80720 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80740 | out: ListHead=0x1d0518, ListEntry=0xa80740) returned 0xa80730 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80750 | out: ListHead=0x1d0518, ListEntry=0xa80750) returned 0xa80740 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80760 | out: ListHead=0x1d0518, ListEntry=0xa80760) returned 0xa80750 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80770 | out: ListHead=0x1d0518, ListEntry=0xa80770) returned 0xa80760 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80780 | out: ListHead=0x1d0518, ListEntry=0xa80780) returned 0xa80770 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80790 | out: ListHead=0x1d0518, ListEntry=0xa80790) returned 0xa80780 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa807a0 | out: ListHead=0x1d0518, ListEntry=0xa807a0) returned 0xa80790 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa807b0 | out: ListHead=0x1d0518, ListEntry=0xa807b0) returned 0xa807a0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa807c0 | out: ListHead=0x1d0518, ListEntry=0xa807c0) returned 0xa807b0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa807d0 | out: ListHead=0x1d0518, ListEntry=0xa807d0) returned 0xa807c0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa807e0 | out: ListHead=0x1d0518, ListEntry=0xa807e0) returned 0xa807d0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa807f0 | out: ListHead=0x1d0518, ListEntry=0xa807f0) returned 0xa807e0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80800 | out: ListHead=0x1d0518, ListEntry=0xa80800) returned 0xa807f0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80810 | out: ListHead=0x1d0518, ListEntry=0xa80810) returned 0xa80800 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80820 | out: ListHead=0x1d0518, ListEntry=0xa80820) returned 0xa80810 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80830 | out: ListHead=0x1d0518, ListEntry=0xa80830) returned 0xa80820 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80840 | out: ListHead=0x1d0518, ListEntry=0xa80840) returned 0xa80830 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80850 | out: ListHead=0x1d0518, ListEntry=0xa80850) returned 0xa80840 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80860 | out: ListHead=0x1d0518, ListEntry=0xa80860) returned 0xa80850 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80870 | out: ListHead=0x1d0518, ListEntry=0xa80870) returned 0xa80860 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80880 | out: ListHead=0x1d0518, ListEntry=0xa80880) returned 0xa80870 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80890 | out: ListHead=0x1d0518, ListEntry=0xa80890) returned 0xa80880 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa808a0 | out: ListHead=0x1d0518, ListEntry=0xa808a0) returned 0xa80890 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa808b0 | out: ListHead=0x1d0518, ListEntry=0xa808b0) returned 0xa808a0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa808c0 | out: ListHead=0x1d0518, ListEntry=0xa808c0) returned 0xa808b0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa808d0 | out: ListHead=0x1d0518, ListEntry=0xa808d0) returned 0xa808c0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa808e0 | out: ListHead=0x1d0518, ListEntry=0xa808e0) returned 0xa808d0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa808f0 | out: ListHead=0x1d0518, ListEntry=0xa808f0) returned 0xa808e0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80900 | out: ListHead=0x1d0518, ListEntry=0xa80900) returned 0xa808f0 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80910 | out: ListHead=0x1d0518, ListEntry=0xa80910) returned 0xa80900 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80920 | out: ListHead=0x1d0518, ListEntry=0xa80920) returned 0xa80910 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80930 | out: ListHead=0x1d0518, ListEntry=0xa80930) returned 0xa80920 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80940 | out: ListHead=0x1d0518, ListEntry=0xa80940) returned 0xa80930 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80950 | out: ListHead=0x1d0518, ListEntry=0xa80950) returned 0xa80940 [0251.098] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80960 | out: ListHead=0x1d0518, ListEntry=0xa80960) returned 0xa80950 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80970 | out: ListHead=0x1d0518, ListEntry=0xa80970) returned 0xa80960 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80980 | out: ListHead=0x1d0518, ListEntry=0xa80980) returned 0xa80970 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80990 | out: ListHead=0x1d0518, ListEntry=0xa80990) returned 0xa80980 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa809a0 | out: ListHead=0x1d0518, ListEntry=0xa809a0) returned 0xa80990 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa809b0 | out: ListHead=0x1d0518, ListEntry=0xa809b0) returned 0xa809a0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa809c0 | out: ListHead=0x1d0518, ListEntry=0xa809c0) returned 0xa809b0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa809d0 | out: ListHead=0x1d0518, ListEntry=0xa809d0) returned 0xa809c0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa809e0 | out: ListHead=0x1d0518, ListEntry=0xa809e0) returned 0xa809d0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa809f0 | out: ListHead=0x1d0518, ListEntry=0xa809f0) returned 0xa809e0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a00 | out: ListHead=0x1d0518, ListEntry=0xa80a00) returned 0xa809f0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a10 | out: ListHead=0x1d0518, ListEntry=0xa80a10) returned 0xa80a00 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a20 | out: ListHead=0x1d0518, ListEntry=0xa80a20) returned 0xa80a10 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a30 | out: ListHead=0x1d0518, ListEntry=0xa80a30) returned 0xa80a20 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a40 | out: ListHead=0x1d0518, ListEntry=0xa80a40) returned 0xa80a30 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a50 | out: ListHead=0x1d0518, ListEntry=0xa80a50) returned 0xa80a40 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a60 | out: ListHead=0x1d0518, ListEntry=0xa80a60) returned 0xa80a50 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a70 | out: ListHead=0x1d0518, ListEntry=0xa80a70) returned 0xa80a60 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a80 | out: ListHead=0x1d0518, ListEntry=0xa80a80) returned 0xa80a70 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80a90 | out: ListHead=0x1d0518, ListEntry=0xa80a90) returned 0xa80a80 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80aa0 | out: ListHead=0x1d0518, ListEntry=0xa80aa0) returned 0xa80a90 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ab0 | out: ListHead=0x1d0518, ListEntry=0xa80ab0) returned 0xa80aa0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ac0 | out: ListHead=0x1d0518, ListEntry=0xa80ac0) returned 0xa80ab0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ad0 | out: ListHead=0x1d0518, ListEntry=0xa80ad0) returned 0xa80ac0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ae0 | out: ListHead=0x1d0518, ListEntry=0xa80ae0) returned 0xa80ad0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80af0 | out: ListHead=0x1d0518, ListEntry=0xa80af0) returned 0xa80ae0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b00 | out: ListHead=0x1d0518, ListEntry=0xa80b00) returned 0xa80af0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b10 | out: ListHead=0x1d0518, ListEntry=0xa80b10) returned 0xa80b00 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b20 | out: ListHead=0x1d0518, ListEntry=0xa80b20) returned 0xa80b10 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b30 | out: ListHead=0x1d0518, ListEntry=0xa80b30) returned 0xa80b20 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b40 | out: ListHead=0x1d0518, ListEntry=0xa80b40) returned 0xa80b30 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b50 | out: ListHead=0x1d0518, ListEntry=0xa80b50) returned 0xa80b40 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b60 | out: ListHead=0x1d0518, ListEntry=0xa80b60) returned 0xa80b50 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b70 | out: ListHead=0x1d0518, ListEntry=0xa80b70) returned 0xa80b60 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b80 | out: ListHead=0x1d0518, ListEntry=0xa80b80) returned 0xa80b70 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80b90 | out: ListHead=0x1d0518, ListEntry=0xa80b90) returned 0xa80b80 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ba0 | out: ListHead=0x1d0518, ListEntry=0xa80ba0) returned 0xa80b90 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80bb0 | out: ListHead=0x1d0518, ListEntry=0xa80bb0) returned 0xa80ba0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80bc0 | out: ListHead=0x1d0518, ListEntry=0xa80bc0) returned 0xa80bb0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80bd0 | out: ListHead=0x1d0518, ListEntry=0xa80bd0) returned 0xa80bc0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80be0 | out: ListHead=0x1d0518, ListEntry=0xa80be0) returned 0xa80bd0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80bf0 | out: ListHead=0x1d0518, ListEntry=0xa80bf0) returned 0xa80be0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c00 | out: ListHead=0x1d0518, ListEntry=0xa80c00) returned 0xa80bf0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c10 | out: ListHead=0x1d0518, ListEntry=0xa80c10) returned 0xa80c00 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c20 | out: ListHead=0x1d0518, ListEntry=0xa80c20) returned 0xa80c10 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c30 | out: ListHead=0x1d0518, ListEntry=0xa80c30) returned 0xa80c20 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c40 | out: ListHead=0x1d0518, ListEntry=0xa80c40) returned 0xa80c30 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c50 | out: ListHead=0x1d0518, ListEntry=0xa80c50) returned 0xa80c40 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c60 | out: ListHead=0x1d0518, ListEntry=0xa80c60) returned 0xa80c50 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c70 | out: ListHead=0x1d0518, ListEntry=0xa80c70) returned 0xa80c60 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c80 | out: ListHead=0x1d0518, ListEntry=0xa80c80) returned 0xa80c70 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80c90 | out: ListHead=0x1d0518, ListEntry=0xa80c90) returned 0xa80c80 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ca0 | out: ListHead=0x1d0518, ListEntry=0xa80ca0) returned 0xa80c90 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80cb0 | out: ListHead=0x1d0518, ListEntry=0xa80cb0) returned 0xa80ca0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80cc0 | out: ListHead=0x1d0518, ListEntry=0xa80cc0) returned 0xa80cb0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80cd0 | out: ListHead=0x1d0518, ListEntry=0xa80cd0) returned 0xa80cc0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ce0 | out: ListHead=0x1d0518, ListEntry=0xa80ce0) returned 0xa80cd0 [0251.099] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80cf0 | out: ListHead=0x1d0518, ListEntry=0xa80cf0) returned 0xa80ce0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d00 | out: ListHead=0x1d0518, ListEntry=0xa80d00) returned 0xa80cf0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d10 | out: ListHead=0x1d0518, ListEntry=0xa80d10) returned 0xa80d00 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d20 | out: ListHead=0x1d0518, ListEntry=0xa80d20) returned 0xa80d10 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d30 | out: ListHead=0x1d0518, ListEntry=0xa80d30) returned 0xa80d20 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d40 | out: ListHead=0x1d0518, ListEntry=0xa80d40) returned 0xa80d30 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d50 | out: ListHead=0x1d0518, ListEntry=0xa80d50) returned 0xa80d40 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d60 | out: ListHead=0x1d0518, ListEntry=0xa80d60) returned 0xa80d50 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d70 | out: ListHead=0x1d0518, ListEntry=0xa80d70) returned 0xa80d60 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d80 | out: ListHead=0x1d0518, ListEntry=0xa80d80) returned 0xa80d70 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80d90 | out: ListHead=0x1d0518, ListEntry=0xa80d90) returned 0xa80d80 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80da0 | out: ListHead=0x1d0518, ListEntry=0xa80da0) returned 0xa80d90 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80db0 | out: ListHead=0x1d0518, ListEntry=0xa80db0) returned 0xa80da0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80dc0 | out: ListHead=0x1d0518, ListEntry=0xa80dc0) returned 0xa80db0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80dd0 | out: ListHead=0x1d0518, ListEntry=0xa80dd0) returned 0xa80dc0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80de0 | out: ListHead=0x1d0518, ListEntry=0xa80de0) returned 0xa80dd0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80df0 | out: ListHead=0x1d0518, ListEntry=0xa80df0) returned 0xa80de0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e00 | out: ListHead=0x1d0518, ListEntry=0xa80e00) returned 0xa80df0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e10 | out: ListHead=0x1d0518, ListEntry=0xa80e10) returned 0xa80e00 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e20 | out: ListHead=0x1d0518, ListEntry=0xa80e20) returned 0xa80e10 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e30 | out: ListHead=0x1d0518, ListEntry=0xa80e30) returned 0xa80e20 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e40 | out: ListHead=0x1d0518, ListEntry=0xa80e40) returned 0xa80e30 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e50 | out: ListHead=0x1d0518, ListEntry=0xa80e50) returned 0xa80e40 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e60 | out: ListHead=0x1d0518, ListEntry=0xa80e60) returned 0xa80e50 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e70 | out: ListHead=0x1d0518, ListEntry=0xa80e70) returned 0xa80e60 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e80 | out: ListHead=0x1d0518, ListEntry=0xa80e80) returned 0xa80e70 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80e90 | out: ListHead=0x1d0518, ListEntry=0xa80e90) returned 0xa80e80 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ea0 | out: ListHead=0x1d0518, ListEntry=0xa80ea0) returned 0xa80e90 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80eb0 | out: ListHead=0x1d0518, ListEntry=0xa80eb0) returned 0xa80ea0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ec0 | out: ListHead=0x1d0518, ListEntry=0xa80ec0) returned 0xa80eb0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ed0 | out: ListHead=0x1d0518, ListEntry=0xa80ed0) returned 0xa80ec0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ee0 | out: ListHead=0x1d0518, ListEntry=0xa80ee0) returned 0xa80ed0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80ef0 | out: ListHead=0x1d0518, ListEntry=0xa80ef0) returned 0xa80ee0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f00 | out: ListHead=0x1d0518, ListEntry=0xa80f00) returned 0xa80ef0 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f10 | out: ListHead=0x1d0518, ListEntry=0xa80f10) returned 0xa80f00 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f20 | out: ListHead=0x1d0518, ListEntry=0xa80f20) returned 0xa80f10 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f30 | out: ListHead=0x1d0518, ListEntry=0xa80f30) returned 0xa80f20 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f40 | out: ListHead=0x1d0518, ListEntry=0xa80f40) returned 0xa80f30 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f50 | out: ListHead=0x1d0518, ListEntry=0xa80f50) returned 0xa80f40 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f60 | out: ListHead=0x1d0518, ListEntry=0xa80f60) returned 0xa80f50 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f70 | out: ListHead=0x1d0518, ListEntry=0xa80f70) returned 0xa80f60 [0251.100] RtlInterlockedPushEntrySList (in: ListHead=0x1d0518, ListEntry=0xa80f80 | out: ListHead=0x1d0518, ListEntry=0xa80f80) returned 0xa80f70 [0251.100] GetCurrentProcess () returned 0xffffffff [0251.100] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xa80ff0, dwSize=0xd) returned 1 [0251.100] GetCurrentThreadId () returned 0x750 [0251.100] CreateDialogParamA (hInstance=0x400000, lpTemplateName=0x81, hWndParent=0x0, lpDialogFunc=0x40a020, dwInitParam=0x0) returned 0x30086 [0251.135] GetCurrentThreadId () returned 0x750 [0251.135] GetCurrentProcess () returned 0xffffffff [0251.135] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xa80ff0, dwSize=0xd) returned 1 [0251.135] SetWindowLongA (hWnd=0x30086, nIndex=4, dwNewLong=11014128) returned 4235296 [0251.146] IsWindow (hWnd=0x30086) returned 1 [0251.146] IsWindow (hWnd=0x30086) returned 1 [0251.146] GetWindowLongA (hWnd=0x30086, nIndex=-16) returned 80347204 [0251.146] GetWindow (hWnd=0x30086, uCmd=0x4) returned 0x0 [0251.146] GetWindowRect (in: hWnd=0x30086, lpRect=0x19f89c | out: lpRect=0x19f89c) returned 1 [0251.146] MonitorFromWindow (hwnd=0x30086, dwFlags=0x2) returned 0x10001 [0251.146] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19f860 | out: lpmi=0x19f860) returned 1 [0251.146] SetWindowPos (hWnd=0x30086, hWndInsertAfter=0x0, X=535, Y=255, cx=-1, cy=-1, uFlags=0x15) returned 1 [0251.155] GetSystemMetrics (nIndex=12) returned 32 [0251.155] GetSystemMetrics (nIndex=11) returned 32 [0251.155] LoadImageA (hInst=0x400000, name=0x80, type=0x1, cx=32, cy=32, fuLoad=0x0) returned 0x2c00c3 [0251.156] IsWindow (hWnd=0x30086) returned 1 [0251.156] SendMessageA (hWnd=0x30086, Msg=0x80, wParam=0x1, lParam=0x2c00c3) returned 0x0 [0251.157] GetSystemMetrics (nIndex=50) returned 16 [0251.157] GetSystemMetrics (nIndex=49) returned 16 [0251.157] LoadImageA (hInst=0x400000, name=0x80, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x301ad [0251.158] IsWindow (hWnd=0x30086) returned 1 [0251.158] SendMessageA (hWnd=0x30086, Msg=0x80, wParam=0x0, lParam=0x301ad) returned 0x0 [0251.159] GetDlgItem (hDlg=0x30086, nIDDlgItem=1000) returned 0x3004a [0251.159] IsWindow (hWnd=0x3004a) returned 1 [0251.159] RtlInterlockedPopEntrySList (in: ListHead=0x1d0518 | out: ListHead=0x1d0518) returned 0xa80fe0 [0251.159] GetCurrentProcess () returned 0xffffffff [0251.159] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xa80fe0, dwSize=0xd) returned 1 [0251.159] SetWindowLongA (hWnd=0x3004a, nIndex=-4, dwNewLong=11014112) returned 2004536176 [0251.159] GetWindowRect (in: hWnd=0x3004a, lpRect=0x19f8c4 | out: lpRect=0x19f8c4) returned 1 [0251.159] IsWindow (hWnd=0x3004a) returned 1 [0251.159] GetParent (hWnd=0x3004a) returned 0x30086 [0251.159] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30086, lpPoints=0x19f8c4, cPoints=0x2 | out: lpPoints=0x19f8c4) returned -18350618 [0251.160] IsWindow (hWnd=0x3004a) returned 1 [0251.160] SetWindowPos (hWnd=0x3004a, hWndInsertAfter=0x0, X=84, Y=49, cx=269, cy=59, uFlags=0x20) returned 1 [0251.160] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x3004a, Msg=0x46, wParam=0x0, lParam=0x19f854) returned 0x0 [0251.160] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x3004a, Msg=0x83, wParam=0x1, lParam=0x19f82c) returned 0x0 [0251.160] CopyRect (in: lprcDst=0x19fe60, lprcSrc=0x19f82c | out: lprcDst=0x19fe60) returned 1 [0251.160] OffsetRect (in: lprc=0x19fe60, dx=-84, dy=-49 | out: lprc=0x19fe60) returned 1 [0251.161] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x3004a, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0251.161] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x3004a, Msg=0x47, wParam=0x0, lParam=0x19f854) returned 0x0 [0251.161] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x3004a, Msg=0x5, wParam=0x0, lParam=0x3700dd) returned 0x0 [0251.161] GetDlgItem (hDlg=0x30086, nIDDlgItem=1001) returned 0x2005c [0251.161] IsWindow (hWnd=0x2005c) returned 1 [0251.161] RtlInterlockedPopEntrySList (in: ListHead=0x1d0518 | out: ListHead=0x1d0518) returned 0xa80fd0 [0251.161] GetCurrentProcess () returned 0xffffffff [0251.161] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xa80fd0, dwSize=0xd) returned 1 [0251.161] SetWindowLongA (hWnd=0x2005c, nIndex=-4, dwNewLong=11014096) returned 2004536176 [0251.161] GetWindowRect (in: hWnd=0x2005c, lpRect=0x19f8c4 | out: lpRect=0x19f8c4) returned 1 [0251.161] IsWindow (hWnd=0x2005c) returned 1 [0251.161] GetParent (hWnd=0x2005c) returned 0x30086 [0251.161] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x30086, lpPoints=0x19f8c4, cPoints=0x2 | out: lpPoints=0x19f8c4) returned -18350618 [0251.161] IsWindow (hWnd=0x2005c) returned 1 [0251.161] SetWindowPos (hWnd=0x2005c, hWndInsertAfter=0x0, X=105, Y=80, cx=315, cy=52, uFlags=0x20) returned 1 [0251.161] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x46, wParam=0x0, lParam=0x19f854) returned 0x0 [0251.162] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x83, wParam=0x1, lParam=0x19f82c) returned 0x0 [0251.162] CopyRect (in: lprcDst=0x19fea0, lprcSrc=0x19f82c | out: lprcDst=0x19fea0) returned 1 [0251.162] OffsetRect (in: lprc=0x19fea0, dx=-105, dy=-80 | out: lprc=0x19fea0) returned 1 [0251.163] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x22, wParam=0x0, lParam=0x0) returned 0x0 [0251.163] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x47, wParam=0x0, lParam=0x19f854) returned 0x0 [0251.163] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x5, wParam=0x0, lParam=0x300111) returned 0x0 [0251.163] GetCurrentThreadId () returned 0x750 [0251.163] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x89 [0251.164] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0xb1, wParam=0x0, lParam=0x7fffffff) returned 0x1 [0251.172] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0251.175] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0251.175] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0251.175] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0251.176] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x282, wParam=0xf, lParam=0x1000df) returned 0x0 [0251.176] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0251.176] IsWindow (hWnd=0x2005c) returned 1 [0251.176] SendMessageA (hWnd=0x2005c, Msg=0x2111, wParam=0x10003e9, lParam=0x2005c) returned 0x0 [0251.176] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x2111, wParam=0x10003e9, lParam=0x2005c) returned 0x0 [0251.176] SetWindowLongA (hWnd=0x30086, nIndex=0, dwNewLong=0) returned 0 [0251.177] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x87, wParam=0x0, lParam=0x0) returned 0x89 [0251.177] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0251.177] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x3004a, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0251.178] IsWindow (hWnd=0x30086) returned 1 [0251.178] ShowWindow (hWnd=0x30086, nCmdShow=1) returned 0 [0251.212] IsWindow (hWnd=0x30086) returned 1 [0251.212] SendMessageA (hWnd=0x30086, Msg=0x2136, wParam=0x90100d0, lParam=0x30086) returned 0x0 [0251.214] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0251.214] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0251.214] IsWindow (hWnd=0x30086) returned 1 [0251.214] IsDialogMessageA (hDlg=0x30086, lpMsg=0x19fdd4) returned 1 [0251.214] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0251.214] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0251.214] IsWindow (hWnd=0x30086) returned 1 [0251.214] IsDialogMessageA (hDlg=0x30086, lpMsg=0x19fdd4) returned 1 [0251.214] PeekMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fdd4) returned 1 [0251.214] GetMessageA (in: lpMsg=0x19fdd4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fdd4) returned 1 [0251.215] IsWindow (hWnd=0x30086) returned 1 [0251.215] IsDialogMessageA (hDlg=0x30086, lpMsg=0x19fdd4) [0251.215] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0xf, wParam=0x0, lParam=0x0) [0251.215] CallWindowProcA (lpPrevWndFunc=0x777acb70, hWnd=0x2005c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0251.215] IsWindow (hWnd=0x2005c) returned 1 [0251.215] GetWindowLongA (hWnd=0x2005c, nIndex=-16) returned 1342242944 [0251.215] OffsetRect (in: lprc=0x463a10, dx=-275, dy=-2 | out: lprc=0x463a10) returned 1 [0251.215] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0251.215] GetLastError () returned 0x0 [0251.215] SetLastError (dwErrCode=0x0) [0251.215] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75eb0000 [0251.215] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4270e0, lpParameter=0x24210e8, dwCreationFlags=0x4, lpThreadId=0x24210e8 | out: lpThreadId=0x24210e8*=0x538) returned 0x21c [0251.216] ResumeThread (hThread=0x21c) returned 0x1 [0251.216] GetLastError () returned 0x0 [0251.216] SetLastError (dwErrCode=0x0) [0251.216] RtlExitUserThread (Status=0x0) Thread: id = 85 os_tid = 0x518 Thread: id = 86 os_tid = 0x2d8 Thread: id = 87 os_tid = 0x538 [0251.412] GetLastError () returned 0x0 [0251.412] SetLastError (dwErrCode=0x0) [0251.413] CancelDC (hdc=0x0) returned 0 [0251.413] GetDC (hWnd=0x0) returned 0x90100d0 [0251.413] SetBkColor (hdc=0x90100d0, color=0x1) returned 0xffffff [0251.414] GetLastError () returned 0x6 [0251.414] CreateDIBSection (in: hdc=0x0, lpbmi=0x296e9f8, usage=0x0, ppvBits=0x296e9d8, hSection=0x0, offset=0x0 | out: ppvBits=0x296e9d8) returned 0xb050555 [0251.414] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0251.419] GdipCreateFontFamilyFromName (name=0x4557b8, fontCollection=0x0, fontFamily=0x296eac4) returned 0x12 [0251.420] GdipCreateFont (fontFamily=0x0, emSize=0x40c00000, style=1, unit=0x2, font=0x296999c) returned 0x12 [0251.420] GdiplusStartup (in: token=0x296eac0, input=0x296ea78, output=0x0 | out: token=0x296eac0, output=0x0) returned 0x0 [0251.423] GdipCreateFromHDC2 (hdc=0x0, hDevice=0x0, graphics=0x29699a4) returned 0x3 [0251.425] GdipCreateSolidFill (color=0xffffffff, brush=0x29699a8) returned 0x0 [0251.427] GdipCreateFontFamilyFromName (name="Times New Roman", fontCollection=0x0, fontFamily=0x296ea40) returned 0x0 [0251.544] GdipDrawString (graphics=0x0, string="Using \"Technology\", i.e.", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipDrawString (graphics=0x0, string="GDI+, I have created a", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipDrawString (graphics=0x0, string="texture from system", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipDrawString (graphics=0x0, string="installed fonts! That", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipDrawString (graphics=0x0, string="means international", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipDrawString (graphics=0x0, string="characters!", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipDrawString (graphics=0x0, string="", length=-1, font=0x0, layoutRect=0x296998c, stringFormat=0x0, brush=0x171f08) returned 0x2 [0251.544] GdipFlush (graphics=0x0, intention=0x0) returned 0x2 [0251.544] GdipCreateBitmapFromHBITMAP (hbm=0x0, hpal=0x0, bitmap=0x29699a4) returned 0x7 [0251.545] DeleteObject (ho=0x0) returned 0 [0251.545] DeleteDC (hdc=0x0) returned 0 [0251.545] GdipDisposeImage (image=0x0) returned 0x2 [0251.546] GdipDeleteFontFamily (fontFamily=0x17c7e0) returned 0x0 [0251.546] GdipDeleteBrush (brush=0x171f08) returned 0x0 [0251.547] GdipDeleteGraphics (graphics=0x0) returned 0x2 [0251.548] GdipDeleteFont (font=0x0) returned 0x2 [0251.548] GdipDeleteFontFamily (fontFamily=0x0) returned 0x2 [0251.548] GetSysColorBrush (nIndex=15) returned 0x1100074 [0251.548] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0251.548] RegisterClassA (lpWndClass=0x296e3c4) returned 0xc151 [0251.548] CreateWindowExA (dwExStyle=0x0, lpClassName="Check Box", lpWindowName="", dwStyle=0x10cf0000, X=150, Y=150, nWidth=230, nHeight=150, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0251.549] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x79e) returned 0x0 [0251.549] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x230 [0251.552] Process32First (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.552] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x64, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.553] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.553] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.554] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x18c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.554] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x184, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.555] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x184, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.556] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x18c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.556] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x18c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.557] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x238, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.557] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x268, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.558] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.558] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.559] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.559] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.560] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.560] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.561] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.561] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0251.562] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x424, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.562] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.563] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0251.563] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x640, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.564] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x30c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0251.564] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x30c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0251.565] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0251.565] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x568, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x594, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.566] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x238, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0251.566] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x96c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x238, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0251.567] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x238, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0251.567] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x238, pcPriClassBase=8, dwFlags=0x0, szExeFile="mobsync.exe")) returned 1 [0251.568] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x478, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="autoclb.exe")) returned 1 [0251.568] Process32Next (in: hSnapshot=0x230, lppe=0x296e168 | out: lppe=0x296e168*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x478, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="autoclb.exe")) returned 0 [0251.569] CloseHandle (hObject=0x230) returned 1 [0251.569] DefWindowProcW (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0251.569] DefWindowProcW (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0251.569] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x158, pvParam=0x296dc78, fWinIni=0x0 | out: pvParam=0x296dc78) returned 1 [0251.569] CreateFontIndirectA (lplf=0x296dbec) returned 0x80a0568 [0251.569] DdeAccessData (in: hData=0x0, pcbDataSize=0x296ddd4 | out: pcbDataSize=0x296ddd4) returned 0x0 [0251.569] CreateWindowExA (dwExStyle=0x0, lpClassName="SysListView32", lpWindowName=0x0, dwStyle=0x50000000, X=50, Y=50, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0251.569] LoadImageA (hInst=0x400000, name=0x555, type=0x0, cx=0, cy=0, fuLoad=0x0) returned 0x0 [0251.569] SendMessageA (hWnd=0x0, Msg=0x1044, wParam=0x0, lParam=0x296dc60) returned 0x0 [0251.569] GetTitleBarInfo (in: hwnd=0x0, pti=0x0 | out: pti=0x0) returned 0 [0251.569] DestroyWindow (hWnd=0x0) returned 0 [0251.569] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0xb050555, lParam=0x0) returned 0x0 [0251.569] BeginPaint (in: hWnd=0x0, lpPaint=0x296dde8 | out: lpPaint=0x296dde8) returned 0x0 [0251.569] EndPaint (hWnd=0x0, lpPaint=0x296dde8) returned 0 [0251.570] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0xb050555, lParam=0x0) returned 0x0 [0251.570] CreateCompatibleDC (hdc=0x1) returned 0x0 [0251.570] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0251.570] DeleteDC (hdc=0x0) returned 0 [0251.570] GetDC (hWnd=0x0) returned 0x10105d9 [0251.570] CreateCompatibleDC (hdc=0x10105d9) returned 0x7010567 [0251.570] CreateCompatibleBitmap (hdc=0x7010567, cx=512, cy=512) returned 0x5050569 [0251.570] SelectObject (hdc=0x7010567, h=0x5050569) returned 0x185000f [0251.570] SelectObject (hdc=0x7010567, h=0x0) returned 0x0 [0251.570] SetRect (in: lprc=0x296d314, xLeft=0, yTop=0, xRight=512, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.570] GetStockObject (i=0) returned 0x1900010 [0251.570] FillRect (hDC=0x7010567, lprc=0x296d314, hbr=0x1900010) returned 1 [0251.570] SetTextColor (hdc=0x7010567, color=0x0) returned 0x0 [0251.570] SetRect (in: lprc=0x296d314, xLeft=0, yTop=0, xRight=32, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.570] DrawTextA (in: hdc=0x7010567, lpchText="", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="", lprc=0x296d314) returned 16 [0251.725] SetRect (in: lprc=0x296d314, xLeft=32, yTop=0, xRight=64, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.725] DrawTextA (in: hdc=0x7010567, lpchText="\x01\x01", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x01\x01", lprc=0x296d314) returned 16 [0251.726] SetRect (in: lprc=0x296d314, xLeft=64, yTop=0, xRight=96, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.726] DrawTextA (in: hdc=0x7010567, lpchText="\x02\x02", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x02\x02", lprc=0x296d314) returned 16 [0251.726] SetRect (in: lprc=0x296d314, xLeft=96, yTop=0, xRight=128, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.726] DrawTextA (in: hdc=0x7010567, lpchText="\x03\x03", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x03\x03", lprc=0x296d314) returned 16 [0251.727] SetRect (in: lprc=0x296d314, xLeft=128, yTop=0, xRight=160, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.727] DrawTextA (in: hdc=0x7010567, lpchText="\x04\x04", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x04\x04", lprc=0x296d314) returned 16 [0251.728] SetRect (in: lprc=0x296d314, xLeft=160, yTop=0, xRight=192, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.728] DrawTextA (in: hdc=0x7010567, lpchText="\x05\x05", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x05\x05", lprc=0x296d314) returned 16 [0251.728] SetRect (in: lprc=0x296d314, xLeft=192, yTop=0, xRight=224, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.728] DrawTextA (in: hdc=0x7010567, lpchText="\x06\x06", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x06\x06", lprc=0x296d314) returned 16 [0251.729] SetRect (in: lprc=0x296d314, xLeft=224, yTop=0, xRight=256, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.729] DrawTextA (in: hdc=0x7010567, lpchText="\x07\x07", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x07\x07", lprc=0x296d314) returned 16 [0251.730] SetRect (in: lprc=0x296d314, xLeft=256, yTop=0, xRight=288, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.730] DrawTextA (in: hdc=0x7010567, lpchText="\x08\x08", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x08\x08", lprc=0x296d314) returned 16 [0251.730] SetRect (in: lprc=0x296d314, xLeft=288, yTop=0, xRight=320, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.730] DrawTextA (in: hdc=0x7010567, lpchText="\x09\x09", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x09\x09", lprc=0x296d314) returned 16 [0251.731] SetRect (in: lprc=0x296d314, xLeft=320, yTop=0, xRight=352, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.731] DrawTextA (in: hdc=0x7010567, lpchText="\n\n", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\n\n", lprc=0x296d314) returned 32 [0251.731] SetRect (in: lprc=0x296d314, xLeft=352, yTop=0, xRight=384, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.731] DrawTextA (in: hdc=0x7010567, lpchText="\x0b\x0b", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x0b\x0b", lprc=0x296d314) returned 16 [0251.732] SetRect (in: lprc=0x296d314, xLeft=384, yTop=0, xRight=416, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.732] DrawTextA (in: hdc=0x7010567, lpchText="\x0c\x0c", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x0c\x0c", lprc=0x296d314) returned 16 [0251.733] SetRect (in: lprc=0x296d314, xLeft=416, yTop=0, xRight=448, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.733] DrawTextA (in: hdc=0x7010567, lpchText="\r\r", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\r\r", lprc=0x296d314) returned 32 [0251.733] SetRect (in: lprc=0x296d314, xLeft=448, yTop=0, xRight=480, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.733] DrawTextA (in: hdc=0x7010567, lpchText="\x0e\x0e", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x0e\x0e", lprc=0x296d314) returned 16 [0251.733] SetRect (in: lprc=0x296d314, xLeft=480, yTop=0, xRight=512, yBottom=32 | out: lprc=0x296d314) returned 1 [0251.733] DrawTextA (in: hdc=0x7010567, lpchText="\x0f\x0f", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x0f\x0f", lprc=0x296d314) returned 16 [0251.734] SetRect (in: lprc=0x296d314, xLeft=0, yTop=32, xRight=32, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.734] DrawTextA (in: hdc=0x7010567, lpchText="\x10\x10", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x10\x10", lprc=0x296d314) returned 16 [0251.734] SetRect (in: lprc=0x296d314, xLeft=32, yTop=32, xRight=64, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.735] DrawTextA (in: hdc=0x7010567, lpchText="\x11\x11", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x11\x11", lprc=0x296d314) returned 16 [0251.735] SetRect (in: lprc=0x296d314, xLeft=64, yTop=32, xRight=96, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.735] DrawTextA (in: hdc=0x7010567, lpchText="\x12\x12", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x12\x12", lprc=0x296d314) returned 16 [0251.736] SetRect (in: lprc=0x296d314, xLeft=96, yTop=32, xRight=128, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.736] DrawTextA (in: hdc=0x7010567, lpchText="\x13\x13", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x13\x13", lprc=0x296d314) returned 16 [0251.736] SetRect (in: lprc=0x296d314, xLeft=128, yTop=32, xRight=160, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.736] DrawTextA (in: hdc=0x7010567, lpchText="\x14\x14", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x14\x14", lprc=0x296d314) returned 16 [0251.737] SetRect (in: lprc=0x296d314, xLeft=160, yTop=32, xRight=192, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.737] DrawTextA (in: hdc=0x7010567, lpchText="\x15\x15", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x15\x15", lprc=0x296d314) returned 16 [0251.738] SetRect (in: lprc=0x296d314, xLeft=192, yTop=32, xRight=224, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.738] DrawTextA (in: hdc=0x7010567, lpchText="\x16\x16", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x16\x16", lprc=0x296d314) returned 16 [0251.738] SetRect (in: lprc=0x296d314, xLeft=224, yTop=32, xRight=256, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.738] DrawTextA (in: hdc=0x7010567, lpchText="\x17\x17", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x17\x17", lprc=0x296d314) returned 16 [0251.739] SetRect (in: lprc=0x296d314, xLeft=256, yTop=32, xRight=288, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.739] DrawTextA (in: hdc=0x7010567, lpchText="\x18\x18", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x18\x18", lprc=0x296d314) returned 16 [0251.739] SetRect (in: lprc=0x296d314, xLeft=288, yTop=32, xRight=320, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.739] DrawTextA (in: hdc=0x7010567, lpchText="\x19\x19", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x19\x19", lprc=0x296d314) returned 16 [0251.740] SetRect (in: lprc=0x296d314, xLeft=320, yTop=32, xRight=352, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.740] DrawTextA (in: hdc=0x7010567, lpchText="\x1a\x1a", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x1a\x1a", lprc=0x296d314) returned 16 [0251.741] SetRect (in: lprc=0x296d314, xLeft=352, yTop=32, xRight=384, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.741] DrawTextA (in: hdc=0x7010567, lpchText="\x1b\x1b", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x1b\x1b", lprc=0x296d314) returned 16 [0251.741] SetRect (in: lprc=0x296d314, xLeft=384, yTop=32, xRight=416, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.741] DrawTextA (in: hdc=0x7010567, lpchText="\x1c\x1c", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x1c\x1c", lprc=0x296d314) returned 16 [0251.742] SetRect (in: lprc=0x296d314, xLeft=416, yTop=32, xRight=448, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.742] DrawTextA (in: hdc=0x7010567, lpchText="\x1d\x1d", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x1d\x1d", lprc=0x296d314) returned 16 [0251.742] SetRect (in: lprc=0x296d314, xLeft=448, yTop=32, xRight=480, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.742] DrawTextA (in: hdc=0x7010567, lpchText="\x1e\x1e", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x1e\x1e", lprc=0x296d314) returned 16 [0251.743] SetRect (in: lprc=0x296d314, xLeft=480, yTop=32, xRight=512, yBottom=64 | out: lprc=0x296d314) returned 1 [0251.743] DrawTextA (in: hdc=0x7010567, lpchText="\x1f\x1f", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x1f\x1f", lprc=0x296d314) returned 16 [0251.743] SetRect (in: lprc=0x296d314, xLeft=0, yTop=64, xRight=32, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.743] DrawTextA (in: hdc=0x7010567, lpchText=" ", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText=" ", lprc=0x296d314) returned 16 [0251.743] SetRect (in: lprc=0x296d314, xLeft=32, yTop=64, xRight=64, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.743] DrawTextA (in: hdc=0x7010567, lpchText="!!", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="!!", lprc=0x296d314) returned 16 [0251.744] SetRect (in: lprc=0x296d314, xLeft=64, yTop=64, xRight=96, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.744] DrawTextA (in: hdc=0x7010567, lpchText="\"\"", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\"\"", lprc=0x296d314) returned 16 [0251.744] SetRect (in: lprc=0x296d314, xLeft=96, yTop=64, xRight=128, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.744] DrawTextA (in: hdc=0x7010567, lpchText="##", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="##", lprc=0x296d314) returned 16 [0251.744] SetRect (in: lprc=0x296d314, xLeft=128, yTop=64, xRight=160, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.744] DrawTextA (in: hdc=0x7010567, lpchText="$$", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="$$", lprc=0x296d314) returned 16 [0251.744] SetRect (in: lprc=0x296d314, xLeft=160, yTop=64, xRight=192, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.744] DrawTextA (in: hdc=0x7010567, lpchText="%%", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="%%", lprc=0x296d314) returned 16 [0251.745] SetRect (in: lprc=0x296d314, xLeft=192, yTop=64, xRight=224, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.745] DrawTextA (in: hdc=0x7010567, lpchText="&&", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="&&", lprc=0x296d314) returned 16 [0251.745] SetRect (in: lprc=0x296d314, xLeft=224, yTop=64, xRight=256, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.745] DrawTextA (in: hdc=0x7010567, lpchText="''", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="''", lprc=0x296d314) returned 16 [0251.745] SetRect (in: lprc=0x296d314, xLeft=256, yTop=64, xRight=288, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.745] DrawTextA (in: hdc=0x7010567, lpchText="((", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="((", lprc=0x296d314) returned 16 [0251.746] SetRect (in: lprc=0x296d314, xLeft=288, yTop=64, xRight=320, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.746] DrawTextA (in: hdc=0x7010567, lpchText="))", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="))", lprc=0x296d314) returned 16 [0251.746] SetRect (in: lprc=0x296d314, xLeft=320, yTop=64, xRight=352, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.746] DrawTextA (in: hdc=0x7010567, lpchText="**", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="**", lprc=0x296d314) returned 16 [0251.746] SetRect (in: lprc=0x296d314, xLeft=352, yTop=64, xRight=384, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.746] DrawTextA (in: hdc=0x7010567, lpchText="++", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="++", lprc=0x296d314) returned 16 [0251.746] SetRect (in: lprc=0x296d314, xLeft=384, yTop=64, xRight=416, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.746] DrawTextA (in: hdc=0x7010567, lpchText=",,", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText=",,", lprc=0x296d314) returned 16 [0251.747] SetRect (in: lprc=0x296d314, xLeft=416, yTop=64, xRight=448, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.747] DrawTextA (in: hdc=0x7010567, lpchText="--", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="--", lprc=0x296d314) returned 16 [0251.747] SetRect (in: lprc=0x296d314, xLeft=448, yTop=64, xRight=480, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.747] DrawTextA (in: hdc=0x7010567, lpchText="..", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="..", lprc=0x296d314) returned 16 [0251.747] SetRect (in: lprc=0x296d314, xLeft=480, yTop=64, xRight=512, yBottom=96 | out: lprc=0x296d314) returned 1 [0251.747] DrawTextA (in: hdc=0x7010567, lpchText="//", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="//", lprc=0x296d314) returned 16 [0251.747] SetRect (in: lprc=0x296d314, xLeft=0, yTop=96, xRight=32, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.747] DrawTextA (in: hdc=0x7010567, lpchText="00", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="00", lprc=0x296d314) returned 16 [0251.748] SetRect (in: lprc=0x296d314, xLeft=32, yTop=96, xRight=64, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.748] DrawTextA (in: hdc=0x7010567, lpchText="11", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="11", lprc=0x296d314) returned 16 [0251.748] SetRect (in: lprc=0x296d314, xLeft=64, yTop=96, xRight=96, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.748] DrawTextA (in: hdc=0x7010567, lpchText="22", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="22", lprc=0x296d314) returned 16 [0251.748] SetRect (in: lprc=0x296d314, xLeft=96, yTop=96, xRight=128, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.748] DrawTextA (in: hdc=0x7010567, lpchText="33", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="33", lprc=0x296d314) returned 16 [0251.748] SetRect (in: lprc=0x296d314, xLeft=128, yTop=96, xRight=160, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.748] DrawTextA (in: hdc=0x7010567, lpchText="44", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="44", lprc=0x296d314) returned 16 [0251.749] SetRect (in: lprc=0x296d314, xLeft=160, yTop=96, xRight=192, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.749] DrawTextA (in: hdc=0x7010567, lpchText="55", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="55", lprc=0x296d314) returned 16 [0251.749] SetRect (in: lprc=0x296d314, xLeft=192, yTop=96, xRight=224, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.749] DrawTextA (in: hdc=0x7010567, lpchText="66", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="66", lprc=0x296d314) returned 16 [0251.749] SetRect (in: lprc=0x296d314, xLeft=224, yTop=96, xRight=256, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.749] DrawTextA (in: hdc=0x7010567, lpchText="77", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="77", lprc=0x296d314) returned 16 [0251.749] SetRect (in: lprc=0x296d314, xLeft=256, yTop=96, xRight=288, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.749] DrawTextA (in: hdc=0x7010567, lpchText="88", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="88", lprc=0x296d314) returned 16 [0251.750] SetRect (in: lprc=0x296d314, xLeft=288, yTop=96, xRight=320, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.750] DrawTextA (in: hdc=0x7010567, lpchText="99", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="99", lprc=0x296d314) returned 16 [0251.750] SetRect (in: lprc=0x296d314, xLeft=320, yTop=96, xRight=352, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.750] DrawTextA (in: hdc=0x7010567, lpchText="::", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="::", lprc=0x296d314) returned 16 [0251.750] SetRect (in: lprc=0x296d314, xLeft=352, yTop=96, xRight=384, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.750] DrawTextA (in: hdc=0x7010567, lpchText=";;", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText=";;", lprc=0x296d314) returned 16 [0251.750] SetRect (in: lprc=0x296d314, xLeft=384, yTop=96, xRight=416, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.750] DrawTextA (in: hdc=0x7010567, lpchText="<<", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="<<", lprc=0x296d314) returned 16 [0251.751] SetRect (in: lprc=0x296d314, xLeft=416, yTop=96, xRight=448, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.751] DrawTextA (in: hdc=0x7010567, lpchText="==", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="==", lprc=0x296d314) returned 16 [0251.751] SetRect (in: lprc=0x296d314, xLeft=448, yTop=96, xRight=480, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.751] DrawTextA (in: hdc=0x7010567, lpchText=">>", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText=">>", lprc=0x296d314) returned 16 [0251.751] SetRect (in: lprc=0x296d314, xLeft=480, yTop=96, xRight=512, yBottom=128 | out: lprc=0x296d314) returned 1 [0251.751] DrawTextA (in: hdc=0x7010567, lpchText="??", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="??", lprc=0x296d314) returned 16 [0251.751] SetRect (in: lprc=0x296d314, xLeft=0, yTop=128, xRight=32, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.751] DrawTextA (in: hdc=0x7010567, lpchText="@@", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="@@", lprc=0x296d314) returned 16 [0251.751] SetRect (in: lprc=0x296d314, xLeft=32, yTop=128, xRight=64, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.752] DrawTextA (in: hdc=0x7010567, lpchText="AA", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="AA", lprc=0x296d314) returned 16 [0251.752] SetRect (in: lprc=0x296d314, xLeft=64, yTop=128, xRight=96, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.752] DrawTextA (in: hdc=0x7010567, lpchText="BB", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="BB", lprc=0x296d314) returned 16 [0251.752] SetRect (in: lprc=0x296d314, xLeft=96, yTop=128, xRight=128, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.752] DrawTextA (in: hdc=0x7010567, lpchText="CC", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="CC", lprc=0x296d314) returned 16 [0251.752] SetRect (in: lprc=0x296d314, xLeft=128, yTop=128, xRight=160, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.752] DrawTextA (in: hdc=0x7010567, lpchText="DD", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="DD", lprc=0x296d314) returned 16 [0251.752] SetRect (in: lprc=0x296d314, xLeft=160, yTop=128, xRight=192, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.752] DrawTextA (in: hdc=0x7010567, lpchText="EE", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="EE", lprc=0x296d314) returned 16 [0251.753] SetRect (in: lprc=0x296d314, xLeft=192, yTop=128, xRight=224, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.753] DrawTextA (in: hdc=0x7010567, lpchText="FF", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="FF", lprc=0x296d314) returned 16 [0251.753] SetRect (in: lprc=0x296d314, xLeft=224, yTop=128, xRight=256, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.753] DrawTextA (in: hdc=0x7010567, lpchText="GG", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="GG", lprc=0x296d314) returned 16 [0251.753] SetRect (in: lprc=0x296d314, xLeft=256, yTop=128, xRight=288, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.753] DrawTextA (in: hdc=0x7010567, lpchText="HH", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="HH", lprc=0x296d314) returned 16 [0251.753] SetRect (in: lprc=0x296d314, xLeft=288, yTop=128, xRight=320, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.753] DrawTextA (in: hdc=0x7010567, lpchText="II", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="II", lprc=0x296d314) returned 16 [0251.753] SetRect (in: lprc=0x296d314, xLeft=320, yTop=128, xRight=352, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.753] DrawTextA (in: hdc=0x7010567, lpchText="JJ", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="JJ", lprc=0x296d314) returned 16 [0251.754] SetRect (in: lprc=0x296d314, xLeft=352, yTop=128, xRight=384, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.754] DrawTextA (in: hdc=0x7010567, lpchText="KK", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="KK", lprc=0x296d314) returned 16 [0251.754] SetRect (in: lprc=0x296d314, xLeft=384, yTop=128, xRight=416, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.754] DrawTextA (in: hdc=0x7010567, lpchText="LL", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="LL", lprc=0x296d314) returned 16 [0251.754] SetRect (in: lprc=0x296d314, xLeft=416, yTop=128, xRight=448, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.754] DrawTextA (in: hdc=0x7010567, lpchText="MM", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="MM", lprc=0x296d314) returned 16 [0251.754] SetRect (in: lprc=0x296d314, xLeft=448, yTop=128, xRight=480, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.754] DrawTextA (in: hdc=0x7010567, lpchText="NN", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="NN", lprc=0x296d314) returned 16 [0251.755] SetRect (in: lprc=0x296d314, xLeft=480, yTop=128, xRight=512, yBottom=160 | out: lprc=0x296d314) returned 1 [0251.755] DrawTextA (in: hdc=0x7010567, lpchText="OO", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="OO", lprc=0x296d314) returned 16 [0251.755] SetRect (in: lprc=0x296d314, xLeft=0, yTop=160, xRight=32, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.755] DrawTextA (in: hdc=0x7010567, lpchText="PP", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="PP", lprc=0x296d314) returned 16 [0251.755] SetRect (in: lprc=0x296d314, xLeft=32, yTop=160, xRight=64, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.755] DrawTextA (in: hdc=0x7010567, lpchText="QQ", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="QQ", lprc=0x296d314) returned 16 [0251.755] SetRect (in: lprc=0x296d314, xLeft=64, yTop=160, xRight=96, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.755] DrawTextA (in: hdc=0x7010567, lpchText="RR", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="RR", lprc=0x296d314) returned 16 [0251.755] SetRect (in: lprc=0x296d314, xLeft=96, yTop=160, xRight=128, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.755] DrawTextA (in: hdc=0x7010567, lpchText="SS", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="SS", lprc=0x296d314) returned 16 [0251.756] SetRect (in: lprc=0x296d314, xLeft=128, yTop=160, xRight=160, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.756] DrawTextA (in: hdc=0x7010567, lpchText="TT", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="TT", lprc=0x296d314) returned 16 [0251.756] SetRect (in: lprc=0x296d314, xLeft=160, yTop=160, xRight=192, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.756] DrawTextA (in: hdc=0x7010567, lpchText="UU", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="UU", lprc=0x296d314) returned 16 [0251.756] SetRect (in: lprc=0x296d314, xLeft=192, yTop=160, xRight=224, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.756] DrawTextA (in: hdc=0x7010567, lpchText="VV", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="VV", lprc=0x296d314) returned 16 [0251.756] SetRect (in: lprc=0x296d314, xLeft=224, yTop=160, xRight=256, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.756] DrawTextA (in: hdc=0x7010567, lpchText="WW", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="WW", lprc=0x296d314) returned 16 [0251.757] SetRect (in: lprc=0x296d314, xLeft=256, yTop=160, xRight=288, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.757] DrawTextA (in: hdc=0x7010567, lpchText="XX", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="XX", lprc=0x296d314) returned 16 [0251.757] SetRect (in: lprc=0x296d314, xLeft=288, yTop=160, xRight=320, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.757] DrawTextA (in: hdc=0x7010567, lpchText="YY", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="YY", lprc=0x296d314) returned 16 [0251.757] SetRect (in: lprc=0x296d314, xLeft=320, yTop=160, xRight=352, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.757] DrawTextA (in: hdc=0x7010567, lpchText="ZZ", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ZZ", lprc=0x296d314) returned 16 [0251.757] SetRect (in: lprc=0x296d314, xLeft=352, yTop=160, xRight=384, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.757] DrawTextA (in: hdc=0x7010567, lpchText="[[", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="[[", lprc=0x296d314) returned 16 [0251.757] SetRect (in: lprc=0x296d314, xLeft=384, yTop=160, xRight=416, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.757] DrawTextA (in: hdc=0x7010567, lpchText="\\\\", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\\\\", lprc=0x296d314) returned 16 [0251.758] SetRect (in: lprc=0x296d314, xLeft=416, yTop=160, xRight=448, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.758] DrawTextA (in: hdc=0x7010567, lpchText="]]", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="]]", lprc=0x296d314) returned 16 [0251.758] SetRect (in: lprc=0x296d314, xLeft=448, yTop=160, xRight=480, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.758] DrawTextA (in: hdc=0x7010567, lpchText="^^", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="^^", lprc=0x296d314) returned 16 [0251.759] SetRect (in: lprc=0x296d314, xLeft=480, yTop=160, xRight=512, yBottom=192 | out: lprc=0x296d314) returned 1 [0251.759] DrawTextA (in: hdc=0x7010567, lpchText="__", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="__", lprc=0x296d314) returned 16 [0251.759] SetRect (in: lprc=0x296d314, xLeft=0, yTop=192, xRight=32, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.759] DrawTextA (in: hdc=0x7010567, lpchText="``", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="``", lprc=0x296d314) returned 16 [0251.759] SetRect (in: lprc=0x296d314, xLeft=32, yTop=192, xRight=64, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.759] DrawTextA (in: hdc=0x7010567, lpchText="aa", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="aa", lprc=0x296d314) returned 16 [0251.759] SetRect (in: lprc=0x296d314, xLeft=64, yTop=192, xRight=96, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.759] DrawTextA (in: hdc=0x7010567, lpchText="bb", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="bb", lprc=0x296d314) returned 16 [0251.759] SetRect (in: lprc=0x296d314, xLeft=96, yTop=192, xRight=128, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.759] DrawTextA (in: hdc=0x7010567, lpchText="cc", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="cc", lprc=0x296d314) returned 16 [0251.760] SetRect (in: lprc=0x296d314, xLeft=128, yTop=192, xRight=160, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.760] DrawTextA (in: hdc=0x7010567, lpchText="dd", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="dd", lprc=0x296d314) returned 16 [0251.760] SetRect (in: lprc=0x296d314, xLeft=160, yTop=192, xRight=192, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.760] DrawTextA (in: hdc=0x7010567, lpchText="ee", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ee", lprc=0x296d314) returned 16 [0251.760] SetRect (in: lprc=0x296d314, xLeft=192, yTop=192, xRight=224, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.760] DrawTextA (in: hdc=0x7010567, lpchText="ff", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ff", lprc=0x296d314) returned 16 [0251.760] SetRect (in: lprc=0x296d314, xLeft=224, yTop=192, xRight=256, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.760] DrawTextA (in: hdc=0x7010567, lpchText="gg", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="gg", lprc=0x296d314) returned 16 [0251.761] SetRect (in: lprc=0x296d314, xLeft=256, yTop=192, xRight=288, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.761] DrawTextA (in: hdc=0x7010567, lpchText="hh", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="hh", lprc=0x296d314) returned 16 [0251.761] SetRect (in: lprc=0x296d314, xLeft=288, yTop=192, xRight=320, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.761] DrawTextA (in: hdc=0x7010567, lpchText="ii", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ii", lprc=0x296d314) returned 16 [0251.761] SetRect (in: lprc=0x296d314, xLeft=320, yTop=192, xRight=352, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.761] DrawTextA (in: hdc=0x7010567, lpchText="jj", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="jj", lprc=0x296d314) returned 16 [0251.761] SetRect (in: lprc=0x296d314, xLeft=352, yTop=192, xRight=384, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.761] DrawTextA (in: hdc=0x7010567, lpchText="kk", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="kk", lprc=0x296d314) returned 16 [0251.762] SetRect (in: lprc=0x296d314, xLeft=384, yTop=192, xRight=416, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.762] DrawTextA (in: hdc=0x7010567, lpchText="ll", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ll", lprc=0x296d314) returned 16 [0251.762] SetRect (in: lprc=0x296d314, xLeft=416, yTop=192, xRight=448, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.762] DrawTextA (in: hdc=0x7010567, lpchText="mm", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="mm", lprc=0x296d314) returned 16 [0251.762] SetRect (in: lprc=0x296d314, xLeft=448, yTop=192, xRight=480, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.762] DrawTextA (in: hdc=0x7010567, lpchText="nn", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="nn", lprc=0x296d314) returned 16 [0251.762] SetRect (in: lprc=0x296d314, xLeft=480, yTop=192, xRight=512, yBottom=224 | out: lprc=0x296d314) returned 1 [0251.762] DrawTextA (in: hdc=0x7010567, lpchText="oo", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="oo", lprc=0x296d314) returned 16 [0251.762] SetRect (in: lprc=0x296d314, xLeft=0, yTop=224, xRight=32, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.762] DrawTextA (in: hdc=0x7010567, lpchText="pp", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="pp", lprc=0x296d314) returned 16 [0251.763] SetRect (in: lprc=0x296d314, xLeft=32, yTop=224, xRight=64, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.763] DrawTextA (in: hdc=0x7010567, lpchText="qq", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="qq", lprc=0x296d314) returned 16 [0251.763] SetRect (in: lprc=0x296d314, xLeft=64, yTop=224, xRight=96, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.763] DrawTextA (in: hdc=0x7010567, lpchText="rr", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="rr", lprc=0x296d314) returned 16 [0251.763] SetRect (in: lprc=0x296d314, xLeft=96, yTop=224, xRight=128, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.763] DrawTextA (in: hdc=0x7010567, lpchText="ss", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ss", lprc=0x296d314) returned 16 [0251.763] SetRect (in: lprc=0x296d314, xLeft=128, yTop=224, xRight=160, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.763] DrawTextA (in: hdc=0x7010567, lpchText="tt", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="tt", lprc=0x296d314) returned 16 [0251.764] SetRect (in: lprc=0x296d314, xLeft=160, yTop=224, xRight=192, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.764] DrawTextA (in: hdc=0x7010567, lpchText="uu", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="uu", lprc=0x296d314) returned 16 [0251.764] SetRect (in: lprc=0x296d314, xLeft=192, yTop=224, xRight=224, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.764] DrawTextA (in: hdc=0x7010567, lpchText="vv", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="vv", lprc=0x296d314) returned 16 [0251.764] SetRect (in: lprc=0x296d314, xLeft=224, yTop=224, xRight=256, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.764] DrawTextA (in: hdc=0x7010567, lpchText="ww", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="ww", lprc=0x296d314) returned 16 [0251.764] SetRect (in: lprc=0x296d314, xLeft=256, yTop=224, xRight=288, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.764] DrawTextA (in: hdc=0x7010567, lpchText="xx", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="xx", lprc=0x296d314) returned 16 [0251.764] SetRect (in: lprc=0x296d314, xLeft=288, yTop=224, xRight=320, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.764] DrawTextA (in: hdc=0x7010567, lpchText="yy", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="yy", lprc=0x296d314) returned 16 [0251.765] SetRect (in: lprc=0x296d314, xLeft=320, yTop=224, xRight=352, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.765] DrawTextA (in: hdc=0x7010567, lpchText="zz", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="zz", lprc=0x296d314) returned 16 [0251.765] SetRect (in: lprc=0x296d314, xLeft=352, yTop=224, xRight=384, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.765] DrawTextA (in: hdc=0x7010567, lpchText="{{", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="{{", lprc=0x296d314) returned 16 [0251.765] SetRect (in: lprc=0x296d314, xLeft=384, yTop=224, xRight=416, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.765] DrawTextA (in: hdc=0x7010567, lpchText="||", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="||", lprc=0x296d314) returned 16 [0251.765] SetRect (in: lprc=0x296d314, xLeft=416, yTop=224, xRight=448, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.765] DrawTextA (in: hdc=0x7010567, lpchText="}}", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="}}", lprc=0x296d314) returned 16 [0251.766] SetRect (in: lprc=0x296d314, xLeft=448, yTop=224, xRight=480, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.766] DrawTextA (in: hdc=0x7010567, lpchText="~~", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="~~", lprc=0x296d314) returned 16 [0251.766] SetRect (in: lprc=0x296d314, xLeft=480, yTop=224, xRight=512, yBottom=256 | out: lprc=0x296d314) returned 1 [0251.766] DrawTextA (in: hdc=0x7010567, lpchText="\x7f\x7f", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x7f\x7f", lprc=0x296d314) returned 16 [0251.769] SetRect (in: lprc=0x296d314, xLeft=0, yTop=256, xRight=32, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.769] DrawTextA (in: hdc=0x7010567, lpchText="\x80\x80", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x80\x80", lprc=0x296d314) returned 16 [0251.797] SetRect (in: lprc=0x296d314, xLeft=32, yTop=256, xRight=64, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.797] DrawTextA (in: hdc=0x7010567, lpchText="\x81\x81", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x81\x81", lprc=0x296d314) returned 16 [0251.797] SetRect (in: lprc=0x296d314, xLeft=64, yTop=256, xRight=96, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.797] DrawTextA (in: hdc=0x7010567, lpchText="\x82\x82", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x82\x82", lprc=0x296d314) returned 16 [0251.797] SetRect (in: lprc=0x296d314, xLeft=96, yTop=256, xRight=128, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.797] DrawTextA (in: hdc=0x7010567, lpchText="\x83\x83", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x83\x83", lprc=0x296d314) returned 16 [0251.797] SetRect (in: lprc=0x296d314, xLeft=128, yTop=256, xRight=160, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.797] DrawTextA (in: hdc=0x7010567, lpchText="\x84\x84", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x84\x84", lprc=0x296d314) returned 16 [0251.798] SetRect (in: lprc=0x296d314, xLeft=160, yTop=256, xRight=192, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.798] DrawTextA (in: hdc=0x7010567, lpchText="\x85\x85", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x85\x85", lprc=0x296d314) returned 16 [0251.798] SetRect (in: lprc=0x296d314, xLeft=192, yTop=256, xRight=224, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.798] DrawTextA (in: hdc=0x7010567, lpchText="\x86\x86", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x86\x86", lprc=0x296d314) returned 16 [0251.798] SetRect (in: lprc=0x296d314, xLeft=224, yTop=256, xRight=256, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.798] DrawTextA (in: hdc=0x7010567, lpchText="\x87\x87", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x87\x87", lprc=0x296d314) returned 16 [0251.798] SetRect (in: lprc=0x296d314, xLeft=256, yTop=256, xRight=288, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.799] DrawTextA (in: hdc=0x7010567, lpchText="\x88\x88", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x88\x88", lprc=0x296d314) returned 16 [0251.799] SetRect (in: lprc=0x296d314, xLeft=288, yTop=256, xRight=320, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.799] DrawTextA (in: hdc=0x7010567, lpchText="\x89\x89", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x89\x89", lprc=0x296d314) returned 16 [0251.799] SetRect (in: lprc=0x296d314, xLeft=320, yTop=256, xRight=352, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.799] DrawTextA (in: hdc=0x7010567, lpchText="\x8a\x8a", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x8a\x8a", lprc=0x296d314) returned 16 [0251.799] SetRect (in: lprc=0x296d314, xLeft=352, yTop=256, xRight=384, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.799] DrawTextA (in: hdc=0x7010567, lpchText="\x8b\x8b", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x8b\x8b", lprc=0x296d314) returned 16 [0251.800] SetRect (in: lprc=0x296d314, xLeft=384, yTop=256, xRight=416, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.800] DrawTextA (in: hdc=0x7010567, lpchText="\x8c\x8c", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x8c\x8c", lprc=0x296d314) returned 16 [0251.800] SetRect (in: lprc=0x296d314, xLeft=416, yTop=256, xRight=448, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.800] DrawTextA (in: hdc=0x7010567, lpchText="\x8d\x8d", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x8d\x8d", lprc=0x296d314) returned 16 [0251.800] SetRect (in: lprc=0x296d314, xLeft=448, yTop=256, xRight=480, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.800] DrawTextA (in: hdc=0x7010567, lpchText="\x8e\x8e", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x8e\x8e", lprc=0x296d314) returned 16 [0251.800] SetRect (in: lprc=0x296d314, xLeft=480, yTop=256, xRight=512, yBottom=288 | out: lprc=0x296d314) returned 1 [0251.800] DrawTextA (in: hdc=0x7010567, lpchText="\x8f\x8f", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x8f\x8f", lprc=0x296d314) returned 16 [0251.801] SetRect (in: lprc=0x296d314, xLeft=0, yTop=288, xRight=32, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.801] DrawTextA (in: hdc=0x7010567, lpchText="\x90\x90", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x90\x90", lprc=0x296d314) returned 16 [0251.801] SetRect (in: lprc=0x296d314, xLeft=32, yTop=288, xRight=64, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.801] DrawTextA (in: hdc=0x7010567, lpchText="\x91\x91", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x91\x91", lprc=0x296d314) returned 16 [0251.801] SetRect (in: lprc=0x296d314, xLeft=64, yTop=288, xRight=96, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.801] DrawTextA (in: hdc=0x7010567, lpchText="\x92\x92", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x92\x92", lprc=0x296d314) returned 16 [0251.801] SetRect (in: lprc=0x296d314, xLeft=96, yTop=288, xRight=128, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.801] DrawTextA (in: hdc=0x7010567, lpchText="\x93\x93", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x93\x93", lprc=0x296d314) returned 16 [0251.802] SetRect (in: lprc=0x296d314, xLeft=128, yTop=288, xRight=160, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.802] DrawTextA (in: hdc=0x7010567, lpchText="\x94\x94", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x94\x94", lprc=0x296d314) returned 16 [0251.802] SetRect (in: lprc=0x296d314, xLeft=160, yTop=288, xRight=192, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.802] DrawTextA (in: hdc=0x7010567, lpchText="\x95\x95", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x95\x95", lprc=0x296d314) returned 16 [0251.802] SetRect (in: lprc=0x296d314, xLeft=192, yTop=288, xRight=224, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.802] DrawTextA (in: hdc=0x7010567, lpchText="\x96\x96", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x96\x96", lprc=0x296d314) returned 16 [0251.802] SetRect (in: lprc=0x296d314, xLeft=224, yTop=288, xRight=256, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.802] DrawTextA (in: hdc=0x7010567, lpchText="\x97\x97", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x97\x97", lprc=0x296d314) returned 16 [0251.803] SetRect (in: lprc=0x296d314, xLeft=256, yTop=288, xRight=288, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.803] DrawTextA (in: hdc=0x7010567, lpchText="\x98\x98", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x98\x98", lprc=0x296d314) returned 16 [0251.803] SetRect (in: lprc=0x296d314, xLeft=288, yTop=288, xRight=320, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.803] DrawTextA (in: hdc=0x7010567, lpchText="\x99\x99", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x99\x99", lprc=0x296d314) returned 16 [0251.803] SetRect (in: lprc=0x296d314, xLeft=320, yTop=288, xRight=352, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.803] DrawTextA (in: hdc=0x7010567, lpchText="\x9a\x9a", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x9a\x9a", lprc=0x296d314) returned 16 [0251.803] SetRect (in: lprc=0x296d314, xLeft=352, yTop=288, xRight=384, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.803] DrawTextA (in: hdc=0x7010567, lpchText="\x9b\x9b", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x9b\x9b", lprc=0x296d314) returned 16 [0251.804] SetRect (in: lprc=0x296d314, xLeft=384, yTop=288, xRight=416, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.804] DrawTextA (in: hdc=0x7010567, lpchText="\x9c\x9c", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x9c\x9c", lprc=0x296d314) returned 16 [0251.804] SetRect (in: lprc=0x296d314, xLeft=416, yTop=288, xRight=448, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.804] DrawTextA (in: hdc=0x7010567, lpchText="\x9d\x9d", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x9d\x9d", lprc=0x296d314) returned 16 [0251.804] SetRect (in: lprc=0x296d314, xLeft=448, yTop=288, xRight=480, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.804] DrawTextA (in: hdc=0x7010567, lpchText="\x9e\x9e", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x9e\x9e", lprc=0x296d314) returned 16 [0251.804] SetRect (in: lprc=0x296d314, xLeft=480, yTop=288, xRight=512, yBottom=320 | out: lprc=0x296d314) returned 1 [0251.804] DrawTextA (in: hdc=0x7010567, lpchText="\x9f\x9f", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\x9f\x9f", lprc=0x296d314) returned 16 [0251.805] SetRect (in: lprc=0x296d314, xLeft=0, yTop=320, xRight=32, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.805] DrawTextA (in: hdc=0x7010567, lpchText="\xa0\xa0", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa0\xa0", lprc=0x296d314) returned 16 [0251.805] SetRect (in: lprc=0x296d314, xLeft=32, yTop=320, xRight=64, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.805] DrawTextA (in: hdc=0x7010567, lpchText="\xa1\xa1", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa1\xa1", lprc=0x296d314) returned 16 [0251.805] SetRect (in: lprc=0x296d314, xLeft=64, yTop=320, xRight=96, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.805] DrawTextA (in: hdc=0x7010567, lpchText="\xa2\xa2", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa2\xa2", lprc=0x296d314) returned 16 [0251.806] SetRect (in: lprc=0x296d314, xLeft=96, yTop=320, xRight=128, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.806] DrawTextA (in: hdc=0x7010567, lpchText="\xa3\xa3", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa3\xa3", lprc=0x296d314) returned 16 [0251.806] SetRect (in: lprc=0x296d314, xLeft=128, yTop=320, xRight=160, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.806] DrawTextA (in: hdc=0x7010567, lpchText="\xa4\xa4", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa4\xa4", lprc=0x296d314) returned 16 [0251.806] SetRect (in: lprc=0x296d314, xLeft=160, yTop=320, xRight=192, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.806] DrawTextA (in: hdc=0x7010567, lpchText="\xa5\xa5", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa5\xa5", lprc=0x296d314) returned 16 [0251.806] SetRect (in: lprc=0x296d314, xLeft=192, yTop=320, xRight=224, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.806] DrawTextA (in: hdc=0x7010567, lpchText="\xa6\xa6", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa6\xa6", lprc=0x296d314) returned 16 [0251.807] SetRect (in: lprc=0x296d314, xLeft=224, yTop=320, xRight=256, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.807] DrawTextA (in: hdc=0x7010567, lpchText="\xa7\xa7", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa7\xa7", lprc=0x296d314) returned 16 [0251.807] SetRect (in: lprc=0x296d314, xLeft=256, yTop=320, xRight=288, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.807] DrawTextA (in: hdc=0x7010567, lpchText="\xa8\xa8", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa8\xa8", lprc=0x296d314) returned 16 [0251.807] SetRect (in: lprc=0x296d314, xLeft=288, yTop=320, xRight=320, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.807] DrawTextA (in: hdc=0x7010567, lpchText="\xa9\xa9", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xa9\xa9", lprc=0x296d314) returned 16 [0251.807] SetRect (in: lprc=0x296d314, xLeft=320, yTop=320, xRight=352, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.807] DrawTextA (in: hdc=0x7010567, lpchText="\xaa\xaa", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xaa\xaa", lprc=0x296d314) returned 16 [0251.808] SetRect (in: lprc=0x296d314, xLeft=352, yTop=320, xRight=384, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.808] DrawTextA (in: hdc=0x7010567, lpchText="\xab\xab", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xab\xab", lprc=0x296d314) returned 16 [0251.808] SetRect (in: lprc=0x296d314, xLeft=384, yTop=320, xRight=416, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.808] DrawTextA (in: hdc=0x7010567, lpchText="\xac\xac", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xac\xac", lprc=0x296d314) returned 16 [0251.808] SetRect (in: lprc=0x296d314, xLeft=416, yTop=320, xRight=448, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.808] DrawTextA (in: hdc=0x7010567, lpchText="\xad\xad", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xad\xad", lprc=0x296d314) returned 16 [0251.808] SetRect (in: lprc=0x296d314, xLeft=448, yTop=320, xRight=480, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.808] DrawTextA (in: hdc=0x7010567, lpchText="\xae\xae", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xae\xae", lprc=0x296d314) returned 16 [0251.809] SetRect (in: lprc=0x296d314, xLeft=480, yTop=320, xRight=512, yBottom=352 | out: lprc=0x296d314) returned 1 [0251.809] DrawTextA (in: hdc=0x7010567, lpchText="\xaf\xaf", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xaf\xaf", lprc=0x296d314) returned 16 [0251.809] SetRect (in: lprc=0x296d314, xLeft=0, yTop=352, xRight=32, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.809] DrawTextA (in: hdc=0x7010567, lpchText="\xb0\xb0", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb0\xb0", lprc=0x296d314) returned 16 [0251.809] SetRect (in: lprc=0x296d314, xLeft=32, yTop=352, xRight=64, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.809] DrawTextA (in: hdc=0x7010567, lpchText="\xb1\xb1", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb1\xb1", lprc=0x296d314) returned 16 [0251.809] SetRect (in: lprc=0x296d314, xLeft=64, yTop=352, xRight=96, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.809] DrawTextA (in: hdc=0x7010567, lpchText="\xb2\xb2", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb2\xb2", lprc=0x296d314) returned 16 [0251.810] SetRect (in: lprc=0x296d314, xLeft=96, yTop=352, xRight=128, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.810] DrawTextA (in: hdc=0x7010567, lpchText="\xb3\xb3", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb3\xb3", lprc=0x296d314) returned 16 [0251.810] SetRect (in: lprc=0x296d314, xLeft=128, yTop=352, xRight=160, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.810] DrawTextA (in: hdc=0x7010567, lpchText="\xb4\xb4", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb4\xb4", lprc=0x296d314) returned 16 [0251.810] SetRect (in: lprc=0x296d314, xLeft=160, yTop=352, xRight=192, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.810] DrawTextA (in: hdc=0x7010567, lpchText="\xb5\xb5", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb5\xb5", lprc=0x296d314) returned 16 [0251.810] SetRect (in: lprc=0x296d314, xLeft=192, yTop=352, xRight=224, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.810] DrawTextA (in: hdc=0x7010567, lpchText="\xb6\xb6", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb6\xb6", lprc=0x296d314) returned 16 [0251.811] SetRect (in: lprc=0x296d314, xLeft=224, yTop=352, xRight=256, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.811] DrawTextA (in: hdc=0x7010567, lpchText="\xb7\xb7", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb7\xb7", lprc=0x296d314) returned 16 [0251.811] SetRect (in: lprc=0x296d314, xLeft=256, yTop=352, xRight=288, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.811] DrawTextA (in: hdc=0x7010567, lpchText="\xb8\xb8", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb8\xb8", lprc=0x296d314) returned 16 [0251.811] SetRect (in: lprc=0x296d314, xLeft=288, yTop=352, xRight=320, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.811] DrawTextA (in: hdc=0x7010567, lpchText="\xb9\xb9", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xb9\xb9", lprc=0x296d314) returned 16 [0251.811] SetRect (in: lprc=0x296d314, xLeft=320, yTop=352, xRight=352, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.811] DrawTextA (in: hdc=0x7010567, lpchText="\xba\xba", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xba\xba", lprc=0x296d314) returned 16 [0251.812] SetRect (in: lprc=0x296d314, xLeft=352, yTop=352, xRight=384, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.812] DrawTextA (in: hdc=0x7010567, lpchText="\xbb\xbb", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xbb\xbb", lprc=0x296d314) returned 16 [0251.812] SetRect (in: lprc=0x296d314, xLeft=384, yTop=352, xRight=416, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.812] DrawTextA (in: hdc=0x7010567, lpchText="\xbc\xbc", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xbc\xbc", lprc=0x296d314) returned 16 [0251.812] SetRect (in: lprc=0x296d314, xLeft=416, yTop=352, xRight=448, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.812] DrawTextA (in: hdc=0x7010567, lpchText="\xbd\xbd", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xbd\xbd", lprc=0x296d314) returned 16 [0251.812] SetRect (in: lprc=0x296d314, xLeft=448, yTop=352, xRight=480, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.812] DrawTextA (in: hdc=0x7010567, lpchText="\xbe\xbe", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xbe\xbe", lprc=0x296d314) returned 16 [0251.813] SetRect (in: lprc=0x296d314, xLeft=480, yTop=352, xRight=512, yBottom=384 | out: lprc=0x296d314) returned 1 [0251.813] DrawTextA (in: hdc=0x7010567, lpchText="\xbf\xbf", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xbf\xbf", lprc=0x296d314) returned 16 [0251.813] SetRect (in: lprc=0x296d314, xLeft=0, yTop=384, xRight=32, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.813] DrawTextA (in: hdc=0x7010567, lpchText="\xc0\xc0", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc0\xc0", lprc=0x296d314) returned 16 [0251.813] SetRect (in: lprc=0x296d314, xLeft=32, yTop=384, xRight=64, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.813] DrawTextA (in: hdc=0x7010567, lpchText="\xc1\xc1", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc1\xc1", lprc=0x296d314) returned 16 [0251.813] SetRect (in: lprc=0x296d314, xLeft=64, yTop=384, xRight=96, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.813] DrawTextA (in: hdc=0x7010567, lpchText="\xc2\xc2", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc2\xc2", lprc=0x296d314) returned 16 [0251.814] SetRect (in: lprc=0x296d314, xLeft=96, yTop=384, xRight=128, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.814] DrawTextA (in: hdc=0x7010567, lpchText="\xc3\xc3", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc3\xc3", lprc=0x296d314) returned 16 [0251.814] SetRect (in: lprc=0x296d314, xLeft=128, yTop=384, xRight=160, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.814] DrawTextA (in: hdc=0x7010567, lpchText="\xc4\xc4", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc4\xc4", lprc=0x296d314) returned 16 [0251.814] SetRect (in: lprc=0x296d314, xLeft=160, yTop=384, xRight=192, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.814] DrawTextA (in: hdc=0x7010567, lpchText="\xc5\xc5", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc5\xc5", lprc=0x296d314) returned 16 [0251.814] SetRect (in: lprc=0x296d314, xLeft=192, yTop=384, xRight=224, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.814] DrawTextA (in: hdc=0x7010567, lpchText="\xc6\xc6", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc6\xc6", lprc=0x296d314) returned 16 [0251.815] SetRect (in: lprc=0x296d314, xLeft=224, yTop=384, xRight=256, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.815] DrawTextA (in: hdc=0x7010567, lpchText="\xc7\xc7", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc7\xc7", lprc=0x296d314) returned 16 [0251.815] SetRect (in: lprc=0x296d314, xLeft=256, yTop=384, xRight=288, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.815] DrawTextA (in: hdc=0x7010567, lpchText="\xc8\xc8", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc8\xc8", lprc=0x296d314) returned 16 [0251.815] SetRect (in: lprc=0x296d314, xLeft=288, yTop=384, xRight=320, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.815] DrawTextA (in: hdc=0x7010567, lpchText="\xc9\xc9", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xc9\xc9", lprc=0x296d314) returned 16 [0251.815] SetRect (in: lprc=0x296d314, xLeft=320, yTop=384, xRight=352, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.815] DrawTextA (in: hdc=0x7010567, lpchText="\xca\xca", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xca\xca", lprc=0x296d314) returned 16 [0251.816] SetRect (in: lprc=0x296d314, xLeft=352, yTop=384, xRight=384, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.816] DrawTextA (in: hdc=0x7010567, lpchText="\xcb\xcb", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xcb\xcb", lprc=0x296d314) returned 16 [0251.816] SetRect (in: lprc=0x296d314, xLeft=384, yTop=384, xRight=416, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.816] DrawTextA (in: hdc=0x7010567, lpchText="\xcc\xcc", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xcc\xcc", lprc=0x296d314) returned 16 [0251.816] SetRect (in: lprc=0x296d314, xLeft=416, yTop=384, xRight=448, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.816] DrawTextA (in: hdc=0x7010567, lpchText="\xcd\xcd", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xcd\xcd", lprc=0x296d314) returned 16 [0251.816] SetRect (in: lprc=0x296d314, xLeft=448, yTop=384, xRight=480, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.816] DrawTextA (in: hdc=0x7010567, lpchText="\xce\xce", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xce\xce", lprc=0x296d314) returned 16 [0251.817] SetRect (in: lprc=0x296d314, xLeft=480, yTop=384, xRight=512, yBottom=416 | out: lprc=0x296d314) returned 1 [0251.817] DrawTextA (in: hdc=0x7010567, lpchText="\xcf\xcf", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xcf\xcf", lprc=0x296d314) returned 16 [0251.817] SetRect (in: lprc=0x296d314, xLeft=0, yTop=416, xRight=32, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.817] DrawTextA (in: hdc=0x7010567, lpchText="\xd0\xd0", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd0\xd0", lprc=0x296d314) returned 16 [0251.818] SetRect (in: lprc=0x296d314, xLeft=32, yTop=416, xRight=64, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.818] DrawTextA (in: hdc=0x7010567, lpchText="\xd1\xd1", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd1\xd1", lprc=0x296d314) returned 16 [0251.818] SetRect (in: lprc=0x296d314, xLeft=64, yTop=416, xRight=96, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.818] DrawTextA (in: hdc=0x7010567, lpchText="\xd2\xd2", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd2\xd2", lprc=0x296d314) returned 16 [0251.818] SetRect (in: lprc=0x296d314, xLeft=96, yTop=416, xRight=128, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.818] DrawTextA (in: hdc=0x7010567, lpchText="\xd3\xd3", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd3\xd3", lprc=0x296d314) returned 16 [0251.818] SetRect (in: lprc=0x296d314, xLeft=128, yTop=416, xRight=160, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.818] DrawTextA (in: hdc=0x7010567, lpchText="\xd4\xd4", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd4\xd4", lprc=0x296d314) returned 16 [0251.819] SetRect (in: lprc=0x296d314, xLeft=160, yTop=416, xRight=192, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.819] DrawTextA (in: hdc=0x7010567, lpchText="\xd5\xd5", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd5\xd5", lprc=0x296d314) returned 16 [0251.819] SetRect (in: lprc=0x296d314, xLeft=192, yTop=416, xRight=224, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.819] DrawTextA (in: hdc=0x7010567, lpchText="\xd6\xd6", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd6\xd6", lprc=0x296d314) returned 16 [0251.819] SetRect (in: lprc=0x296d314, xLeft=224, yTop=416, xRight=256, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.819] DrawTextA (in: hdc=0x7010567, lpchText="\xd7\xd7", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd7\xd7", lprc=0x296d314) returned 16 [0251.819] SetRect (in: lprc=0x296d314, xLeft=256, yTop=416, xRight=288, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.819] DrawTextA (in: hdc=0x7010567, lpchText="\xd8\xd8", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd8\xd8", lprc=0x296d314) returned 16 [0251.820] SetRect (in: lprc=0x296d314, xLeft=288, yTop=416, xRight=320, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.820] DrawTextA (in: hdc=0x7010567, lpchText="\xd9\xd9", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xd9\xd9", lprc=0x296d314) returned 16 [0251.820] SetRect (in: lprc=0x296d314, xLeft=320, yTop=416, xRight=352, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.820] DrawTextA (in: hdc=0x7010567, lpchText="\xda\xda", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xda\xda", lprc=0x296d314) returned 16 [0251.820] SetRect (in: lprc=0x296d314, xLeft=352, yTop=416, xRight=384, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.820] DrawTextA (in: hdc=0x7010567, lpchText="\xdb\xdb", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xdb\xdb", lprc=0x296d314) returned 16 [0251.821] SetRect (in: lprc=0x296d314, xLeft=384, yTop=416, xRight=416, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.821] DrawTextA (in: hdc=0x7010567, lpchText="\xdc\xdc", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xdc\xdc", lprc=0x296d314) returned 16 [0251.821] SetRect (in: lprc=0x296d314, xLeft=416, yTop=416, xRight=448, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.821] DrawTextA (in: hdc=0x7010567, lpchText="\xdd\xdd", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xdd\xdd", lprc=0x296d314) returned 16 [0251.822] SetRect (in: lprc=0x296d314, xLeft=448, yTop=416, xRight=480, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.822] DrawTextA (in: hdc=0x7010567, lpchText="\xde\xde", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xde\xde", lprc=0x296d314) returned 16 [0251.822] SetRect (in: lprc=0x296d314, xLeft=480, yTop=416, xRight=512, yBottom=448 | out: lprc=0x296d314) returned 1 [0251.822] DrawTextA (in: hdc=0x7010567, lpchText="\xdf\xdf", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xdf\xdf", lprc=0x296d314) returned 16 [0251.822] SetRect (in: lprc=0x296d314, xLeft=0, yTop=448, xRight=32, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.822] DrawTextA (in: hdc=0x7010567, lpchText="\xe0\xe0", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe0\xe0", lprc=0x296d314) returned 16 [0251.822] SetRect (in: lprc=0x296d314, xLeft=32, yTop=448, xRight=64, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.822] DrawTextA (in: hdc=0x7010567, lpchText="\xe1\xe1", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe1\xe1", lprc=0x296d314) returned 16 [0251.823] SetRect (in: lprc=0x296d314, xLeft=64, yTop=448, xRight=96, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.823] DrawTextA (in: hdc=0x7010567, lpchText="\xe2\xe2", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe2\xe2", lprc=0x296d314) returned 16 [0251.823] SetRect (in: lprc=0x296d314, xLeft=96, yTop=448, xRight=128, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.823] DrawTextA (in: hdc=0x7010567, lpchText="\xe3\xe3", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe3\xe3", lprc=0x296d314) returned 16 [0251.823] SetRect (in: lprc=0x296d314, xLeft=128, yTop=448, xRight=160, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.823] DrawTextA (in: hdc=0x7010567, lpchText="\xe4\xe4", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe4\xe4", lprc=0x296d314) returned 16 [0251.823] SetRect (in: lprc=0x296d314, xLeft=160, yTop=448, xRight=192, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.823] DrawTextA (in: hdc=0x7010567, lpchText="\xe5\xe5", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe5\xe5", lprc=0x296d314) returned 16 [0251.824] SetRect (in: lprc=0x296d314, xLeft=192, yTop=448, xRight=224, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.824] DrawTextA (in: hdc=0x7010567, lpchText="\xe6\xe6", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe6\xe6", lprc=0x296d314) returned 16 [0251.824] SetRect (in: lprc=0x296d314, xLeft=224, yTop=448, xRight=256, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.824] DrawTextA (in: hdc=0x7010567, lpchText="\xe7\xe7", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe7\xe7", lprc=0x296d314) returned 16 [0251.824] SetRect (in: lprc=0x296d314, xLeft=256, yTop=448, xRight=288, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.824] DrawTextA (in: hdc=0x7010567, lpchText="\xe8\xe8", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe8\xe8", lprc=0x296d314) returned 16 [0251.825] SetRect (in: lprc=0x296d314, xLeft=288, yTop=448, xRight=320, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.825] DrawTextA (in: hdc=0x7010567, lpchText="\xe9\xe9", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xe9\xe9", lprc=0x296d314) returned 16 [0251.825] SetRect (in: lprc=0x296d314, xLeft=320, yTop=448, xRight=352, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.825] DrawTextA (in: hdc=0x7010567, lpchText="\xea\xea", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xea\xea", lprc=0x296d314) returned 16 [0251.825] SetRect (in: lprc=0x296d314, xLeft=352, yTop=448, xRight=384, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.825] DrawTextA (in: hdc=0x7010567, lpchText="\xeb\xeb", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xeb\xeb", lprc=0x296d314) returned 16 [0251.825] SetRect (in: lprc=0x296d314, xLeft=384, yTop=448, xRight=416, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.825] DrawTextA (in: hdc=0x7010567, lpchText="\xec\xec", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xec\xec", lprc=0x296d314) returned 16 [0251.826] SetRect (in: lprc=0x296d314, xLeft=416, yTop=448, xRight=448, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.826] DrawTextA (in: hdc=0x7010567, lpchText="\xed\xed", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xed\xed", lprc=0x296d314) returned 16 [0251.826] SetRect (in: lprc=0x296d314, xLeft=448, yTop=448, xRight=480, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.826] DrawTextA (in: hdc=0x7010567, lpchText="\xee\xee", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xee\xee", lprc=0x296d314) returned 16 [0251.826] SetRect (in: lprc=0x296d314, xLeft=480, yTop=448, xRight=512, yBottom=480 | out: lprc=0x296d314) returned 1 [0251.826] DrawTextA (in: hdc=0x7010567, lpchText="\xef\xef", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xef\xef", lprc=0x296d314) returned 16 [0251.826] SetRect (in: lprc=0x296d314, xLeft=0, yTop=480, xRight=32, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.826] DrawTextA (in: hdc=0x7010567, lpchText="\xf0\xf0", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf0\xf0", lprc=0x296d314) returned 16 [0251.827] SetRect (in: lprc=0x296d314, xLeft=32, yTop=480, xRight=64, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.827] DrawTextA (in: hdc=0x7010567, lpchText="\xf1\xf1", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf1\xf1", lprc=0x296d314) returned 16 [0251.827] SetRect (in: lprc=0x296d314, xLeft=64, yTop=480, xRight=96, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.827] DrawTextA (in: hdc=0x7010567, lpchText="\xf2\xf2", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf2\xf2", lprc=0x296d314) returned 16 [0251.827] SetRect (in: lprc=0x296d314, xLeft=96, yTop=480, xRight=128, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.827] DrawTextA (in: hdc=0x7010567, lpchText="\xf3\xf3", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf3\xf3", lprc=0x296d314) returned 16 [0251.827] SetRect (in: lprc=0x296d314, xLeft=128, yTop=480, xRight=160, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.827] DrawTextA (in: hdc=0x7010567, lpchText="\xf4\xf4", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf4\xf4", lprc=0x296d314) returned 16 [0251.828] SetRect (in: lprc=0x296d314, xLeft=160, yTop=480, xRight=192, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.828] DrawTextA (in: hdc=0x7010567, lpchText="\xf5\xf5", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf5\xf5", lprc=0x296d314) returned 16 [0251.828] SetRect (in: lprc=0x296d314, xLeft=192, yTop=480, xRight=224, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.828] DrawTextA (in: hdc=0x7010567, lpchText="\xf6\xf6", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf6\xf6", lprc=0x296d314) returned 16 [0251.828] SetRect (in: lprc=0x296d314, xLeft=224, yTop=480, xRight=256, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.828] DrawTextA (in: hdc=0x7010567, lpchText="\xf7\xf7", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf7\xf7", lprc=0x296d314) returned 16 [0251.828] SetRect (in: lprc=0x296d314, xLeft=256, yTop=480, xRight=288, yBottom=512 | out: lprc=0x296d314) returned 1 [0251.828] DrawTextA (in: hdc=0x7010567, lpchText="\xf8\xf8", cchText=1, lprc=0x296d314, format=0x5 | out: lpchText="\xf8\xf8", lprc=0x296d314) returned 16 [0251.831] DeleteObject (ho=0x0) returned 0 [0251.831] DeleteDC (hdc=0x7010567) returned 1 [0251.831] ReleaseDC (hWnd=0x0, hDC=0x10105d9) returned 1 [0251.831] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x296cbe0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1 [0251.831] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x296cbe0, cbMultiByte=-1, lpWideCharStr=0x1f31cc, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0251.831] CoInitialize (pvReserved=0x0) returned 0x0 [0251.833] CLSIDFromProgID (in: lpszProgID="WinHttp.WinHttpRequest.5.1", lpclsid=0x296cb90 | out: lpclsid=0x296cb90*(Data1=0x2087c2f4, Data2=0x2cef, Data3=0x4953, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x77, [4]=0x9b, [5]=0x67, [6]=0x4, [7]=0x95))) returned 0x0 [0251.843] CoCreateInstance (in: rclsid=0x296cb90*(Data1=0x2087c2f4, Data2=0x2cef, Data3=0x4953, Data4=([0]=0xa8, [1]=0xab, [2]=0x66, [3]=0x77, [4]=0x9b, [5]=0x67, [6]=0x4, [7]=0x95)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x296cbd0*(Data1=0x6f29373, Data2=0x5c5a, Data3=0x4b54, Data4=([0]=0xb0, [1]=0x25, [2]=0x6e, [3]=0xf1, [4]=0xbf, [5]=0x8a, [6]=0xbf, [7]=0xe)), ppv=0x296cba4 | out: ppv=0x296cba4*=0x202ae8) returned 0x0 [0251.870] GetLastError () returned 0x0 [0251.870] SetLastError (dwErrCode=0x0) [0251.871] GetLastError () returned 0x0 [0251.871] SetLastError (dwErrCode=0x0) [0251.871] GetLastError () returned 0x0 [0251.871] SetLastError (dwErrCode=0x0) [0251.871] GetLastError () returned 0x0 [0251.871] SetLastError (dwErrCode=0x0) [0251.871] CoUninitialize () [0251.875] CryptAcquireContextA (in: phProv=0x296b778, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x296b778*=0x202bf0) returned 1 [0252.132] CryptGenRandom (in: hProv=0x202bf0, dwLen=0x800, pbBuffer=0x296b7c0 | out: pbBuffer=0x296b7c0) returned 1 [0252.132] GetTextExtentPoint32A (in: hdc=0x0, lpString=0x0, c=43447351, psizl=0x296b744 | out: psizl=0x296b744) returned 0 [0252.132] glViewport () returned 0x0 [0252.132] glMatrixMode () returned 0x0 [0252.132] glLoadIdentity () returned 0x0 [0252.132] glOrtho () returned 0x0 [0252.133] gluLookAt () returned 0x0 [0252.133] glMatrixMode () returned 0x0 [0252.133] GetDC (hWnd=0x0) returned 0x501052a [0252.134] glViewport () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] glLoadIdentity () returned 0x0 [0252.134] glOrtho () returned 0x0 [0252.134] gluLookAt () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] GetDC (hWnd=0x0) returned 0x10105d9 [0252.134] glViewport () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] glLoadIdentity () returned 0x0 [0252.134] glOrtho () returned 0x0 [0252.134] gluLookAt () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] GetDC (hWnd=0x0) returned 0x8010567 [0252.134] glViewport () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] glLoadIdentity () returned 0x0 [0252.134] glOrtho () returned 0x0 [0252.134] gluLookAt () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] GetDC (hWnd=0x0) returned 0xa6010556 [0252.134] glViewport () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] glLoadIdentity () returned 0x0 [0252.134] glOrtho () returned 0x0 [0252.134] gluLookAt () returned 0x0 [0252.134] glMatrixMode () returned 0x0 [0252.134] GetDC (hWnd=0x0) returned 0x56010528 [0252.135] glViewport () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] glLoadIdentity () returned 0x0 [0252.135] glOrtho () returned 0x0 [0252.135] gluLookAt () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] GetDC (hWnd=0x0) returned 0xa010559 [0252.135] glViewport () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] glLoadIdentity () returned 0x0 [0252.135] glOrtho () returned 0x0 [0252.135] gluLookAt () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] GetDC (hWnd=0x0) returned 0x9010570 [0252.135] glViewport () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] glLoadIdentity () returned 0x0 [0252.135] glOrtho () returned 0x0 [0252.135] gluLookAt () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] GetDC (hWnd=0x0) returned 0x701056b [0252.135] glViewport () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] glLoadIdentity () returned 0x0 [0252.135] glOrtho () returned 0x0 [0252.135] gluLookAt () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.135] GetDC (hWnd=0x0) returned 0x12010544 [0252.135] glViewport () returned 0x0 [0252.135] glMatrixMode () returned 0x0 [0252.136] glLoadIdentity () returned 0x0 [0252.136] glOrtho () returned 0x0 [0252.136] gluLookAt () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] GetDC (hWnd=0x0) returned 0x601056a [0252.136] glViewport () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] glLoadIdentity () returned 0x0 [0252.136] glOrtho () returned 0x0 [0252.136] gluLookAt () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] GetDC (hWnd=0x0) returned 0x1501056d [0252.136] glViewport () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] glLoadIdentity () returned 0x0 [0252.136] glOrtho () returned 0x0 [0252.136] gluLookAt () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] GetDC (hWnd=0x0) returned 0xb010545 [0252.136] glViewport () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] glLoadIdentity () returned 0x0 [0252.136] glOrtho () returned 0x0 [0252.136] gluLookAt () returned 0x0 [0252.136] glMatrixMode () returned 0x0 [0252.136] GetDC (hWnd=0x0) returned 0xb010549 [0252.137] FindFirstFileA (in: lpFileName="", lpFindFileData=0x296b5f8 | out: lpFindFileData=0x296b5f8) returned 0xffffffff [0252.137] CryptGenKey (in: hProv=0x202bf0, Algid=0x6801, dwFlags=0x0, phKey=0x296bff8 | out: phKey=0x296bff8*=0x210520) returned 1 [0252.139] GetDeviceCaps (hdc=0xb010549, index=8) returned 1440 [0252.139] SelectObject (hdc=0x0, h=0x79e) returned 0x0 [0252.139] CryptReleaseContext (hProv=0x202bf0, dwFlags=0x0) returned 1 [0252.139] GetDeviceCaps (hdc=0xb010549, index=10) returned 900 [0252.139] GetLastError () returned 0x6 [0252.140] SetLastError (dwErrCode=0x6) [0252.140] VirtualAlloc (lpAddress=0x0, dwSize=0x7000, flAllocationType=0x3000, flProtect=0x40) returned 0x2370000 [0252.144] GetStockObject (i=0) returned 0x1900010 [0252.144] RegisterClassA (lpWndClass=0x29695c8) returned 0x0 [0252.144] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0252.145] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0252.145] waveOutOpen (in: phwo=0x296917c, uDeviceID=0xffffffff, pwfx=0x2969148, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x296917c) returned 0x0 [0253.668] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2969134 | out: ppv=0x2969134*=0x2527a8) returned 0x0 [0253.670] waveOutOpen (in: phwo=0x296912c, uDeviceID=0xffffffff, pwfx=0x29690f4, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x296912c) returned 0x0 [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.683] SetLastError (dwErrCode=0x0) [0253.683] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.684] GetLastError () returned 0x0 [0253.684] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.685] SetLastError (dwErrCode=0x0) [0253.685] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.686] GetLastError () returned 0x0 [0253.686] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.687] SetLastError (dwErrCode=0x0) [0253.687] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.688] SetLastError (dwErrCode=0x0) [0253.688] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.689] SetLastError (dwErrCode=0x0) [0253.689] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.690] SetLastError (dwErrCode=0x0) [0253.690] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.691] SetLastError (dwErrCode=0x0) [0253.691] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.692] GetLastError () returned 0x0 [0253.692] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.693] SetLastError (dwErrCode=0x0) [0253.693] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.694] SetLastError (dwErrCode=0x0) [0253.694] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.695] GetLastError () returned 0x0 [0253.695] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.696] SetLastError (dwErrCode=0x0) [0253.696] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.697] SetLastError (dwErrCode=0x0) [0253.697] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.698] GetLastError () returned 0x0 [0253.698] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.699] SetLastError (dwErrCode=0x0) [0253.699] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.700] SetLastError (dwErrCode=0x0) [0253.700] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] GetLastError () returned 0x0 [0253.701] SetLastError (dwErrCode=0x0) [0253.701] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29680e0 | out: ppv=0x29680e0*=0x2527a8) returned 0x0 [0253.701] glColor3f () returned 0x0 [0253.701] glBegin () returned 0x0 [0253.702] glVertex3f () returned 0x0 [0253.702] glVertex3f () returned 0x0 [0253.702] glVertex3f () returned 0x0 [0253.702] glEnd () returned 0x0 [0253.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29609fc | out: lpSystemTimeAsFileTime=0x29609fc*(dwLowDateTime=0x93c8168d, dwHighDateTime=0x1d4716d)) [0253.702] GetLastError () returned 0x36b7 [0253.702] SetLastError (dwErrCode=0x36b7) [0253.702] glClearColor () returned 0x0 [0253.702] glColor3f () returned 0x0 [0253.702] glPointSize () returned 0x0 [0253.702] CoInitialize (pvReserved=0x0) returned 0x0 [0253.704] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x296761c | out: ppv=0x296761c*=0x202164) returned 0x0 [0253.758] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x202164, retval=0x2967618 | out: retval=0x2967618*="") returned 0x80070534 [0253.766] GetClientRect (in: hWnd=0x0, lpRect=0x2966d64 | out: lpRect=0x2966d64) returned 0 [0253.766] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0253.766] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0253.766] GetSysColorBrush (nIndex=5) returned 0x110007b [0253.766] RegisterClassExA (param_1=0x2966d28) returned 0xc06c [0253.766] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2966c00 | out: ppv=0x2966c00*=0x2527a8) returned 0x0 [0253.767] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0253.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0253.767] GetSysColorBrush (nIndex=5) returned 0x110007b [0253.767] RegisterClassExA (param_1=0x2966bcc) returned 0x0 [0253.767] waveOutOpen (in: phwo=0x2966bc0, uDeviceID=0xffffffff, pwfx=0x2966b88, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x2966bc0) returned 0x0 [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.779] GetLastError () returned 0x0 [0253.779] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.780] SetLastError (dwErrCode=0x0) [0253.780] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.782] SetLastError (dwErrCode=0x0) [0253.782] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.784] GetLastError () returned 0x0 [0253.784] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.785] GetLastError () returned 0x0 [0253.785] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.786] SetLastError (dwErrCode=0x0) [0253.786] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.787] SetLastError (dwErrCode=0x0) [0253.787] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.788] SetLastError (dwErrCode=0x0) [0253.788] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.789] GetLastError () returned 0x0 [0253.789] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.790] SetLastError (dwErrCode=0x0) [0253.790] GetLastError () returned 0x0 [0253.791] SetLastError (dwErrCode=0x0) [0253.791] GetLastError () returned 0x0 [0253.791] SetLastError (dwErrCode=0x0) [0253.791] GetLastError () returned 0x0 [0253.791] SetLastError (dwErrCode=0x0) [0253.791] GetLastError () returned 0x0 [0253.791] SetLastError (dwErrCode=0x0) [0253.791] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0253.791] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0253.791] GetStockObject (i=0) returned 0x1900010 [0253.791] RegisterClassA (lpWndClass=0x2965b58) returned 0xc05c [0253.791] FileTimeToLocalFileTime (in: lpFileTime=0x2965b28, lpLocalFileTime=0x2965b28 | out: lpLocalFileTime=0x2965b28) returned 1 [0253.791] FileTimeToSystemTime (in: lpFileTime=0x2965b28, lpSystemTime=0x2965b14 | out: lpSystemTime=0x2965b14) returned 1 [0253.791] OpenEventLogA (lpUNCServerName=0x0, lpSourceName="") returned 0x0 [0253.791] GetOldestEventLogRecord (in: hEventLog=0x0, OldestRecord=0x2965b08 | out: OldestRecord=0x2965b08) returned 0 [0253.792] GetNumberOfEventLogRecords (in: hEventLog=0x0, NumberOfRecords=0x29658f4 | out: NumberOfRecords=0x29658f4) returned 0 [0253.792] GetDC (hWnd=0x0) returned 0x9010678 [0253.792] SelectObject (hdc=0x9010678, h=0x79e) returned 0x0 [0253.792] wsprintfA (in: param_1=0x29658ac, param_2="\x9e\x07" | out: param_1="\x9e\x07") returned 2 [0253.792] SelectObject (hdc=0x9010678, h=0x0) returned 0x0 [0253.792] ReleaseDC (hWnd=0x0, hDC=0x9010678) returned 1 [0253.792] CoInitialize (pvReserved=0x0) returned 0x1 [0253.792] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x2965658 | out: ppv=0x2965658*=0x1dab74) returned 0x0 [0253.792] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x1dab74, retval=0x2965654 | out: retval=0x2965654*="") returned 0x80070534 [0253.795] ADsGetObject (lpszPathName="", riid=0x453dc4*(Data1=0xfd8256d0, Data2=0xfd15, Data3=0x11ce, Data4=([0]=0xab, [1]=0xc4, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x9e, [6]=0x75, [7]=0x53)), ppObject=0x296567c) returned 0x80004005 [0253.797] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627d4) returned 0x1805069d [0253.797] CreatePatternBrush (hbm=0x1805069d) returned 0x8100679 [0253.797] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0253.797] SelectObject (hdc=0x79e, h=0x8100679) returned 0x0 [0253.797] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0253.797] glEnable () returned 0x0 [0253.797] glShadeModel () returned 0x0 [0253.797] glEnable () returned 0x0 [0253.797] glEnable () returned 0x0 [0253.797] glEnable () returned 0x0 [0253.797] glLightfv () returned 0x0 [0253.797] glLightfv () returned 0x0 [0253.797] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2965200 | out: ppv=0x2965200*=0x2527a8) returned 0x0 [0253.798] waveOutOpen (in: phwo=0x296517c, uDeviceID=0xffffffff, pwfx=0x2965148, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x296517c) returned 0x0 [0253.810] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2965134 | out: ppv=0x2965134*=0x2527a8) returned 0x0 [0253.811] GetDC (hWnd=0x0) returned 0x9010678 [0253.811] SelectObject (hdc=0x9010678, h=0x79e) returned 0x0 [0253.811] wsprintfA (in: param_1=0x29650f8, param_2="\x9e\x07" | out: param_1="\x9e\x07") returned 2 [0253.811] SelectObject (hdc=0x9010678, h=0x0) returned 0x0 [0253.811] ReleaseDC (hWnd=0x0, hDC=0x9010678) returned 1 [0253.811] glEnable () returned 0x0 [0253.811] glShadeModel () returned 0x0 [0253.811] glEnable () returned 0x0 [0253.811] glEnable () returned 0x0 [0253.811] glEnable () returned 0x0 [0253.811] glLightfv () returned 0x0 [0253.811] glLightfv () returned 0x0 [0253.818] waveInOpen (in: phwi=0x2964fd0, uDeviceID=0xffffffff, pwfx=0x2964f9c, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x2964fd0) returned 0x0 [0253.865] waveInPrepareHeader (in: hwi=0x21f1c0, pwh=0x2964fb0, cbwh=0x20 | out: pwh=0x2964fb0) returned 0x0 [0253.866] waveInAddBuffer (in: hwi=0x21f1c0, pwh=0x2964fb0, cbwh=0x20 | out: pwh=0x2964fb0) returned 0x0 [0253.866] glClear () returned 0x0 [0253.867] waveOutOpen (in: phwo=0x2964f10, uDeviceID=0xffffffff, pwfx=0x2964ed8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x2964f10) returned 0x0 [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.881] GetLastError () returned 0x0 [0253.881] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.882] GetLastError () returned 0x0 [0253.882] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.883] SetLastError (dwErrCode=0x0) [0253.883] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.884] SetLastError (dwErrCode=0x0) [0253.884] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.885] SetLastError (dwErrCode=0x0) [0253.885] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.886] GetLastError () returned 0x0 [0253.886] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.887] GetLastError () returned 0x0 [0253.887] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.888] GetLastError () returned 0x0 [0253.888] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.889] GetLastError () returned 0x0 [0253.889] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.890] SetLastError (dwErrCode=0x0) [0253.890] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.891] SetLastError (dwErrCode=0x0) [0253.891] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.892] GetLastError () returned 0x0 [0253.892] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.893] SetLastError (dwErrCode=0x0) [0253.893] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.894] GetLastError () returned 0x0 [0253.894] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] GetLastError () returned 0x0 [0253.895] SetLastError (dwErrCode=0x0) [0253.895] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2963ec0 | out: ppv=0x2963ec0*=0x2527a8) returned 0x0 [0253.896] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0253.896] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0253.896] GetStockObject (i=0) returned 0x1900010 [0253.896] RegisterClassA (lpWndClass=0x2963db0) returned 0x0 [0253.896] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627e4) returned 0xb050548 [0253.896] CreatePatternBrush (hbm=0xb050548) returned 0x310054b [0253.896] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0253.896] SelectObject (hdc=0x79e, h=0x310054b) returned 0x0 [0253.896] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0253.896] FileTimeToLocalFileTime (in: lpFileTime=0x2963668, lpLocalFileTime=0x2963668 | out: lpLocalFileTime=0x2963668) returned 1 [0253.896] FileTimeToSystemTime (in: lpFileTime=0x2963668, lpSystemTime=0x2963654 | out: lpSystemTime=0x2963654) returned 1 [0253.896] CoInitialize (pvReserved=0x0) returned 0x1 [0253.896] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x2963404 | out: ppv=0x2963404*=0x22049c) returned 0x0 [0253.897] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x22049c, retval=0x2963400 | out: retval=0x2963400*="") returned 0x80070534 [0253.899] GetAsyncKeyState (vKey=39) returned 0 [0253.899] waveOutOpen (in: phwo=0x296321c, uDeviceID=0xffffffff, pwfx=0x29631e8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x296321c) returned 0x0 [0253.916] GetAsyncKeyState (vKey=39) returned 0 [0253.916] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x4627f4) returned 0x505054e [0253.916] CreatePatternBrush (hbm=0x505054e) returned 0xc100572 [0253.916] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0253.916] SelectObject (hdc=0x79e, h=0xc100572) returned 0x0 [0253.916] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0253.924] waveInOpen (in: phwi=0x2962df4, uDeviceID=0xffffffff, pwfx=0x2962dc0, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x2962df4) returned 0x0 [0253.933] waveInPrepareHeader (in: hwi=0x21f620, pwh=0x2962dd4, cbwh=0x20 | out: pwh=0x2962dd4) returned 0x0 [0253.934] waveInAddBuffer (in: hwi=0x21f620, pwh=0x2962dd4, cbwh=0x20 | out: pwh=0x2962dd4) returned 0x0 [0253.934] OpenEventLogA (lpUNCServerName=0x0, lpSourceName="") returned 0x0 [0253.934] GetOldestEventLogRecord (in: hEventLog=0x0, OldestRecord=0x2962db4 | out: OldestRecord=0x2962db4) returned 0 [0253.934] GetNumberOfEventLogRecords (in: hEventLog=0x0, NumberOfRecords=0x2962b9c | out: NumberOfRecords=0x2962b9c) returned 0 [0253.935] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x2962b7c | out: ppv=0x2962b7c*=0x2527a8) returned 0x0 [0253.935] glEnable () returned 0x0 [0253.935] glShadeModel () returned 0x0 [0253.935] glEnable () returned 0x0 [0253.935] glEnable () returned 0x0 [0253.935] glEnable () returned 0x0 [0253.935] glLightfv () returned 0x0 [0253.935] glLightfv () returned 0x0 [0253.935] GetStockObject (i=0) returned 0x1900010 [0253.935] RegisterClassA (lpWndClass=0x2962ae0) returned 0xc153 [0253.935] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0253.935] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0253.935] waveOutOpen (in: phwo=0x2962974, uDeviceID=0xffffffff, pwfx=0x2962940, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x0 | out: phwo=0x2962974) returned 0x0 [0253.948] CoInitialize (pvReserved=0x0) returned 0x1 [0253.948] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x296272c | out: ppv=0x296272c*=0x2202e4) returned 0x0 [0253.948] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x2202e4, retval=0x2962728 | out: retval=0x2962728*="") returned 0x80070534 [0253.948] glClear () returned 0x0 [0253.949] CoInitialize (pvReserved=0x0) returned 0x1 [0253.949] CoCreateInstance (in: rclsid=0x453ed4*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x453ec4*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x29623b4 | out: ppv=0x29623b4*=0x2206a4) returned 0x0 [0253.949] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x2206a4, retval=0x29623b0 | out: retval=0x29623b0*="") returned 0x80070534 [0253.951] glColor3f () returned 0x0 [0253.951] glBegin () returned 0x0 [0253.951] glVertex3f () returned 0x0 [0253.951] glVertex3f () returned 0x0 [0253.951] glVertex3f () returned 0x0 [0253.951] glEnd () returned 0x0 [0253.951] GetDlgItem (hDlg=0x0, nIDDlgItem=0) returned 0x0 [0253.951] GetClientRect (in: hWnd=0x0, lpRect=0x2962330 | out: lpRect=0x2962330) returned 0 [0253.951] GetSystemMetrics (nIndex=52) returned 22 [0253.951] GetSystemMetrics (nIndex=53) returned 22 [0253.951] CoCreateInstance (in: rclsid=0x45c33c*(Data1=0xbcde0395, Data2=0xe52f, Data3=0x467c, Data4=([0]=0x8e, [1]=0x3d, [2]=0xc4, [3]=0x57, [4]=0x92, [5]=0x91, [6]=0x69, [7]=0x2e)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x45c34c*(Data1=0xa95664d2, Data2=0x9614, Data3=0x4f35, Data4=([0]=0xa7, [1]=0x46, [2]=0xde, [3]=0x8d, [4]=0xb6, [5]=0x36, [6]=0x17, [7]=0xe6)), ppv=0x29620f0 | out: ppv=0x29620f0*=0x2527a8) returned 0x0 [0253.951] glColor3f () returned 0x0 [0253.951] glBegin () returned 0x0 [0253.951] glVertex3f () returned 0x0 [0253.951] glVertex3f () returned 0x0 [0253.951] glVertex3f () returned 0x0 [0253.951] glEnd () returned 0x0 [0253.959] waveInOpen (in: phwi=0x29620dc, uDeviceID=0xffffffff, pwfx=0x29620a8, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x29620dc) returned 0x0 [0253.970] waveInPrepareHeader (in: hwi=0x21f440, pwh=0x29620bc, cbwh=0x20 | out: pwh=0x29620bc) returned 0x0 [0253.971] waveInAddBuffer (in: hwi=0x21f440, pwh=0x29620bc, cbwh=0x20 | out: pwh=0x29620bc) returned 0x0 [0253.971] GetClientRect (in: hWnd=0x0, lpRect=0x2962018 | out: lpRect=0x2962018) returned 0 [0253.971] CreateBitmap (nWidth=8, nHeight=8, nPlanes=0x1, nBitCount=0x1, lpBits=0x462804) returned 0x60501b4 [0253.971] CreatePatternBrush (hbm=0x60501b4) returned 0x41001ba [0253.971] SetBrushOrgEx (in: hdc=0x79e, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0253.971] SelectObject (hdc=0x79e, h=0x41001ba) returned 0x0 [0253.972] SetTextColor (hdc=0x79e, color=0x0) returned 0xffffffff [0253.972] GetStockObject (i=0) returned 0x1900010 [0253.972] RegisterClassA (lpWndClass=0x2961c70) returned 0x0 [0253.972] CreateWindowExA (dwExStyle=0x0, lpClassName="\x9e\x07", lpWindowName="\x9e\x07", dwStyle=0xcf0000, X=1, Y=1, nWidth=10, nHeight=20, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x0 [0253.972] ShowWindow (hWnd=0x0, nCmdShow=3) returned 0 [0253.973] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0253.973] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0253.973] GetSysColorBrush (nIndex=5) returned 0x110007b [0253.973] RegisterClassExA (param_1=0x29612c8) returned 0x0 [0253.973] FileTimeToLocalFileTime (in: lpFileTime=0x29612b0, lpLocalFileTime=0x29612b0 | out: lpLocalFileTime=0x29612b0) returned 1 [0253.973] FileTimeToSystemTime (in: lpFileTime=0x29612b0, lpSystemTime=0x296129c | out: lpSystemTime=0x296129c) returned 1 [0253.980] waveInOpen (in: phwi=0x2960bac, uDeviceID=0xffffffff, pwfx=0x2960b78, dwCallback=0x0, dwInstance=0x0, fdwOpen=0x8 | out: phwi=0x2960bac) returned 0x0 [0253.990] waveInPrepareHeader (in: hwi=0x21ef90, pwh=0x2960b8c, cbwh=0x20 | out: pwh=0x2960b8c) returned 0x0 [0253.990] waveInAddBuffer (in: hwi=0x21ef90, pwh=0x2960b8c, cbwh=0x20 | out: pwh=0x2960b8c) returned 0x0 [0253.991] InsertMenuItemA (hmenu=0x79e, item=0x79e, fByPosition=1, lpmi=0x296b410) returned 0 [0253.991] PdhOpenQueryA (in: szDataSource="", dwUserData=0x0, phQuery=0x296b450 | out: phQuery=0x296b450) returned 0xc0000bbd [0253.991] PdhAddCounterW (in: hQuery=0x0, szFullCounterPath="\\Processor(0)\\% Processor Time", dwUserData=0x0, phCounter=0x296b458 | out: phCounter=0x296b458) returned 0xc0000bbc [0253.992] PdhCollectQueryData (in: hQuery=0x0 | out: hQuery=0x0) returned 0xc0000bbc [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.993] GetLastError () returned 0x579 [0253.993] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.994] GetLastError () returned 0x579 [0253.994] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.995] SetLastError (dwErrCode=0x579) [0253.995] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.996] SetLastError (dwErrCode=0x579) [0253.996] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.997] GetLastError () returned 0x579 [0253.997] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.998] SetLastError (dwErrCode=0x579) [0253.998] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0253.999] GetLastError () returned 0x579 [0253.999] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.000] GetLastError () returned 0x579 [0254.000] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.001] GetLastError () returned 0x579 [0254.001] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.002] GetLastError () returned 0x579 [0254.002] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.003] GetLastError () returned 0x579 [0254.003] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.004] SetLastError (dwErrCode=0x579) [0254.004] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.005] GetLastError () returned 0x579 [0254.005] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.006] GetLastError () returned 0x579 [0254.006] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.007] SetLastError (dwErrCode=0x579) [0254.007] GetLastError () returned 0x579 [0254.008] SetLastError (dwErrCode=0x579) [0254.008] GetLastError () returned 0x579 [0254.008] SetLastError (dwErrCode=0x579) [0254.008] GetLastError () returned 0x579 [0254.008] SetLastError (dwErrCode=0x579) [0254.008] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.015] GetLastError () returned 0x579 [0254.015] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.016] GetLastError () returned 0x579 [0254.016] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.017] SetLastError (dwErrCode=0x579) [0254.017] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.018] GetLastError () returned 0x579 [0254.018] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.019] GetLastError () returned 0x579 [0254.019] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.020] GetLastError () returned 0x579 [0254.020] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.021] GetLastError () returned 0x579 [0254.021] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.022] GetLastError () returned 0x579 [0254.022] SetLastError (dwErrCode=0x579) [0254.023] GetLastError () returned 0x579 [0254.023] SetLastError (dwErrCode=0x579) [0254.045] InsertMenuItemA (hmenu=0x79e, item=0x0, fByPosition=1, lpmi=0x296b410) returned 0 [0254.045] GetCursorPos (in: lpPoint=0x296b4ac | out: lpPoint=0x296b4ac*(x=1437, y=686)) returned 1 [0254.045] TrackPopupMenuEx (param_1=0x79e, param_2=0x0, param_3=1437, param_4=686, param_5=0x0, param_6=0x0) returned 0 [0254.045] SQLAllocHandle () returned 0x0 [0254.049] SQLSetEnvAttr () returned 0x0 [0254.049] SQLAllocHandle () returned 0x75a30000 [0254.049] SQLDriverConnectA () returned 0xffff [0254.054] SQLAllocHandle () returned 0x75a3ffff [0254.056] SQLPrepareA () returned 0x75a3fffe [0254.058] SQLBindParameter () returned 0x75a3fffe [0254.058] SQLExecute () returned 0xfffe [0254.058] SQLCloseCursor () returned 0x75a3fffe [0254.058] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.059] SQLAllocHandle () returned 0x75a3ffff [0254.059] SQLPrepareA () returned 0x75a3fffe [0254.059] SQLBindParameter () returned 0x75a3fffe [0254.059] SQLExecute () returned 0xfffe [0254.059] SQLCloseCursor () returned 0x75a3fffe [0254.059] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.060] SQLPrepareA () returned 0x75a3fffe [0254.060] SQLBindParameter () returned 0x75a3fffe [0254.060] SQLExecute () returned 0xfffe [0254.060] SQLCloseCursor () returned 0x75a3fffe [0254.060] SQLFreeHandle () returned 0x75a3fffe [0254.060] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.061] SQLExecute () returned 0xfffe [0254.061] SQLCloseCursor () returned 0x75a3fffe [0254.061] SQLFreeHandle () returned 0x75a3fffe [0254.061] SQLAllocHandle () returned 0x75a3ffff [0254.061] SQLPrepareA () returned 0x75a3fffe [0254.061] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.062] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.062] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.062] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.062] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.062] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.062] SQLBindParameter () returned 0x75a3fffe [0254.062] SQLExecute () returned 0xfffe [0254.062] SQLCloseCursor () returned 0x75a3fffe [0254.062] SQLFreeHandle () returned 0x75a3fffe [0254.062] SQLAllocHandle () returned 0x75a3ffff [0254.062] SQLPrepareA () returned 0x75a3fffe [0254.063] SQLBindParameter () returned 0x75a3fffe [0254.063] SQLExecute () returned 0xfffe [0254.063] SQLCloseCursor () returned 0x75a3fffe [0254.063] SQLFreeHandle () returned 0x75a3fffe [0254.063] SQLAllocHandle () returned 0x75a3ffff [0254.063] SQLPrepareA () returned 0x75a3fffe [0254.063] SQLBindParameter () returned 0x75a3fffe [0254.063] SQLExecute () returned 0xfffe [0254.063] SQLCloseCursor () returned 0x75a3fffe [0254.063] SQLFreeHandle () returned 0x75a3fffe [0254.063] SQLAllocHandle () returned 0x75a3ffff [0254.063] SQLPrepareA () returned 0x75a3fffe [0254.063] SQLBindParameter () returned 0x75a3fffe [0254.063] SQLExecute () returned 0xfffe [0254.063] SQLCloseCursor () returned 0x75a3fffe [0254.063] SQLFreeHandle () returned 0x75a3fffe [0254.063] SQLAllocHandle () returned 0x75a3ffff [0254.063] SQLPrepareA () returned 0x75a3fffe [0254.063] SQLBindParameter () returned 0x75a3fffe [0254.063] SQLExecute () returned 0xfffe [0254.063] SQLCloseCursor () returned 0x75a3fffe [0254.063] SQLFreeHandle () returned 0x75a3fffe [0254.063] SQLAllocHandle () returned 0x75a3ffff [0254.063] SQLPrepareA () returned 0x75a3fffe [0254.063] SQLBindParameter () returned 0x75a3fffe [0254.063] SQLExecute () returned 0xfffe [0254.063] SQLCloseCursor () returned 0x75a3fffe [0254.063] SQLFreeHandle () returned 0x75a3fffe [0254.063] SQLAllocHandle () returned 0x75a3ffff [0254.063] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.064] SQLCloseCursor () returned 0x75a3fffe [0254.064] SQLFreeHandle () returned 0x75a3fffe [0254.064] SQLAllocHandle () returned 0x75a3ffff [0254.064] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.064] SQLCloseCursor () returned 0x75a3fffe [0254.064] SQLFreeHandle () returned 0x75a3fffe [0254.064] SQLAllocHandle () returned 0x75a3ffff [0254.064] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.064] SQLCloseCursor () returned 0x75a3fffe [0254.064] SQLFreeHandle () returned 0x75a3fffe [0254.064] SQLAllocHandle () returned 0x75a3ffff [0254.064] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.064] SQLCloseCursor () returned 0x75a3fffe [0254.064] SQLFreeHandle () returned 0x75a3fffe [0254.064] SQLAllocHandle () returned 0x75a3ffff [0254.064] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.064] SQLCloseCursor () returned 0x75a3fffe [0254.064] SQLFreeHandle () returned 0x75a3fffe [0254.064] SQLAllocHandle () returned 0x75a3ffff [0254.064] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.064] SQLCloseCursor () returned 0x75a3fffe [0254.064] SQLFreeHandle () returned 0x75a3fffe [0254.064] SQLAllocHandle () returned 0x75a3ffff [0254.064] SQLPrepareA () returned 0x75a3fffe [0254.064] SQLBindParameter () returned 0x75a3fffe [0254.064] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.065] SQLAllocHandle () returned 0x75a3ffff [0254.065] SQLPrepareA () returned 0x75a3fffe [0254.065] SQLBindParameter () returned 0x75a3fffe [0254.065] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.065] SQLAllocHandle () returned 0x75a3ffff [0254.065] SQLPrepareA () returned 0x75a3fffe [0254.065] SQLBindParameter () returned 0x75a3fffe [0254.065] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.065] SQLAllocHandle () returned 0x75a3ffff [0254.065] SQLPrepareA () returned 0x75a3fffe [0254.065] SQLBindParameter () returned 0x75a3fffe [0254.065] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.065] SQLAllocHandle () returned 0x75a3ffff [0254.065] SQLPrepareA () returned 0x75a3fffe [0254.065] SQLBindParameter () returned 0x75a3fffe [0254.065] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.065] SQLAllocHandle () returned 0x75a3ffff [0254.065] SQLPrepareA () returned 0x75a3fffe [0254.065] SQLBindParameter () returned 0x75a3fffe [0254.065] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.065] SQLAllocHandle () returned 0x75a3ffff [0254.065] SQLPrepareA () returned 0x75a3fffe [0254.065] SQLBindParameter () returned 0x75a3fffe [0254.065] SQLExecute () returned 0xfffe [0254.065] SQLCloseCursor () returned 0x75a3fffe [0254.065] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.066] SQLCloseCursor () returned 0x75a3fffe [0254.066] SQLFreeHandle () returned 0x75a3fffe [0254.066] SQLAllocHandle () returned 0x75a3ffff [0254.066] SQLPrepareA () returned 0x75a3fffe [0254.066] SQLBindParameter () returned 0x75a3fffe [0254.066] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.067] SQLFreeHandle () returned 0x75a3fffe [0254.067] SQLAllocHandle () returned 0x75a3ffff [0254.067] SQLPrepareA () returned 0x75a3fffe [0254.067] SQLBindParameter () returned 0x75a3fffe [0254.067] SQLExecute () returned 0xfffe [0254.067] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.068] SQLAllocHandle () returned 0x75a3ffff [0254.068] SQLPrepareA () returned 0x75a3fffe [0254.068] SQLBindParameter () returned 0x75a3fffe [0254.068] SQLExecute () returned 0xfffe [0254.068] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.068] SQLAllocHandle () returned 0x75a3ffff [0254.068] SQLPrepareA () returned 0x75a3fffe [0254.068] SQLBindParameter () returned 0x75a3fffe [0254.068] SQLExecute () returned 0xfffe [0254.068] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.068] SQLAllocHandle () returned 0x75a3ffff [0254.068] SQLPrepareA () returned 0x75a3fffe [0254.068] SQLBindParameter () returned 0x75a3fffe [0254.068] SQLExecute () returned 0xfffe [0254.068] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.068] SQLAllocHandle () returned 0x75a3ffff [0254.068] SQLPrepareA () returned 0x75a3fffe [0254.068] SQLBindParameter () returned 0x75a3fffe [0254.068] SQLExecute () returned 0xfffe [0254.068] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.068] SQLAllocHandle () returned 0x75a3ffff [0254.068] SQLPrepareA () returned 0x75a3fffe [0254.068] SQLBindParameter () returned 0x75a3fffe [0254.068] SQLExecute () returned 0xfffe [0254.068] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.068] SQLAllocHandle () returned 0x75a3ffff [0254.068] SQLPrepareA () returned 0x75a3fffe [0254.068] SQLBindParameter () returned 0x75a3fffe [0254.068] SQLExecute () returned 0xfffe [0254.068] SQLCloseCursor () returned 0x75a3fffe [0254.068] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.069] SQLExecute () returned 0xfffe [0254.069] SQLCloseCursor () returned 0x75a3fffe [0254.069] SQLFreeHandle () returned 0x75a3fffe [0254.069] SQLAllocHandle () returned 0x75a3ffff [0254.069] SQLPrepareA () returned 0x75a3fffe [0254.069] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.070] SQLExecute () returned 0xfffe [0254.070] SQLCloseCursor () returned 0x75a3fffe [0254.070] SQLFreeHandle () returned 0x75a3fffe [0254.070] SQLAllocHandle () returned 0x75a3ffff [0254.070] SQLPrepareA () returned 0x75a3fffe [0254.070] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.071] SQLAllocHandle () returned 0x75a3ffff [0254.071] SQLPrepareA () returned 0x75a3fffe [0254.071] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.071] SQLAllocHandle () returned 0x75a3ffff [0254.071] SQLPrepareA () returned 0x75a3fffe [0254.071] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.071] SQLAllocHandle () returned 0x75a3ffff [0254.071] SQLPrepareA () returned 0x75a3fffe [0254.071] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.071] SQLAllocHandle () returned 0x75a3ffff [0254.071] SQLPrepareA () returned 0x75a3fffe [0254.071] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.071] SQLAllocHandle () returned 0x75a3ffff [0254.071] SQLPrepareA () returned 0x75a3fffe [0254.071] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.071] SQLAllocHandle () returned 0x75a3ffff [0254.071] SQLPrepareA () returned 0x75a3fffe [0254.071] SQLBindParameter () returned 0x75a3fffe [0254.071] SQLExecute () returned 0xfffe [0254.071] SQLCloseCursor () returned 0x75a3fffe [0254.071] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.072] SQLExecute () returned 0xfffe [0254.072] SQLCloseCursor () returned 0x75a3fffe [0254.072] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.072] SQLExecute () returned 0xfffe [0254.072] SQLCloseCursor () returned 0x75a3fffe [0254.072] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.072] SQLExecute () returned 0xfffe [0254.072] SQLCloseCursor () returned 0x75a3fffe [0254.072] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.072] SQLExecute () returned 0xfffe [0254.072] SQLCloseCursor () returned 0x75a3fffe [0254.072] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.072] SQLExecute () returned 0xfffe [0254.072] SQLCloseCursor () returned 0x75a3fffe [0254.072] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.072] SQLExecute () returned 0xfffe [0254.072] SQLCloseCursor () returned 0x75a3fffe [0254.072] SQLFreeHandle () returned 0x75a3fffe [0254.072] SQLAllocHandle () returned 0x75a3ffff [0254.072] SQLPrepareA () returned 0x75a3fffe [0254.072] SQLBindParameter () returned 0x75a3fffe [0254.073] SQLExecute () returned 0xfffe [0254.073] SQLCloseCursor () returned 0x75a3fffe [0254.073] SQLFreeHandle () returned 0x75a3fffe [0254.073] SQLAllocHandle () returned 0x75a3ffff [0254.073] SQLPrepareA () returned 0x75a3fffe [0254.073] SQLBindParameter () returned 0x75a3fffe [0254.073] SQLExecute () returned 0xfffe [0254.073] SQLCloseCursor () returned 0x75a3fffe [0254.073] SQLFreeHandle () returned 0x75a3fffe [0254.073] SQLAllocHandle () returned 0x75a3ffff [0254.073] SQLPrepareA () returned 0x75a3fffe [0254.073] SQLBindParameter () returned 0x75a3fffe [0254.073] SQLExecute () returned 0xfffe [0254.073] SQLCloseCursor () returned 0x75a3fffe [0254.073] SQLFreeHandle () returned 0x75a3fffe [0254.073] SQLAllocHandle () returned 0x75a3ffff [0254.073] SQLPrepareA () returned 0x75a3fffe [0254.073] SQLBindParameter () returned 0x75a3fffe [0254.073] SQLExecute () returned 0xfffe [0254.073] SQLCloseCursor () returned 0x75a3fffe [0254.073] SQLFreeHandle () returned 0x75a3fffe [0254.073] SQLAllocHandle () returned 0x75a3ffff [0254.073] SQLPrepareA () returned 0x75a3fffe [0254.073] SQLBindParameter () returned 0x75a3fffe [0254.073] SQLExecute () returned 0xfffe [0254.073] SQLCloseCursor () returned 0x75a3fffe [0254.073] SQLFreeHandle () returned 0x75a3fffe [0254.073] SQLAllocHandle () returned 0x75a3ffff [0254.073] SQLPrepareA () returned 0x75a3fffe [0254.073] SQLBindParameter () returned 0x75a3fffe [0254.073] SQLExecute () returned 0xfffe [0254.073] SQLCloseCursor () returned 0x75a3fffe [0254.073] SQLFreeHandle () returned 0x75a3fffe [0254.073] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.074] SQLFreeHandle () returned 0x75a3fffe [0254.074] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.074] SQLFreeHandle () returned 0x75a3fffe [0254.074] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.074] SQLFreeHandle () returned 0x75a3fffe [0254.074] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.074] SQLFreeHandle () returned 0x75a3fffe [0254.074] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.074] SQLFreeHandle () returned 0x75a3fffe [0254.074] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.074] SQLFreeHandle () returned 0x75a3fffe [0254.074] SQLAllocHandle () returned 0x75a3ffff [0254.074] SQLPrepareA () returned 0x75a3fffe [0254.074] SQLBindParameter () returned 0x75a3fffe [0254.074] SQLExecute () returned 0xfffe [0254.074] SQLCloseCursor () returned 0x75a3fffe [0254.075] SQLFreeHandle () returned 0x75a3fffe [0254.075] SQLAllocHandle () returned 0x75a3ffff [0254.075] SQLPrepareA () returned 0x75a3fffe [0254.075] SQLBindParameter () returned 0x75a3fffe [0254.075] SQLExecute () returned 0xfffe [0254.075] SQLCloseCursor () returned 0x75a3fffe [0254.075] SQLFreeHandle () returned 0x75a3fffe [0254.075] SQLAllocHandle () returned 0x75a3ffff [0254.075] SQLPrepareA () returned 0x75a3fffe [0254.075] SQLBindParameter () returned 0x75a3fffe [0254.075] SQLExecute () returned 0xfffe [0254.075] SQLCloseCursor () returned 0x75a3fffe [0254.075] SQLFreeHandle () returned 0x75a3fffe [0254.075] SQLAllocHandle () returned 0x75a3ffff [0254.075] SQLPrepareA () returned 0x75a3fffe [0254.075] SQLBindParameter () returned 0x75a3fffe [0254.075] SQLExecute () returned 0xfffe [0254.075] SQLCloseCursor () returned 0x75a3fffe [0254.075] SQLFreeHandle () returned 0x75a3fffe [0254.075] SQLAllocHandle () returned 0x75a3ffff [0254.075] SQLPrepareA () returned 0x75a3fffe [0254.075] SQLBindParameter () returned 0x75a3fffe [0254.075] SQLExecute () returned 0xfffe [0254.075] SQLCloseCursor () returned 0x75a3fffe [0254.075] SQLFreeHandle () returned 0x75a3fffe [0254.075] SQLAllocHandle () returned 0x75a3ffff [0254.075] SQLPrepareA () returned 0x75a3fffe [0254.075] SQLBindParameter () returned 0x75a3fffe [0254.075] SQLExecute () returned 0xfffe [0254.075] SQLCloseCursor () returned 0x75a3fffe [0254.075] SQLFreeHandle () returned 0x75a3fffe [0254.075] SQLAllocHandle () returned 0x75a3ffff [0254.075] SQLPrepareA () returned 0x75a3fffe [0254.075] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.076] SQLAllocHandle () returned 0x75a3ffff [0254.076] SQLPrepareA () returned 0x75a3fffe [0254.076] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.076] SQLAllocHandle () returned 0x75a3ffff [0254.076] SQLPrepareA () returned 0x75a3fffe [0254.076] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.076] SQLAllocHandle () returned 0x75a3ffff [0254.076] SQLPrepareA () returned 0x75a3fffe [0254.076] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.076] SQLAllocHandle () returned 0x75a3ffff [0254.076] SQLPrepareA () returned 0x75a3fffe [0254.076] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.076] SQLAllocHandle () returned 0x75a3ffff [0254.076] SQLPrepareA () returned 0x75a3fffe [0254.076] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.076] SQLAllocHandle () returned 0x75a3ffff [0254.076] SQLPrepareA () returned 0x75a3fffe [0254.076] SQLBindParameter () returned 0x75a3fffe [0254.076] SQLExecute () returned 0xfffe [0254.076] SQLCloseCursor () returned 0x75a3fffe [0254.076] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.077] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.077] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.077] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.077] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.077] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.077] SQLFreeHandle () returned 0x75a3fffe [0254.077] SQLAllocHandle () returned 0x75a3ffff [0254.077] SQLPrepareA () returned 0x75a3fffe [0254.077] SQLBindParameter () returned 0x75a3fffe [0254.077] SQLExecute () returned 0xfffe [0254.077] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.078] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.078] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.078] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.078] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.078] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.078] SQLCloseCursor () returned 0x75a3fffe [0254.078] SQLFreeHandle () returned 0x75a3fffe [0254.078] SQLAllocHandle () returned 0x75a3ffff [0254.078] SQLPrepareA () returned 0x75a3fffe [0254.078] SQLBindParameter () returned 0x75a3fffe [0254.078] SQLExecute () returned 0xfffe [0254.079] SQLCloseCursor () returned 0x75a3fffe [0254.079] SQLFreeHandle () returned 0x75a3fffe [0254.079] SQLAllocHandle () returned 0x75a3ffff [0254.079] SQLPrepareA () returned 0x75a3fffe [0254.079] SQLBindParameter () returned 0x75a3fffe [0254.079] SQLExecute () returned 0xfffe [0254.079] SQLCloseCursor () returned 0x75a3fffe [0254.079] SQLFreeHandle () returned 0x75a3fffe [0254.079] SQLAllocHandle () returned 0x75a3ffff [0254.079] SQLPrepareA () returned 0x75a3fffe [0254.079] SQLBindParameter () returned 0x75a3fffe [0254.079] SQLExecute () returned 0xfffe [0254.079] SQLCloseCursor () returned 0x75a3fffe [0254.079] SQLFreeHandle () returned 0x75a3fffe [0254.079] SQLAllocHandle () returned 0x75a3ffff [0254.079] SQLPrepareA () returned 0x75a3fffe [0254.079] SQLBindParameter () returned 0x75a3fffe [0254.079] SQLExecute () returned 0xfffe [0254.079] SQLCloseCursor () returned 0x75a3fffe [0254.079] SQLFreeHandle () returned 0x75a3fffe [0254.079] SQLAllocHandle () returned 0x75a3ffff [0254.079] SQLPrepareA () returned 0x75a3fffe [0254.079] SQLBindParameter () returned 0x75a3fffe [0254.079] SQLExecute () returned 0xfffe [0254.079] SQLCloseCursor () returned 0x75a3fffe [0254.079] SQLFreeHandle () returned 0x75a3fffe [0254.079] SQLAllocHandle () returned 0x75a3ffff [0254.079] SQLPrepareA () returned 0x75a3fffe [0254.079] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.080] SQLPrepareA () returned 0x75a3fffe [0254.080] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.080] SQLPrepareA () returned 0x75a3fffe [0254.080] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.080] SQLPrepareA () returned 0x75a3fffe [0254.080] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.080] SQLPrepareA () returned 0x75a3fffe [0254.080] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.080] SQLPrepareA () returned 0x75a3fffe [0254.080] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.080] SQLPrepareA () returned 0x75a3fffe [0254.080] SQLBindParameter () returned 0x75a3fffe [0254.080] SQLExecute () returned 0xfffe [0254.080] SQLCloseCursor () returned 0x75a3fffe [0254.080] SQLFreeHandle () returned 0x75a3fffe [0254.080] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.081] SQLBindParameter () returned 0x75a3fffe [0254.081] SQLExecute () returned 0xfffe [0254.081] SQLCloseCursor () returned 0x75a3fffe [0254.081] SQLFreeHandle () returned 0x75a3fffe [0254.081] SQLAllocHandle () returned 0x75a3ffff [0254.081] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.082] SQLAllocHandle () returned 0x75a3ffff [0254.082] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.082] SQLAllocHandle () returned 0x75a3ffff [0254.082] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.082] SQLAllocHandle () returned 0x75a3ffff [0254.082] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.082] SQLAllocHandle () returned 0x75a3ffff [0254.082] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.082] SQLAllocHandle () returned 0x75a3ffff [0254.082] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.082] SQLAllocHandle () returned 0x75a3ffff [0254.082] SQLPrepareA () returned 0x75a3fffe [0254.082] SQLBindParameter () returned 0x75a3fffe [0254.082] SQLExecute () returned 0xfffe [0254.082] SQLCloseCursor () returned 0x75a3fffe [0254.082] SQLFreeHandle () returned 0x75a3fffe [0254.083] SQLAllocHandle () returned 0x75a3ffff [0254.083] SQLPrepareA () returned 0x75a3fffe [0254.083] SQLBindParameter () returned 0x75a3fffe [0254.083] SQLExecute () returned 0xfffe [0254.083] SQLCloseCursor () returned 0x75a3fffe [0254.083] SQLFreeHandle () returned 0x75a3fffe [0254.083] SQLAllocHandle () returned 0x75a3ffff [0254.083] SQLPrepareA () returned 0x75a3fffe [0254.083] SQLBindParameter () returned 0x75a3fffe [0254.083] SQLExecute () returned 0xfffe [0254.083] SQLCloseCursor () returned 0x75a3fffe [0254.083] SQLFreeHandle () returned 0x75a3fffe [0254.083] SQLAllocHandle () returned 0x75a3ffff [0254.083] SQLPrepareA () returned 0x75a3fffe [0254.083] SQLBindParameter () returned 0x75a3fffe [0254.083] SQLExecute () returned 0xfffe [0254.083] SQLCloseCursor () returned 0x75a3fffe [0254.083] SQLFreeHandle () returned 0x75a3fffe [0254.083] SQLAllocHandle () returned 0x75a3ffff [0254.083] SQLPrepareA () returned 0x75a3fffe [0254.083] SQLBindParameter () returned 0x75a3fffe [0254.083] SQLExecute () returned 0xfffe [0254.083] SQLCloseCursor () returned 0x75a3fffe [0254.083] SQLFreeHandle () returned 0x75a3fffe [0254.083] SQLAllocHandle () returned 0x75a3ffff [0254.083] SQLPrepareA () returned 0x75a3fffe [0254.083] SQLBindParameter () returned 0x75a3fffe [0254.083] SQLExecute () returned 0xfffe [0254.083] SQLCloseCursor () returned 0x75a3fffe [0254.083] SQLFreeHandle () returned 0x75a3fffe [0254.083] SQLAllocHandle () returned 0x75a3ffff [0254.083] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.084] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.084] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.084] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.084] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.084] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.084] SQLPrepareA () returned 0x75a3fffe [0254.084] SQLBindParameter () returned 0x75a3fffe [0254.084] SQLExecute () returned 0xfffe [0254.084] SQLCloseCursor () returned 0x75a3fffe [0254.084] SQLFreeHandle () returned 0x75a3fffe [0254.084] SQLAllocHandle () returned 0x75a3ffff [0254.085] SQLPrepareA () returned 0x75a3fffe [0254.085] SQLBindParameter () returned 0x75a3fffe [0254.085] SQLExecute () returned 0xfffe [0254.085] SQLCloseCursor () returned 0x75a3fffe [0254.085] SQLFreeHandle () returned 0x75a3fffe [0254.085] SQLAllocHandle () returned 0x75a3ffff [0254.085] SQLPrepareA () returned 0x75a3fffe [0254.085] SQLBindParameter () returned 0x75a3fffe [0254.085] SQLExecute () returned 0xfffe [0254.085] SQLCloseCursor () returned 0x75a3fffe [0254.085] SQLFreeHandle () returned 0x75a3fffe [0254.085] SQLAllocHandle () returned 0x75a3ffff [0254.085] SQLPrepareA () returned 0x75a3fffe [0254.085] SQLBindParameter () returned 0x75a3fffe [0254.085] SQLExecute () returned 0xfffe [0254.085] SQLCloseCursor () returned 0x75a3fffe [0254.085] SQLFreeHandle () returned 0x75a3fffe [0254.085] SQLAllocHandle () returned 0x75a3ffff [0254.085] SQLPrepareA () returned 0x75a3fffe [0254.085] SQLBindParameter () returned 0x75a3fffe [0254.085] SQLExecute () returned 0xfffe [0254.085] SQLCloseCursor () returned 0x75a3fffe [0254.085] SQLFreeHandle () returned 0x75a3fffe [0254.085] SQLAllocHandle () returned 0x75a3ffff [0254.085] SQLPrepareA () returned 0x75a3fffe [0254.085] SQLBindParameter () returned 0x75a3fffe [0254.085] SQLExecute () returned 0xfffe [0254.085] SQLCloseCursor () returned 0x75a3fffe [0254.085] SQLFreeHandle () returned 0x75a3fffe [0254.085] SQLAllocHandle () returned 0x75a3ffff [0254.085] SQLPrepareA () returned 0x75a3fffe [0254.085] SQLBindParameter () returned 0x75a3fffe [0254.085] SQLExecute () returned 0xfffe [0254.085] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.086] SQLExecute () returned 0xfffe [0254.086] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.086] SQLExecute () returned 0xfffe [0254.086] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.086] SQLExecute () returned 0xfffe [0254.086] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.086] SQLExecute () returned 0xfffe [0254.086] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.086] SQLExecute () returned 0xfffe [0254.086] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.086] SQLExecute () returned 0xfffe [0254.086] SQLCloseCursor () returned 0x75a3fffe [0254.086] SQLFreeHandle () returned 0x75a3fffe [0254.086] SQLAllocHandle () returned 0x75a3ffff [0254.086] SQLPrepareA () returned 0x75a3fffe [0254.086] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.087] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.087] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.087] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.087] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.087] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.087] SQLBindParameter () returned 0x75a3fffe [0254.087] SQLExecute () returned 0xfffe [0254.087] SQLCloseCursor () returned 0x75a3fffe [0254.087] SQLFreeHandle () returned 0x75a3fffe [0254.087] SQLAllocHandle () returned 0x75a3ffff [0254.087] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.088] SQLAllocHandle () returned 0x75a3ffff [0254.088] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.088] SQLAllocHandle () returned 0x75a3ffff [0254.088] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.088] SQLAllocHandle () returned 0x75a3ffff [0254.088] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.088] SQLAllocHandle () returned 0x75a3ffff [0254.088] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.088] SQLAllocHandle () returned 0x75a3ffff [0254.088] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.088] SQLAllocHandle () returned 0x75a3ffff [0254.088] SQLPrepareA () returned 0x75a3fffe [0254.088] SQLBindParameter () returned 0x75a3fffe [0254.088] SQLExecute () returned 0xfffe [0254.088] SQLCloseCursor () returned 0x75a3fffe [0254.088] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.089] SQLCloseCursor () returned 0x75a3fffe [0254.089] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.089] SQLCloseCursor () returned 0x75a3fffe [0254.089] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.089] SQLCloseCursor () returned 0x75a3fffe [0254.089] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.089] SQLCloseCursor () returned 0x75a3fffe [0254.089] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.089] SQLCloseCursor () returned 0x75a3fffe [0254.089] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.089] SQLCloseCursor () returned 0x75a3fffe [0254.089] SQLFreeHandle () returned 0x75a3fffe [0254.089] SQLAllocHandle () returned 0x75a3ffff [0254.089] SQLPrepareA () returned 0x75a3fffe [0254.089] SQLBindParameter () returned 0x75a3fffe [0254.089] SQLExecute () returned 0xfffe [0254.090] SQLCloseCursor () returned 0x75a3fffe [0254.090] SQLFreeHandle () returned 0x75a3fffe [0254.090] SQLAllocHandle () returned 0x75a3ffff [0254.090] SQLPrepareA () returned 0x75a3fffe [0254.090] SQLBindParameter () returned 0x75a3fffe [0254.090] SQLExecute () returned 0xfffe [0254.090] SQLCloseCursor () returned 0x75a3fffe [0254.090] SQLFreeHandle () returned 0x75a3fffe [0254.090] SQLAllocHandle () returned 0x75a3ffff [0254.090] SQLPrepareA () returned 0x75a3fffe [0254.090] SQLBindParameter () returned 0x75a3fffe [0254.090] SQLExecute () returned 0xfffe [0254.090] SQLCloseCursor () returned 0x75a3fffe [0254.090] SQLFreeHandle () returned 0x75a3fffe [0254.090] SQLAllocHandle () returned 0x75a3ffff [0254.090] SQLPrepareA () returned 0x75a3fffe [0254.090] SQLBindParameter () returned 0x75a3fffe [0254.090] SQLExecute () returned 0xfffe [0254.090] SQLCloseCursor () returned 0x75a3fffe [0254.090] SQLFreeHandle () returned 0x75a3fffe [0254.090] SQLAllocHandle () returned 0x75a3ffff [0254.090] SQLPrepareA () returned 0x75a3fffe [0254.090] SQLBindParameter () returned 0x75a3fffe [0254.090] SQLExecute () returned 0xfffe [0254.090] SQLCloseCursor () returned 0x75a3fffe [0254.090] SQLFreeHandle () returned 0x75a3fffe [0254.090] SQLAllocHandle () returned 0x75a3ffff [0254.090] SQLPrepareA () returned 0x75a3fffe [0254.090] SQLBindParameter () returned 0x75a3fffe [0254.090] SQLExecute () returned 0xfffe [0254.090] SQLCloseCursor () returned 0x75a3fffe [0254.091] SQLFreeHandle () returned 0x75a3fffe [0254.091] SQLAllocHandle () returned 0x75a3ffff [0254.091] SQLPrepareA () returned 0x75a3fffe [0254.091] SQLBindParameter () returned 0x75a3fffe [0254.091] SQLExecute () returned 0xfffe [0254.091] SQLCloseCursor () returned 0x75a3fffe [0254.091] SQLFreeHandle () returned 0x75a3fffe [0254.095] SQLAllocHandle () returned 0x75a3ffff [0254.095] SQLPrepareA () returned 0x75a3fffe [0254.095] SQLBindParameter () returned 0x75a3fffe [0254.095] SQLExecute () returned 0xfffe [0254.095] SQLCloseCursor () returned 0x75a3fffe [0254.095] SQLFreeHandle () returned 0x75a3fffe [0254.095] SQLAllocHandle () returned 0x75a3ffff [0254.095] SQLPrepareA () returned 0x75a3fffe [0254.095] SQLBindParameter () returned 0x75a3fffe [0254.095] SQLExecute () returned 0xfffe [0254.095] SQLCloseCursor () returned 0x75a3fffe [0254.095] SQLFreeHandle () returned 0x75a3fffe [0254.095] SQLAllocHandle () returned 0x75a3ffff [0254.095] SQLPrepareA () returned 0x75a3fffe [0254.095] SQLBindParameter () returned 0x75a3fffe [0254.095] SQLExecute () returned 0xfffe [0254.095] SQLCloseCursor () returned 0x75a3fffe [0254.095] SQLFreeHandle () returned 0x75a3fffe [0254.095] SQLAllocHandle () returned 0x75a3ffff [0254.095] SQLPrepareA () returned 0x75a3fffe [0254.095] SQLBindParameter () returned 0x75a3fffe [0254.095] SQLExecute () returned 0xfffe [0254.095] SQLCloseCursor () returned 0x75a3fffe [0254.095] SQLFreeHandle () returned 0x75a3fffe [0254.095] SQLAllocHandle () returned 0x75a3ffff [0254.095] SQLPrepareA () returned 0x75a3fffe [0254.095] SQLBindParameter () returned 0x75a3fffe [0254.095] SQLExecute () returned 0xfffe [0254.095] SQLCloseCursor () returned 0x75a3fffe [0254.095] SQLFreeHandle () returned 0x75a3fffe [0254.095] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.096] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.096] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.096] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.096] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.096] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.096] SQLAllocHandle () returned 0x75a3ffff [0254.096] SQLPrepareA () returned 0x75a3fffe [0254.096] SQLBindParameter () returned 0x75a3fffe [0254.096] SQLExecute () returned 0xfffe [0254.096] SQLCloseCursor () returned 0x75a3fffe [0254.096] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.097] SQLExecute () returned 0xfffe [0254.097] SQLCloseCursor () returned 0x75a3fffe [0254.097] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.097] SQLExecute () returned 0xfffe [0254.097] SQLCloseCursor () returned 0x75a3fffe [0254.097] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.097] SQLExecute () returned 0xfffe [0254.097] SQLCloseCursor () returned 0x75a3fffe [0254.097] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.097] SQLExecute () returned 0xfffe [0254.097] SQLCloseCursor () returned 0x75a3fffe [0254.097] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.097] SQLExecute () returned 0xfffe [0254.097] SQLCloseCursor () returned 0x75a3fffe [0254.097] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.097] SQLExecute () returned 0xfffe [0254.097] SQLCloseCursor () returned 0x75a3fffe [0254.097] SQLFreeHandle () returned 0x75a3fffe [0254.097] SQLAllocHandle () returned 0x75a3ffff [0254.097] SQLPrepareA () returned 0x75a3fffe [0254.097] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.098] SQLExecute () returned 0xfffe [0254.098] SQLCloseCursor () returned 0x75a3fffe [0254.098] SQLFreeHandle () returned 0x75a3fffe [0254.098] SQLAllocHandle () returned 0x75a3ffff [0254.098] SQLPrepareA () returned 0x75a3fffe [0254.098] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.099] SQLExecute () returned 0xfffe [0254.099] SQLCloseCursor () returned 0x75a3fffe [0254.099] SQLFreeHandle () returned 0x75a3fffe [0254.099] SQLAllocHandle () returned 0x75a3ffff [0254.099] SQLPrepareA () returned 0x75a3fffe [0254.099] SQLBindParameter () returned 0x75a3fffe [0254.100] SQLExecute () returned 0xfffe [0254.100] SQLCloseCursor () returned 0x75a3fffe [0254.100] SQLFreeHandle () returned 0x75a3fffe [0254.100] SQLAllocHandle () returned 0x75a3ffff [0254.100] SQLPrepareA () returned 0x75a3fffe [0254.100] SQLBindParameter () returned 0x75a3fffe [0254.100] SQLExecute () returned 0xfffe [0254.100] SQLCloseCursor () returned 0x75a3fffe [0254.100] SQLFreeHandle () returned 0x75a3fffe [0254.100] SQLAllocHandle () returned 0x75a3ffff [0254.100] SQLPrepareA () returned 0x75a3fffe [0254.100] SQLBindParameter () returned 0x75a3fffe [0254.100] SQLExecute () returned 0xfffe [0254.100] SQLCloseCursor () returned 0x75a3fffe [0254.100] SQLFreeHandle () returned 0x75a3fffe [0254.100] SQLAllocHandle () returned 0x75a3ffff [0254.100] SQLPrepareA () returned 0x75a3fffe [0254.100] SQLBindParameter () returned 0x75a3fffe [0254.100] SQLExecute () returned 0xfffe [0254.100] SQLCloseCursor () returned 0x75a3fffe [0254.100] SQLFreeHandle () returned 0x75a3fffe [0254.142] SQLDisconnect () returned 0x75a3ffff [0254.142] SQLFreeHandle () returned 0x75a30000 [0254.142] SQLFreeHandle () returned 0x0 [0254.142] SQLGetDiagRecW () returned 0x75a3fffe [0254.143] HideCaret (hWnd=0x0) returned 0 [0254.143] DeviceIoControl (in: hDevice=0x0, dwIoControlCode=0x74080, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x2969b40, nOutBufferSize=0x4, lpBytesReturned=0x2969c48, lpOverlapped=0x0 | out: lpOutBuffer=0x2969b40, lpBytesReturned=0x2969c48, lpOverlapped=0x0) returned 0 [0254.143] ImmAssociateContext () returned 0x0 [0254.144] GetModuleHandleA (lpModuleName="ntdll") returned 0x77730000 [0254.144] GetModuleHandleA (lpModuleName="advapi32") returned 0x77620000 [0254.161] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.183] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.188] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.210] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.214] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.233] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.237] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.255] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.259] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.280] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.284] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.305] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.311] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.336] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.357] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.377] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.381] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.402] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.406] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5a60000 [0254.426] VirtualFree (lpAddress=0x5a60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.432] GetModuleHandleA (lpModuleName="ntdll") returned 0x77730000 [0254.432] GetModuleHandleA (lpModuleName="advapi32") returned 0x77620000 [0254.446] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0254.456] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.479] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.483] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.507] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.514] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.551] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.556] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.582] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.587] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.611] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.615] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.638] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.646] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.691] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.695] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.719] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.724] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.748] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.752] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.810] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.814] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.836] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.840] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.862] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.866] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.886] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.890] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.911] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.915] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.935] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.939] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.958] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.963] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0254.982] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.986] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.007] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.018] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.036] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.040] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.060] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.064] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.084] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.088] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.108] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.112] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.132] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.136] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.156] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.160] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.180] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.184] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.205] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.210] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x5b60000 [0255.234] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0255.242] GetSystemTime (in: lpSystemTime=0x29698cc | out: lpSystemTime=0x29698cc*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x3, wDay=0x1f, wHour=0x17, wMinute=0x0, wSecond=0x38, wMilliseconds=0x4e)) [0255.242] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.242] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x40c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x40d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x40e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x40f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x410000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x411000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x412000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x413000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x414000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x415000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x416000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x417000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x418000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x419000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x41a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x41b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x41c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x41d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x41e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x41f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x420000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x421000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x422000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x423000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x424000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x425000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.243] VirtualProtect (in: lpAddress=0x426000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x427000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x428000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x429000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x42a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x42b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x42c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x42d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x42e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x42f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x430000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x431000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x432000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x433000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x434000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x435000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x436000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x437000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x438000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x439000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x43a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x43b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x43c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x43d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x43e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x43f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x440000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.244] VirtualProtect (in: lpAddress=0x441000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x442000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x443000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x444000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x445000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x446000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x447000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x448000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x449000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x44a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x20) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x44b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x44c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x44d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x44e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x44f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x450000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x451000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x452000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x453000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x454000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x455000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x456000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x457000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x458000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x459000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x45a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.245] VirtualProtect (in: lpAddress=0x45b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x45c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x45d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x45e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x45f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x460000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x461000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x4) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x462000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x4) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x463000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x4) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x464000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x4) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x465000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x466000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x467000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x468000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x469000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x46a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x46b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x46c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x46d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x46e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x46f000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.246] VirtualProtect (in: lpAddress=0x470000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x296989c | out: lpflOldProtect=0x296989c*=0x2) returned 1 [0255.368] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77730000 [0255.368] GetProcAddress (hModule=0x77730000, lpProcName="memset") returned 0x7779ee50 [0255.369] GetProcAddress (hModule=0x77730000, lpProcName="strstr") returned 0x777a0010 [0255.369] GetProcAddress (hModule=0x77730000, lpProcName="mbstowcs") returned 0x7779e610 [0255.369] GetProcAddress (hModule=0x77730000, lpProcName="RtlNtStatusToDosError") returned 0x77783010 [0255.369] GetProcAddress (hModule=0x77730000, lpProcName="memcpy") returned 0x7779e7b0 [0255.369] GetProcAddress (hModule=0x77730000, lpProcName="RtlGetVersion") returned 0x7778fcd0 [0255.370] GetProcAddress (hModule=0x77730000, lpProcName="RtlUnwind") returned 0x7778aca0 [0255.370] GetProcAddress (hModule=0x77730000, lpProcName="ZwQueryInformationProcess") returned 0x77798d50 [0255.370] GetProcAddress (hModule=0x77730000, lpProcName="NtQuerySystemInformation") returned 0x77798f40 [0255.370] GetProcAddress (hModule=0x77730000, lpProcName="ZwOpenProcessToken") returned 0x77799d20 [0255.371] GetProcAddress (hModule=0x77730000, lpProcName="ZwQueryInformationToken") returned 0x77798df0 [0255.371] GetProcAddress (hModule=0x77730000, lpProcName="ZwClose") returned 0x77798cb0 [0255.371] GetProcAddress (hModule=0x77730000, lpProcName="ZwOpenProcess") returned 0x77798e40 [0255.371] GetProcAddress (hModule=0x77730000, lpProcName="NtUnmapViewOfSection") returned 0x77798e80 [0255.372] GetProcAddress (hModule=0x77730000, lpProcName="NtMapViewOfSection") returned 0x77798e60 [0255.372] GetProcAddress (hModule=0x77730000, lpProcName="NtCreateSection") returned 0x77799080 [0255.372] GetProcAddress (hModule=0x77730000, lpProcName="RtlFreeUnicodeString") returned 0x7776b940 [0255.372] GetProcAddress (hModule=0x77730000, lpProcName="RtlUpcaseUnicodeString") returned 0x7777e040 [0255.372] GetProcAddress (hModule=0x77730000, lpProcName="_aulldiv") returned 0x7779c680 [0255.373] GetProcAddress (hModule=0x77730000, lpProcName="NtQueryVirtualMemory") returned 0x77798e10 [0255.373] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76b10000 [0255.373] GetProcAddress (hModule=0x76b10000, lpProcName="StrStrIA") returned 0x76b2cd10 [0255.373] GetProcAddress (hModule=0x76b10000, lpProcName="StrChrW") returned 0x76b26a00 [0255.373] GetProcAddress (hModule=0x76b10000, lpProcName="PathFindFileNameW") returned 0x76b280d0 [0255.374] GetProcAddress (hModule=0x76b10000, lpProcName="PathCombineW") returned 0x76b2cd50 [0255.374] GetProcAddress (hModule=0x76b10000, lpProcName="PathFindExtensionA") returned 0x76b31db0 [0255.374] GetProcAddress (hModule=0x76b10000, lpProcName="StrChrA") returned 0x76b326c0 [0255.374] GetProcAddress (hModule=0x76b10000, lpProcName="StrTrimW") returned 0x76b283a0 [0255.374] GetProcAddress (hModule=0x76b10000, lpProcName="PathFindExtensionW") returned 0x76b27c40 [0255.375] GetProcAddress (hModule=0x76b10000, lpProcName="StrRChrA") returned 0x76b32900 [0255.375] LoadLibraryA (lpLibFileName="SETUPAPI.dll") returned 0x77470000 [0255.377] GetProcAddress (hModule=0x77470000, lpProcName="SetupDiGetDeviceRegistryPropertyA") returned 0x774c19a0 [0255.378] GetProcAddress (hModule=0x77470000, lpProcName="SetupDiGetClassDevsA") returned 0x77498d10 [0255.378] GetProcAddress (hModule=0x77470000, lpProcName="SetupDiEnumDeviceInfo") returned 0x77485620 [0255.378] GetProcAddress (hModule=0x77470000, lpProcName="SetupDiDestroyDeviceInfoList") returned 0x77485340 [0255.378] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75eb0000 [0255.378] GetProcAddress (hModule=0x75eb0000, lpProcName="HeapFree") returned 0x75ec25e0 [0255.379] GetProcAddress (hModule=0x75eb0000, lpProcName="GetComputerNameA") returned 0x75ecf4b0 [0255.379] GetProcAddress (hModule=0x75eb0000, lpProcName="ExitProcess") returned 0x75ed74f0 [0255.379] GetProcAddress (hModule=0x75eb0000, lpProcName="GetModuleHandleA") returned 0x75ec9640 [0255.379] GetProcAddress (hModule=0x75eb0000, lpProcName="GetCommandLineW") returned 0x75eca4b0 [0255.379] GetProcAddress (hModule=0x75eb0000, lpProcName="ExitThread") returned 0x77792570 [0255.380] GetProcAddress (hModule=0x75eb0000, lpProcName="CloseHandle") returned 0x75ed5f20 [0255.380] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateThread") returned 0x75ec9700 [0255.380] GetProcAddress (hModule=0x75eb0000, lpProcName="HeapDestroy") returned 0x75ecd940 [0255.380] GetProcAddress (hModule=0x75eb0000, lpProcName="HeapCreate") returned 0x75ec9950 [0255.380] GetProcAddress (hModule=0x75eb0000, lpProcName="SetEvent") returned 0x75ed60c0 [0255.381] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcpyW") returned 0x75eed410 [0255.381] GetProcAddress (hModule=0x75eb0000, lpProcName="SetFileAttributesW") returned 0x75ed6510 [0255.381] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrlenW") returned 0x75ec2d80 [0255.381] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcpyA") returned 0x75ece320 [0255.381] GetProcAddress (hModule=0x75eb0000, lpProcName="SwitchToThread") returned 0x75ec9f30 [0255.382] GetProcAddress (hModule=0x75eb0000, lpProcName="SetEndOfFile") returned 0x75ed64f0 [0255.382] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateEventA") returned 0x75ed5f70 [0255.382] GetProcAddress (hModule=0x75eb0000, lpProcName="FlushFileBuffers") returned 0x75ed62a0 [0255.382] GetProcAddress (hModule=0x75eb0000, lpProcName="GetTempPathA") returned 0x75ed6410 [0255.383] GetProcAddress (hModule=0x75eb0000, lpProcName="GetLastError") returned 0x75ec2db0 [0255.383] GetProcAddress (hModule=0x75eb0000, lpProcName="FindNextFileA") returned 0x75ed6270 [0255.383] GetProcAddress (hModule=0x75eb0000, lpProcName="HeapAlloc") returned 0x7776da90 [0255.383] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcmpiW") returned 0x75ec7540 [0255.383] GetProcAddress (hModule=0x75eb0000, lpProcName="GetProcAddress") returned 0x75ec7940 [0255.384] GetProcAddress (hModule=0x75eb0000, lpProcName="SetWaitableTimer") returned 0x75ed60d0 [0255.384] GetProcAddress (hModule=0x75eb0000, lpProcName="GetTickCount") returned 0x75ed57f0 [0255.384] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcatW") returned 0x75eed320 [0255.384] GetProcAddress (hModule=0x75eb0000, lpProcName="FindClose") returned 0x75ed61d0 [0255.384] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateFileA") returned 0x75ed6170 [0255.384] GetProcAddress (hModule=0x75eb0000, lpProcName="CompareFileTime") returned 0x75ed6130 [0255.385] GetProcAddress (hModule=0x75eb0000, lpProcName="ResetEvent") returned 0x75ed60b0 [0255.385] GetProcAddress (hModule=0x75eb0000, lpProcName="WriteFile") returned 0x75ed6590 [0255.385] GetProcAddress (hModule=0x75eb0000, lpProcName="GetFileTime") returned 0x75ed6380 [0255.385] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateProcessA") returned 0x75ef0960 [0255.385] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateDirectoryW") returned 0x75ed6150 [0255.386] GetProcAddress (hModule=0x75eb0000, lpProcName="DeleteFileW") returned 0x75ed61b0 [0255.386] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateFileW") returned 0x75ed6180 [0255.386] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateWaitableTimerA") returned 0x75ecdb30 [0255.386] GetProcAddress (hModule=0x75eb0000, lpProcName="ResumeThread") returned 0x75eca280 [0255.386] GetProcAddress (hModule=0x75eb0000, lpProcName="SuspendThread") returned 0x75eced00 [0255.387] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcmpA") returned 0x75ecc1f0 [0255.387] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcpynA") returned 0x75ecf7b0 [0255.387] GetProcAddress (hModule=0x75eb0000, lpProcName="LocalFree") returned 0x75ec87c0 [0255.387] GetProcAddress (hModule=0x75eb0000, lpProcName="ExpandEnvironmentStringsA") returned 0x75ef0da0 [0255.387] GetProcAddress (hModule=0x75eb0000, lpProcName="Sleep") returned 0x75ec77b0 [0255.387] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrlenA") returned 0x75ed3a30 [0255.388] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcatA") returned 0x75ecefc0 [0255.388] GetProcAddress (hModule=0x75eb0000, lpProcName="WaitForSingleObject") returned 0x75ed6110 [0255.388] GetProcAddress (hModule=0x75eb0000, lpProcName="ReadFile") returned 0x75ed64a0 [0255.388] GetProcAddress (hModule=0x75eb0000, lpProcName="ExpandEnvironmentStringsW") returned 0x75ecc8c0 [0255.389] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateDirectoryA") returned 0x75ed6140 [0255.389] GetProcAddress (hModule=0x75eb0000, lpProcName="VirtualProtectEx") returned 0x75ef2a00 [0255.389] GetProcAddress (hModule=0x75eb0000, lpProcName="FindFirstFileA") returned 0x75ed6210 [0255.389] GetProcAddress (hModule=0x75eb0000, lpProcName="GetModuleFileNameA") returned 0x75eca040 [0255.389] GetProcAddress (hModule=0x75eb0000, lpProcName="GetModuleFileNameW") returned 0x75ec9560 [0255.390] GetProcAddress (hModule=0x75eb0000, lpProcName="GetFileSize") returned 0x75ed6360 [0255.390] GetProcAddress (hModule=0x75eb0000, lpProcName="OpenProcess") returned 0x75ec92b0 [0255.390] GetProcAddress (hModule=0x75eb0000, lpProcName="CreateRemoteThread") returned 0x75ef0a00 [0255.390] GetProcAddress (hModule=0x75eb0000, lpProcName="VirtualAlloc") returned 0x75ec8b70 [0255.391] GetProcAddress (hModule=0x75eb0000, lpProcName="lstrcmpiA") returned 0x75ec7610 [0255.391] GetProcAddress (hModule=0x75eb0000, lpProcName="VirtualFree") returned 0x75ec8c70 [0255.391] GetProcAddress (hModule=0x75eb0000, lpProcName="SetLastError") returned 0x75ec2af0 [0255.391] GetProcAddress (hModule=0x75eb0000, lpProcName="GetCurrentProcessId") returned 0x75ec1d90 [0255.392] GetProcAddress (hModule=0x75eb0000, lpProcName="GetVersion") returned 0x75eca300 [0255.392] GetProcAddress (hModule=0x75eb0000, lpProcName="GetLongPathNameW") returned 0x75ec47c0 [0255.392] GetProcAddress (hModule=0x75eb0000, lpProcName="SetFilePointer") returned 0x75ed6530 [0255.392] GetProcAddress (hModule=0x75eb0000, lpProcName="GetTempFileNameA") returned 0x75ed63f0 [0255.393] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x760e0000 [0255.393] GetProcAddress (hModule=0x760e0000, lpProcName="wsprintfA") returned 0x7610ea00 [0255.393] GetProcAddress (hModule=0x760e0000, lpProcName="CharUpperA") returned 0x761131c0 [0255.393] GetProcAddress (hModule=0x760e0000, lpProcName="FindWindowA") returned 0x76110980 [0255.393] GetProcAddress (hModule=0x760e0000, lpProcName="wsprintfW") returned 0x7610ddf0 [0255.394] GetProcAddress (hModule=0x760e0000, lpProcName="MessageBoxA") returned 0x7615cf50 [0255.394] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77620000 [0255.394] GetProcAddress (hModule=0x77620000, lpProcName="RegQueryValueExW") returned 0x7763ed60 [0255.394] GetProcAddress (hModule=0x77620000, lpProcName="RegEnumKeyExA") returned 0x77642520 [0255.394] GetProcAddress (hModule=0x77620000, lpProcName="RegOpenKeyW") returned 0x7763f590 [0255.395] GetProcAddress (hModule=0x77620000, lpProcName="RegDeleteValueW") returned 0x77640ca0 [0255.395] GetProcAddress (hModule=0x77620000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7766bda0 [0255.395] GetProcAddress (hModule=0x77620000, lpProcName="RegSetValueExW") returned 0x7763f0a0 [0255.395] GetProcAddress (hModule=0x77620000, lpProcName="GetSidSubAuthorityCount") returned 0x77640f50 [0255.395] GetProcAddress (hModule=0x77620000, lpProcName="GetSidSubAuthority") returned 0x77640ea0 [0255.395] GetProcAddress (hModule=0x77620000, lpProcName="OpenProcessToken") returned 0x7763ee90 [0255.396] GetProcAddress (hModule=0x77620000, lpProcName="RegOpenKeyA") returned 0x776431a0 [0255.396] GetProcAddress (hModule=0x77620000, lpProcName="RegSetValueExA") returned 0x77640750 [0255.396] GetProcAddress (hModule=0x77620000, lpProcName="RegCreateKeyA") returned 0x77643150 [0255.396] GetProcAddress (hModule=0x77620000, lpProcName="GetTokenInformation") returned 0x7763ed40 [0255.396] GetProcAddress (hModule=0x77620000, lpProcName="RegCloseKey") returned 0x7763efa0 [0255.397] GetProcAddress (hModule=0x77620000, lpProcName="RegQueryValueExA") returned 0x7763ee40 [0255.397] GetProcAddress (hModule=0x77620000, lpProcName="RegOpenKeyExA") returned 0x7763f000 [0255.397] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x74460000 [0255.397] GetProcAddress (hModule=0x74460000, lpProcName="ShellExecuteW") returned 0x745f4370 [0255.397] GetProcAddress (hModule=0x74460000, lpProcName="ShellExecuteExW") returned 0x745f4cb0 [0255.398] GetProcAddress (hModule=0x74460000, lpProcName=0x5c) returned 0x746d7560 [0255.398] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75ff0000 [0255.398] GetProcAddress (hModule=0x75ff0000, lpProcName="CoUninitialize") returned 0x7653dca0 [0255.398] GetProcAddress (hModule=0x75ff0000, lpProcName="CoInitializeEx") returned 0x7653cd50 [0255.398] VirtualProtect (in: lpAddress=0x400000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x29698b4 | out: lpflOldProtect=0x29698b4*=0x40) returned 1 [0255.398] VirtualProtect (in: lpAddress=0x401000, dwSize=0x4958, flNewProtect=0x20, lpflOldProtect=0x29698b4 | out: lpflOldProtect=0x29698b4*=0x40) returned 1 [0255.398] VirtualProtect (in: lpAddress=0x406000, dwSize=0xf48, flNewProtect=0x2, lpflOldProtect=0x29698b4 | out: lpflOldProtect=0x29698b4*=0x40) returned 1 [0255.398] VirtualProtect (in: lpAddress=0x407000, dwSize=0x52c, flNewProtect=0x4, lpflOldProtect=0x29698b4 | out: lpflOldProtect=0x29698b4*=0x40) returned 1 [0255.398] VirtualProtect (in: lpAddress=0x408000, dwSize=0x63e, flNewProtect=0x4, lpflOldProtect=0x29698b4 | out: lpflOldProtect=0x29698b4*=0x40) returned 1 [0255.398] VirtualProtect (in: lpAddress=0x409000, dwSize=0x68000, flNewProtect=0x2, lpflOldProtect=0x29698b4 | out: lpflOldProtect=0x29698b4*=0x40) returned 1 [0255.402] RtlExitUserThread (Status=0x0) Thread: id = 88 os_tid = 0xa08 Thread: id = 89 os_tid = 0x9f4 Thread: id = 90 os_tid = 0x40 Thread: id = 91 os_tid = 0xb00 [0255.415] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0255.415] GetCommandLineW () returned="\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe\" " [0255.415] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0255.415] GetComputerNameA (in: lpBuffer=0x5eafcc4, nSize=0x5eafd50 | out: lpBuffer="LHNIWSJ", nSize=0x5eafd50) returned 1 [0255.415] lstrlenA (lpString="LHNIWSJ") returned 7 [0255.415] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x5eafd48 | out: phkResult=0x5eafd48*=0xac) returned 0x0 [0255.415] RegQueryValueExA (in: hKey=0xac, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0x5eafd44, lpcbData=0x5eafd50*=0x4 | out: lpType=0x0, lpData=0x5eafd44*=0x41, lpcbData=0x5eafd50*=0x4) returned 0x0 [0255.415] RegCloseKey (hKey=0xac) returned 0x0 [0255.415] wsprintfA (in: param_1=0x5eafea8, param_2="%8X" | out: param_1="98F9CE91") returned 8 [0255.416] GetTempPathA (in: nBufferLength=0x100, lpBuffer=0x5eafda8 | out: lpBuffer="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\") returned 0x25 [0255.416] lstrcatA (in: lpString1="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\", lpString2="98F9CE91" | out: lpString1="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91" [0255.416] lstrlenA (lpString="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 45 [0255.416] mbstowcs (in: _Dest=0x63985a8, _Source="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", _MaxCount=0x2e | out: _Dest="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 0x2d [0255.416] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x2e [0255.416] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91", lpDst=0x6398610, nSize=0x2e | out: lpDst="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91") returned 0x2e [0255.416] CreateFileW (lpFileName="C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\98F9CE91" (normalized: "c:\\users\\ciihmn~1\\appdata\\local\\temp\\98f9ce91"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0255.418] GetLastError () returned 0x2 [0255.428] wsprintfA (in: param_1=0x5eafeb4, param_2="%c%c%c%c" | out: param_1="Inte") returned 4 [0255.428] wsprintfA (in: param_1=0x5eafeb8, param_2="%c%c%c%c" | out: param_1="l (R") returned 4 [0255.428] wsprintfA (in: param_1=0x5eafebc, param_2="%c%c%c%c" | out: param_1=") Co") returned 4 [0255.428] wsprintfA (in: param_1=0x5eafec0, param_2="%c%c%c%c" | out: param_1="re(T") returned 4 [0255.428] wsprintfA (in: param_1=0x5eafec4, param_2="%c%c%c%c" | out: param_1="M) i") returned 4 [0255.428] wsprintfA (in: param_1=0x5eafec8, param_2="%c%c%c%c" | out: param_1="5-75") returned 4 [0255.429] wsprintfA (in: param_1=0x5eafecc, param_2="%c%c%c%c" | out: param_1="00 C") returned 4 [0255.429] wsprintfA (in: param_1=0x5eafed0, param_2="%c%c%c%c" | out: param_1="PU @") returned 4 [0255.429] wsprintfA (in: param_1=0x5eafed4, param_2="%c%c%c%c" | out: param_1=" 3.4") returned 4 [0255.429] wsprintfA (in: param_1=0x5eafed8, param_2="%c%c%c%c" | out: param_1="0GHz") returned 4 [0255.429] wsprintfA (in: param_1=0x5eafedc, param_2="%c%c%c%c" | out: param_1="") returned 4 [0255.429] wsprintfA (in: param_1=0x5eafee0, param_2="%c%c%c%c" | out: param_1="") returned 4 [0255.429] strstr (_Str="INTEL (R) CORE(TM) I5-7500 CPU @ 3.40GHZ", _SubStr="XEON") returned 0x0 [0255.429] SetupDiGetClassDevsA (ClassGuid=0x5eafe90*(Data1=0x4d36e967, Data2=0xe325, Data3=0x11ce, Data4=([0]=0xbf, [1]=0xc1, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0xe1, [6]=0x3, [7]=0x18)), Enumerator=0x0, hwndParent=0x0, Flags=0x2) returned 0x1e2258 [0255.432] SetupDiEnumDeviceInfo (in: DeviceInfoSet=0x1e2258, MemberIndex=0x0, DeviceInfoData=0x5eafea0 | out: DeviceInfoData=0x5eafea0) returned 1 [0255.432] SetupDiGetDeviceRegistryPropertyA (in: DeviceInfoSet=0x1e2258, DeviceInfoData=0x5eafea0, Property=0xc, PropertyRegDataType=0x5eafec8, PropertyBuffer=0x0, PropertyBufferSize=0x0, RequiredSize=0x5eafeec | out: PropertyRegDataType=0x5eafec8, PropertyBuffer=0x0, RequiredSize=0x5eafeec) returned 0 [0255.433] SetupDiGetDeviceRegistryPropertyA (in: DeviceInfoSet=0x1e2258, DeviceInfoData=0x5eafea0, Property=0xc, PropertyRegDataType=0x5eafec8, PropertyBuffer=0x6398618, PropertyBufferSize=0xb, RequiredSize=0x5eafeec | out: PropertyRegDataType=0x5eafec8, PropertyBuffer=0x6398618, RequiredSize=0x5eafeec) returned 1 [0255.433] StrStrIA (lpFirst="WD5000AVDS", lpSrch="vbox") returned 0x0 [0255.433] StrStrIA (lpFirst="WD5000AVDS", lpSrch="qemu") returned 0x0 [0255.433] StrStrIA (lpFirst="WD5000AVDS", lpSrch="vmware") returned 0x0 [0255.433] StrStrIA (lpFirst="WD5000AVDS", lpSrch="virtual hd") returned 0x0 [0255.433] SetupDiDestroyDeviceInfoList (DeviceInfoSet=0x1e2258) returned 1 [0255.440] GetTickCount () returned 0xe2be [0255.440] Sleep (dwMilliseconds=0x1f4) [0255.941] Sleep (dwMilliseconds=0x1f4) [0256.493] Sleep (dwMilliseconds=0x1f4) [0257.005] Sleep (dwMilliseconds=0x1f4) [0257.520] Sleep (dwMilliseconds=0x1f4) [0258.036] Sleep (dwMilliseconds=0x1f4) [0258.552] Sleep (dwMilliseconds=0x1f4) [0259.067] Sleep (dwMilliseconds=0x1f4) [0259.569] Sleep (dwMilliseconds=0x1f4) [0260.084] Sleep (dwMilliseconds=0x1f4) [0260.601] SwitchToThread () returned 1 [0260.601] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.601] SwitchToThread () returned 1 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.602] SwitchToThread () returned 0 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.602] SwitchToThread () returned 0 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.602] SwitchToThread () returned 0 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.602] SwitchToThread () returned 0 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.602] SwitchToThread () returned 0 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.602] SwitchToThread () returned 0 [0260.602] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.603] SwitchToThread () returned 0 [0260.603] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.604] SwitchToThread () returned 0 [0260.604] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.605] SwitchToThread () returned 0 [0260.605] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.606] SwitchToThread () returned 0 [0260.606] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.607] SwitchToThread () returned 0 [0260.607] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.608] SwitchToThread () returned 1 [0260.608] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.608] SwitchToThread () returned 0 [0260.608] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.608] SwitchToThread () returned 0 [0260.608] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.608] SwitchToThread () returned 0 [0260.608] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.608] SwitchToThread () returned 0 [0260.608] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.609] SwitchToThread () returned 0 [0260.609] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.610] SwitchToThread () returned 0 [0260.610] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.611] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.611] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.612] SwitchToThread () returned 0 [0260.612] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.613] SwitchToThread () returned 0 [0260.613] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.614] SwitchToThread () returned 0 [0260.614] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.615] SwitchToThread () returned 0 [0260.615] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.615] SwitchToThread () returned 0 [0260.615] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.615] SwitchToThread () returned 0 [0260.615] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.615] SwitchToThread () returned 0 [0260.615] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.615] SwitchToThread () returned 0 [0260.615] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.618] SwitchToThread () returned 1 [0260.618] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.618] SwitchToThread () returned 0 [0260.618] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.618] SwitchToThread () returned 0 [0260.618] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.619] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.619] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.620] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.620] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.621] SwitchToThread () returned 0 [0260.621] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.622] SwitchToThread () returned 0 [0260.622] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.623] SwitchToThread () returned 0 [0260.623] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.624] SwitchToThread () returned 0 [0260.624] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.625] SwitchToThread () returned 0 [0260.625] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.626] SwitchToThread () returned 0 [0260.626] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.627] SwitchToThread () returned 0 [0260.627] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.628] SwitchToThread () returned 0 [0260.628] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.629] SwitchToThread () returned 0 [0260.629] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.630] SwitchToThread () returned 0 [0260.630] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.631] SwitchToThread () returned 0 [0260.631] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.631] SwitchToThread () returned 0 [0260.631] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.631] SwitchToThread () returned 0 [0260.631] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.631] SwitchToThread () returned 0 [0260.631] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.631] SwitchToThread () returned 0 [0260.631] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.631] SwitchToThread () returned 0 [0260.631] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.632] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.632] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.633] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.633] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.634] SwitchToThread () returned 0 [0260.634] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.635] SwitchToThread () returned 0 [0260.635] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.636] SwitchToThread () returned 0 [0260.636] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.637] SwitchToThread () returned 0 [0260.637] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.637] SwitchToThread () returned 0 [0260.637] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.637] SwitchToThread () returned 0 [0260.637] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.725] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.725] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.726] SwitchToThread () returned 0 [0260.726] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.727] SwitchToThread () returned 0 [0260.727] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.728] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.728] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.729] SwitchToThread () returned 0 [0260.729] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.730] SwitchToThread () returned 0 [0260.730] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.731] SwitchToThread () returned 0 [0260.731] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.732] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.732] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.733] SwitchToThread () returned 0 [0260.733] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.734] SwitchToThread () returned 0 [0260.734] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.735] SwitchToThread () returned 0 [0260.735] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.736] SwitchToThread () returned 0 [0260.736] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.737] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.737] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.738] SwitchToThread () returned 0 [0260.738] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.739] SwitchToThread () returned 0 [0260.739] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.739] SwitchToThread () returned 0 [0260.739] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.739] SwitchToThread () returned 0 [0260.739] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.739] SwitchToThread () returned 0 [0260.739] lstrcpynA (in: lpString1=0x5eafecc, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0260.741] GetVersion () returned 0x23f00206 [0260.741] GetCurrentProcessId () returned 0x478 [0260.741] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xac [0260.741] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpszLongPath=0x0, cchBuffer=0x0 | out: lpszLongPath=0x0) returned 0x3b [0260.742] GetLongPathNameW (in: lpszShortPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpszLongPath=0x63987b8, cchBuffer=0x3b | out: lpszLongPath="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0x3a [0260.744] GetProcAddress (hModule=0x75eb0000, lpProcName="IsWow64Process") returned 0x75ec96e0 [0260.744] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x5eafee8 | out: Wow64Process=0x5eafee8) returned 1 [0260.744] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x760e0000 [0260.744] GetProcAddress (hModule=0x760e0000, lpProcName="GetWindowThreadProcessId") returned 0x760fba70 [0260.744] FindWindowA (lpClassName="ProgMan", lpWindowName=0x0) returned 0x100de [0260.744] GetWindowThreadProcessId (in: hWnd=0x100de, lpdwProcessId=0x5eafeec | out: lpdwProcessId=0x5eafeec) returned 0x664 [0260.744] NtOpenProcess (in: ProcessHandle=0x5eafee0, DesiredAccess=0x400, ObjectAttributes=0x5eafec0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x5eafed8*(UniqueProcess=0x568, UniqueThread=0x0) | out: ProcessHandle=0x5eafee0*=0x290) returned 0x0 [0260.744] NtOpenProcessToken (in: ProcessHandle=0x290, DesiredAccess=0x8, TokenHandle=0x5eafee4 | out: TokenHandle=0x5eafee4*=0x350) returned 0x0 [0260.744] NtQueryInformationToken (in: TokenHandle=0x350, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5eafef0 | out: TokenInformation=0x0, ReturnLength=0x5eafef0) returned 0xc0000023 [0260.744] NtQueryInformationToken (in: TokenHandle=0x350, TokenInformationClass=0x1, TokenInformation=0x63985a8, TokenInformationLength=0x24, ReturnLength=0x5eafef0 | out: TokenInformation=0x63985a8, ReturnLength=0x5eafef0) returned 0x0 [0260.744] NtClose (Handle=0x350) returned 0x0 [0260.744] NtClose (Handle=0x290) returned 0x0 [0260.745] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0260.745] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x63986d0, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0260.745] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0260.746] GetFileTime (in: hFile=0x290, lpCreationTime=0x5eafeac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5eafeac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0260.746] CloseHandle (hObject=0x290) returned 1 [0260.746] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0260.746] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0260.746] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 0x2111e0 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.746] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.746] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.747] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.747] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.748] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.748] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.749] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.749] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] StrChrA (lpStart="cabinet.dll", wMatch=0x2e) returned=".dll" [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.750] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.750] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.751] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.751] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] StrChrA (lpStart="Clipc.dll", wMatch=0x2e) returned=".dll" [0260.752] FindNextFileA (in: hFindFile=0x2111e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.752] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.752] FindClose (in: hFindFile=0x2111e0 | out: hFindFile=0x2111e0) returned 1 [0260.752] lstrlenA (lpString="cabilipc") returned 8 [0260.752] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0260.752] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x6398710, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0260.752] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0260.753] GetFileTime (in: hFile=0x290, lpCreationTime=0x5eafeac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5eafeac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0260.753] CloseHandle (hObject=0x290) returned 1 [0260.753] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0260.753] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0260.753] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 0x2110e0 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.753] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.753] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.754] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.754] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.755] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.755] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.756] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.756] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.756] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.756] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.756] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.756] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.756] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.756] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.756] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.756] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] StrChrA (lpStart="autoplay.dll", wMatch=0x2e) returned=".dll" [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.757] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.757] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.758] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.758] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.759] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.759] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.760] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.760] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.760] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.760] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.760] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.760] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.760] StrChrA (lpStart="clb.dll", wMatch=0x2e) returned=".dll" [0260.760] FindNextFileA (in: hFindFile=0x2110e0, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.760] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.760] FindClose (in: hFindFile=0x2110e0 | out: hFindFile=0x2110e0) returned 1 [0260.760] lstrlenA (lpString="autoclb") returned 7 [0260.760] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x20 [0260.760] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\c_1252.nls", lpDst=0x6398750, nSize=0x20 | out: lpDst="C:\\Windows\\system32\\c_1252.nls") returned 0x1f [0260.760] CreateFileA (lpFileName="C:\\Windows\\system32\\c_1252.nls" (normalized: "c:\\windows\\system32\\c_1252.nls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0260.760] GetFileTime (in: hFile=0x290, lpCreationTime=0x5eafeac, lpLastAccessTime=0x0, lpLastWriteTime=0x0 | out: lpCreationTime=0x5eafeac*(dwLowDateTime=0x9656d311, dwHighDateTime=0x1d0baff), lpLastAccessTime=0x0, lpLastWriteTime=0x0) returned 1 [0260.760] CloseHandle (hObject=0x290) returned 1 [0260.761] StrRChrA (lpStart="C:\\Windows\\system32\\c_1252.nls", lpEnd=0x0, wMatch=0x5c) returned="\\c_1252.nls" [0260.761] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\*.dll" | out: lpString1="C:\\Windows\\system32\\*.dll") returned="C:\\Windows\\system32\\*.dll" [0260.761] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\*.dll", lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 0x210e20 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.761] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.761] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] StrChrA (lpStart="adsldpc.dll", wMatch=0x2e) returned=".dll" [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.762] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.762] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.763] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.763] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.764] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.764] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.765] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.765] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.766] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.766] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.767] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.767] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.768] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.768] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.769] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.769] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned 1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.770] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.770] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.771] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.771] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.772] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.772] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.773] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.773] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] FindNextFileA (in: hFindFile=0x210e20, lpFindFileData=0x5eafd58 | out: lpFindFileData=0x5eafd58) returned 1 [0260.774] CompareFileTime (lpFileTime1=0x5eafd6c, lpFileTime2=0x5eafeac) returned -1 [0260.774] StrChrA (lpStart="ddraw.dll", wMatch=0x2e) returned=".dll" [0260.775] lstrlenA (lpString="adsldraw") returned 8 [0260.775] lstrcatW (in: lpString1="autoclb", lpString2=".exe" | out: lpString1="autoclb.exe") returned="autoclb.exe" [0260.775] wsprintfA (in: param_1=0x6398778, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0260.775] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0260.775] lstrcpyA (in: lpString1=0x6398a58, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0260.775] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0260.775] wsprintfA (in: param_1=0x6398778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0260.775] lstrlenA (lpString="Local\\") returned 6 [0260.775] lstrcpyA (in: lpString1=0x6398ab0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0260.775] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0260.775] wsprintfA (in: param_1=0x6398778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0260.775] lstrcatA (in: lpString1="", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0260.775] wsprintfA (in: param_1=0x6398778, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0260.775] lstrlenA (lpString="Local\\") returned 6 [0260.775] lstrcpyA (in: lpString1=0x6398b18, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0260.775] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0260.776] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0260.776] lstrlenA (lpString="A_SHAFinal") returned 10 [0260.776] lstrlenA (lpString="A_SHAInit") returned 9 [0260.776] lstrlenA (lpString="A_SHAUpdate") returned 11 [0260.776] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0260.776] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0260.776] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0260.776] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0260.776] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0260.776] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0260.776] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0260.776] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0260.776] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0260.776] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0260.776] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0260.776] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0260.776] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0260.776] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0260.776] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0260.776] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0260.776] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0260.776] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0260.776] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0260.776] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0260.776] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0260.776] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0260.776] lstrlenA (lpString="CsrClientCallServer") returned 19 [0260.776] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0260.776] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0260.776] lstrlenA (lpString="CsrGetProcessId") returned 15 [0260.776] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0260.776] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0260.777] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0260.777] lstrlenA (lpString="DbgBreakPoint") returned 13 [0260.777] lstrlenA (lpString="DbgPrint") returned 8 [0260.777] lstrlenA (lpString="DbgPrintEx") returned 10 [0260.777] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0260.777] lstrlenA (lpString="DbgPrompt") returned 9 [0260.777] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0260.777] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0260.777] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0260.777] lstrlenA (lpString="DbgUiContinue") returned 13 [0260.777] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0260.777] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0260.777] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0260.777] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0260.777] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0260.777] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0260.777] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0260.777] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0260.777] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0260.777] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0260.777] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0260.777] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0260.777] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0260.777] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0260.777] lstrlenA (lpString="EtwEventEnabled") returned 15 [0260.777] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0260.777] lstrlenA (lpString="EtwEventRegister") returned 16 [0260.777] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0260.777] lstrlenA (lpString="EtwEventUnregister") returned 18 [0260.777] lstrlenA (lpString="EtwEventWrite") returned 13 [0260.777] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0260.777] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0260.777] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0260.777] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0260.777] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0260.778] lstrlenA (lpString="EtwEventWriteString") returned 19 [0260.778] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0260.778] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0260.778] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0260.778] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0260.778] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0260.778] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0260.778] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0260.778] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0260.778] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0260.778] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0260.778] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0260.778] lstrlenA (lpString="EtwReplyNotification") returned 20 [0260.778] lstrlenA (lpString="EtwSendNotification") returned 19 [0260.778] lstrlenA (lpString="EtwSetMark") returned 10 [0260.778] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0260.778] lstrlenA (lpString="EtwTraceMessage") returned 15 [0260.778] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0260.778] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0260.778] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0260.778] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0260.778] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0260.778] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0260.778] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0260.778] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0260.778] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0260.778] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0260.778] lstrlenA (lpString="KiFastSystemCall") returned 16 [0260.779] lstrlenA (lpString="KiFastSystemCallRet") returned 19 [0260.779] lstrlenA (lpString="KiIntSystemCall") returned 15 [0260.779] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0260.779] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0260.779] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0260.779] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0260.779] lstrlenA (lpString="LdrAccessResource") returned 17 [0260.779] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0260.779] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0260.779] lstrlenA (lpString="LdrAddRefDll") returned 12 [0260.779] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0260.779] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0260.779] lstrlenA (lpString="LdrEnumResources") returned 16 [0260.779] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0260.779] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0260.779] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0260.779] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0260.779] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0260.779] lstrlenA (lpString="LdrFindResource_U") returned 17 [0260.779] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0260.779] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0260.779] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0260.779] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0260.779] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0260.779] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0260.779] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0260.779] lstrlenA (lpString="LdrGetDllPath") returned 13 [0260.780] lstrlenA (lpString="LdrGetFailureData") returned 17 [0260.780] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0260.780] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0260.780] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0260.780] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0260.780] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0260.780] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0260.780] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0260.780] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0260.780] lstrlenA (lpString="LdrLoadDll") returned 10 [0260.780] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0260.780] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0260.780] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0260.780] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0260.780] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0260.780] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0260.780] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0260.780] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0260.780] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0260.780] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0260.780] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0260.780] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0260.780] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0260.780] lstrlenA (lpString="LdrResFindResource") returned 18 [0260.780] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0260.780] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0260.780] lstrlenA (lpString="LdrResRelease") returned 13 [0260.780] lstrlenA (lpString="LdrResSearchResource") returned 20 [0260.780] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0260.780] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0260.780] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0260.780] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0260.781] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0260.781] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0260.781] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0260.781] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0260.781] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0260.781] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0260.781] lstrlenA (lpString="LdrShutdownThread") returned 17 [0260.781] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0260.781] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0260.781] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0260.781] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0260.781] lstrlenA (lpString="LdrUnloadDll") returned 12 [0260.781] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0260.781] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0260.781] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0260.781] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0260.781] lstrlenA (lpString="LdrWx86FormatVirtualImage") returned 25 [0260.781] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0260.781] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0260.781] lstrlenA (lpString="MD4Final") returned 8 [0260.781] lstrlenA (lpString="MD4Init") returned 7 [0260.781] lstrlenA (lpString="MD4Update") returned 9 [0260.781] lstrlenA (lpString="MD5Final") returned 8 [0260.781] lstrlenA (lpString="MD5Init") returned 7 [0260.781] lstrlenA (lpString="MD5Update") returned 9 [0260.781] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0260.781] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0260.781] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0260.781] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0260.782] lstrlenA (lpString="NtAccessCheck") returned 13 [0260.782] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0260.782] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0260.782] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0260.782] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0260.782] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0260.782] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0260.782] lstrlenA (lpString="NtAddAtom") returned 9 [0260.782] lstrlenA (lpString="NtAddAtomEx") returned 11 [0260.782] lstrlenA (lpString="NtAddBootEntry") returned 14 [0260.782] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0260.782] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0260.782] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0260.782] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0260.782] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0260.782] lstrlenA (lpString="NtAlertThread") returned 13 [0260.782] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0260.782] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0260.782] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0260.782] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0260.782] lstrlenA (lpString="NtAllocateUuids") returned 15 [0260.782] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0260.782] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0260.782] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0260.782] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0260.782] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0260.782] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0260.782] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0260.782] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0260.782] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0260.782] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0260.782] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0260.782] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0260.782] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0260.782] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0260.782] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0260.782] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0260.782] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0260.782] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0260.783] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0260.783] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0260.783] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0260.783] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0260.783] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0260.783] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0260.783] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0260.783] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0260.783] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0260.783] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0260.783] lstrlenA (lpString="NtCallbackReturn") returned 16 [0260.783] lstrlenA (lpString="NtCancelIoFile") returned 14 [0260.783] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0260.783] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0260.783] lstrlenA (lpString="NtCancelTimer") returned 13 [0260.783] lstrlenA (lpString="NtCancelTimer2") returned 14 [0260.783] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0260.783] lstrlenA (lpString="NtClearEvent") returned 12 [0260.783] lstrlenA (lpString="NtClose") returned 7 [0260.783] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0260.783] lstrlenA (lpString="NtCommitComplete") returned 16 [0260.783] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0260.783] lstrlenA (lpString="NtCommitTransaction") returned 19 [0260.783] lstrlenA (lpString="NtCompactKeys") returned 13 [0260.783] lstrlenA (lpString="NtCompareObjects") returned 16 [0260.783] lstrlenA (lpString="NtCompareTokens") returned 15 [0260.783] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0260.783] lstrlenA (lpString="NtCompressKey") returned 13 [0260.789] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0xf013f, phkResult=0x5eafee4 | out: phkResult=0x5eafee4*=0x290) returned 0x0 [0260.789] lstrlenW (lpString="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 58 [0260.789] RegQueryValueExW (in: hKey=0x290, lpValueName="cabilipc", lpReserved=0x0, lpType=0x5eafedc, lpData=0x6398bd0, lpcbData=0x5eafee8*=0x76 | out: lpType=0x5eafedc*=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpcbData=0x5eafee8*=0x76) returned 0x0 [0260.789] lstrcmpiW (lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0 [0260.789] RegCloseKey (hKey=0x290) returned 0x0 [0260.790] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0260.793] CreateEventA (lpEventAttributes=0x5eaff1c, bManualReset=1, bInitialState=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x508 [0260.794] GetLastError () returned 0x0 [0260.794] CloseHandle (hObject=0x508) returned 1 [0260.794] RegOpenKeyExA (in: hKey=0x80000003, lpSubKey=0x0, ulOptions=0x0, samDesired=0x20119, phkResult=0x5eafed0 | out: phkResult=0x5eafed0*=0x508) returned 0x0 [0260.794] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x0, lpName=0x6398b50, lpcchName=0x5eafee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName=".DEFAULT", lpcchName=0x5eafee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0260.794] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0x0) returned 0x102 [0260.794] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x1, lpName=0x6398b50, lpcchName=0x5eafee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-19", lpcchName=0x5eafee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0260.794] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0x0) returned 0x102 [0260.794] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x2, lpName=0x6398b50, lpcchName=0x5eafee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-20", lpcchName=0x5eafee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0260.794] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0x0) returned 0x102 [0260.794] RegEnumKeyExA (in: hKey=0x508, dwIndex=0x3, lpName=0x6398b50, lpcchName=0x5eafee4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="S-1-5-21-1462094071-1423818996-289466292-1000", lpcchName=0x5eafee4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0260.794] StrChrA (lpStart="S-1-5-21-1462094071-1423818996-289466292-1000", wMatch=0x5f) returned 0x0 [0260.794] lstrcpyA (in: lpString1=0x5eafd54, lpString2="S-1-5-21-1462094071-1423818996-289466292-1000" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000") returned="S-1-5-21-1462094071-1423818996-289466292-1000" [0260.794] lstrcatA (in: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000", lpString2="\\Software\\Microsoft\\Windows\\CurrentVersion" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion") returned="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion" [0260.794] lstrcatA (in: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion", lpString2="\\Explorer\\Shell Folders" | out: lpString1="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders") returned="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders" [0260.794] RegOpenKeyA (in: hKey=0x508, lpSubKey="S-1-5-21-1462094071-1423818996-289466292-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", phkResult=0x5eafe90 | out: phkResult=0x5eafe90*=0x50c) returned 0x0 [0260.794] RegQueryValueExW (in: hKey=0x50c, lpValueName="AppData", lpReserved=0x0, lpType=0x5eafe8c, lpData=0x0, lpcbData=0x5eafe98*=0xfffffffe | out: lpType=0x5eafe8c*=0x1, lpData=0x0, lpcbData=0x5eafe98*=0x4c) returned 0x0 [0260.794] lstrlenW (lpString="autoclb.exe") returned 11 [0260.794] RegQueryValueExW (in: hKey=0x50c, lpValueName="AppData", lpReserved=0x0, lpType=0x5eafe8c, lpData=0x6398c60, lpcbData=0x5eafe98*=0x4c | out: lpType=0x5eafe8c*=0x1, lpData="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", lpcbData=0x5eafe98*=0x4c) returned 0x0 [0260.794] PathCombineW (in: pszDest=0x6398c60, pszDir="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", pszFile="adsldraw" | out: pszDest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw" [0260.795] CreateDirectoryW (lpPathName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw"), lpSecurityAttributes=0x0) returned 0 [0260.795] PathCombineW (in: pszDest=0x6398c60, pszDir="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw", pszFile="autoclb.exe" | out: pszDest="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" [0260.795] lstrcmpiW (lpString1="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpString2="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned 0 [0260.795] RegCloseKey (hKey=0x50c) returned 0x0 [0260.795] RegCloseKey (hKey=0x508) returned 0x0 [0260.795] StrChrW (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe\" ", wMatch=0x22) returned="\" " [0260.795] StrChrW (lpStart="\" ", wMatch=0x20) returned=" " [0260.795] lstrlenW (lpString=" ") returned 1 [0260.795] StrTrimW (in: psz=" ", pszTrimChars=" \x09\"" | out: psz="") returned 1 [0260.808] RtlUpcaseUnicodeString (DestinationString="\xf88b\xff81\x04\xc000\xce74\x5eb\x9abf", SourceString="System", AllocateDestinationString=1) returned 0x0 [0260.808] RtlFreeAnsiString (AnsiString="S") [0260.808] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="smss.exe", AllocateDestinationString=1) returned 0x0 [0260.808] RtlFreeAnsiString (AnsiString="S") [0260.808] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0260.808] RtlFreeAnsiString (AnsiString="C") [0260.808] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="wininit.exe", AllocateDestinationString=1) returned 0x0 [0260.808] RtlFreeAnsiString (AnsiString="W") [0260.808] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="C") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="winlogon.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="W") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="services.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="lsass.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="L") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="dwm.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="D") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="spoolsv.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="OfficeClickToRun.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="O") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="sihost.exe", AllocateDestinationString=1) returned 0x0 [0260.809] RtlFreeAnsiString (AnsiString="S") [0260.809] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="taskhostw.exe", AllocateDestinationString=1) returned 0x0 [0260.810] RtlFreeAnsiString (AnsiString="T") [0260.810] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="explorer.exe", AllocateDestinationString=1) returned 0x0 [0260.810] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x760e0000 [0260.810] GetProcAddress (hModule=0x760e0000, lpProcName="GetWindowThreadProcessId") returned 0x760fba70 [0260.810] FindWindowA (lpClassName="ProgMan", lpWindowName=0x0) returned 0x100de [0260.810] GetWindowThreadProcessId (in: hWnd=0x100de, lpdwProcessId=0x5eafeb4 | out: lpdwProcessId=0x5eafeb4) returned 0x664 [0260.810] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x568) returned 0x508 [0260.810] IsWow64Process (in: hProcess=0x508, Wow64Process=0x5eafe80 | out: Wow64Process=0x5eafe80) returned 1 [0260.811] CloseHandle (hObject=0x508) returned 1 [0260.811] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\svchost.exe", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x21 [0260.811] ExpandEnvironmentStringsA (in: lpSrc="%systemroot%\\system32\\svchost.exe", lpDst=0x6398ae8, nSize=0x21 | out: lpDst="C:\\Windows\\system32\\svchost.exe") returned 0x20 [0260.811] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x75eb0000 [0260.811] GetProcAddress (hModule=0x75eb0000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x75eeb6a0 [0260.811] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 1 [0260.811] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x5eafe58*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5eafea0 | out: lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessInformation=0x5eafea0*(hProcess=0x50c, hThread=0x508, dwProcessId=0xaf4, dwThreadId=0xa14)) returned 1 [0260.819] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 1 [0260.819] IsWow64Process (in: hProcess=0x50c, Wow64Process=0x5eafb38 | out: Wow64Process=0x5eafb38) returned 1 [0260.819] RtlGetVersion (in: lpVersionInformation=0x5eaf518 | out: lpVersionInformation=0x5eaf518*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x2800, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0260.819] GetCurrentProcessId () returned 0x478 [0260.819] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x478) returned 0x514 [0260.820] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0260.820] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0260.820] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0260.821] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0260.821] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64ReadVirtualMemory64") returned 0x7779a860 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x7ffdf000, Buffer=0x0, BufferSize=0x6313cc0, NumberOfBytesRead=0x28 | out: Buffer=0x0, NumberOfBytesRead=0x28) returned 0x0 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1fa461c0, Buffer=0x7fff, BufferSize=0x6313ce8, NumberOfBytesRead=0x40 | out: Buffer=0x7fff, NumberOfBytesRead=0x40) returned 0x0 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1cf0, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1b70, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2190, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2470, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.821] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2640, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.821] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x2830000 [0260.821] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0260.822] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0260.822] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x7ffdf000, Buffer=0x0, BufferSize=0x6313cc0, NumberOfBytesRead=0x28 | out: Buffer=0x0, NumberOfBytesRead=0x28) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1fa461c0, Buffer=0x7fff, BufferSize=0x6313ce8, NumberOfBytesRead=0x40 | out: Buffer=0x7fff, NumberOfBytesRead=0x40) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1cf0, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e18d8, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x74 | out: Buffer=0x0, NumberOfBytesRead=0x74) returned 0x0 [0260.822] StrRChrA (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1b70, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1a70, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0260.822] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2190, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2310, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0260.822] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2470, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e25f0, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0260.822] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2640, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0260.822] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2110, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0260.822] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0260.822] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0260.823] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0260.823] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0260.823] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0260.823] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0260.823] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0260.823] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.823] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.823] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.824] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.825] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.826] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.827] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.828] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.829] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.830] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.831] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.832] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.833] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.834] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.835] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.836] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.837] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.838] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.839] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.840] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.841] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.842] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.843] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.843] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.843] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.843] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.843] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.844] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.844] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.844] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.844] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.844] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.844] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.845] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.846] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.847] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.848] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.848] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.848] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.848] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.849] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.849] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.849] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.850] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.851] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.852] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.853] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.853] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.853] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e3000, Buffer=0x7fff, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.853] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e4000, Buffer=0x7fff, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0260.853] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e5000, Buffer=0x7fff, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.029] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwGetContextThread") returned -1 [0261.029] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgPrint", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwGetContextThread") returned -1 [0261.030] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwGetContextThread") returned -1 [0261.031] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwGetContextThread") returned -1 [0261.032] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwGetContextThread") returned -1 [0261.033] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="MD4Final", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="MD4Init", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="MD4Update", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="MD5Final", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="MD5Init", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="MD5Update", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwGetContextThread") returned -1 [0261.034] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwGetContextThread") returned -1 [0261.035] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtClose", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwGetContextThread") returned -1 [0261.036] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwGetContextThread") returned -1 [0261.037] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwGetContextThread") returned -1 [0261.037] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwGetContextThread") returned -1 [0261.037] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwGetContextThread") returned -1 [0261.037] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwGetContextThread") returned -1 [0261.037] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.046] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.046] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.047] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0261.047] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x2830000 [0261.047] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.047] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.047] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0261.048] StrRChrA (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1b70, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1a70, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0261.048] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2190, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2310, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0261.048] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2470, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e25f0, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0261.048] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2640, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.048] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2110, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0261.048] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0261.048] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0261.048] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0261.048] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0261.048] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0261.048] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.049] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0261.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.049] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.050] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.051] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.052] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.053] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.054] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.055] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.056] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.057] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.058] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.059] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.060] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.061] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.062] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.063] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.064] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.065] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.066] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.067] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.069] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.070] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.071] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.072] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.073] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.074] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.075] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e3000, Buffer=0x7fff, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e4000, Buffer=0x7fff, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e5000, Buffer=0x7fff, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e6000, Buffer=0x7fff, BufferSize=0x6496000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.076] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e7000, Buffer=0x7fff, BufferSize=0x6497000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e8000, Buffer=0x7fff, BufferSize=0x6498000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e9000, Buffer=0x7fff, BufferSize=0x6499000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ea000, Buffer=0x7fff, BufferSize=0x649a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9eb000, Buffer=0x7fff, BufferSize=0x649b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ec000, Buffer=0x7fff, BufferSize=0x649c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ed000, Buffer=0x7fff, BufferSize=0x649d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ee000, Buffer=0x7fff, BufferSize=0x649e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ef000, Buffer=0x7fff, BufferSize=0x649f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.077] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f0000, Buffer=0x7fff, BufferSize=0x64a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.089] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwSetContextThread") returned -1 [0261.089] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgPrint", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwSetContextThread") returned -1 [0261.090] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwSetContextThread") returned -1 [0261.091] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwSetContextThread") returned -1 [0261.092] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="MD4Final", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="MD4Init", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="MD4Update", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="MD5Final", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="MD5Init", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="MD5Update", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwSetContextThread") returned -1 [0261.093] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwSetContextThread") returned -1 [0261.094] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtClose", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwSetContextThread") returned -1 [0261.095] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwSetContextThread") returned -1 [0261.095] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.103] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.104] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.104] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0261.104] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x2830000 [0261.104] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.104] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.104] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0261.104] StrRChrA (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0261.104] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0261.105] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0261.105] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0261.105] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0261.105] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0261.105] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0261.105] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0261.105] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0261.105] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.105] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0261.105] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.105] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.105] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.106] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.107] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.108] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.109] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.110] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.111] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.112] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.113] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.114] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.115] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.116] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.117] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.118] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.119] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.120] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.121] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.122] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.123] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.124] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.125] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.126] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.127] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e3000, Buffer=0x7fff, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e4000, Buffer=0x7fff, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e5000, Buffer=0x7fff, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e6000, Buffer=0x7fff, BufferSize=0x6496000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.128] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e7000, Buffer=0x7fff, BufferSize=0x6497000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e8000, Buffer=0x7fff, BufferSize=0x6498000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e9000, Buffer=0x7fff, BufferSize=0x6499000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ea000, Buffer=0x7fff, BufferSize=0x649a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9eb000, Buffer=0x7fff, BufferSize=0x649b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ec000, Buffer=0x7fff, BufferSize=0x649c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ed000, Buffer=0x7fff, BufferSize=0x649d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ee000, Buffer=0x7fff, BufferSize=0x649e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ef000, Buffer=0x7fff, BufferSize=0x649f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f0000, Buffer=0x7fff, BufferSize=0x64a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f1000, Buffer=0x7fff, BufferSize=0x64a1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.129] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f2000, Buffer=0x7fff, BufferSize=0x64a2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.130] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f3000, Buffer=0x7fff, BufferSize=0x64a3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.130] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f4000, Buffer=0x7fff, BufferSize=0x64a4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.130] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f5000, Buffer=0x7fff, BufferSize=0x64a5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.130] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f6000, Buffer=0x7fff, BufferSize=0x64a6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.130] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f7000, Buffer=0x7fff, BufferSize=0x64a7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.130] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f8000, Buffer=0x7fff, BufferSize=0x64a8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.142] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.142] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgPrint", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0261.143] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwProtectVirtualMemory") returned -1 [0261.144] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwProtectVirtualMemory") returned -1 [0261.145] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwProtectVirtualMemory") returned -1 [0261.146] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="MD4Final", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="MD4Init", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="MD4Update", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="MD5Final", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="MD5Init", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="MD5Update", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.147] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.148] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtClose", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.149] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.159] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.159] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.159] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0261.160] VirtualAlloc (lpAddress=0x0, dwSize=0x5a4, flAllocationType=0x3000, flProtect=0x4) returned 0x2830000 [0261.160] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.160] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.160] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x514, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf414, ProcessInformationLength=0x30, ReturnLength=0x5eaf468 | out: ProcessInformation64=0x5eaf414, ReturnLength=0x5eaf468) returned 0x0 [0261.161] StrRChrA (lpStart="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpEnd=0x0, wMatch=0x5c) returned="\\autoclb.exe" [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1b70, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e1a70, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0261.161] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2190, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2310, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0x0, NumberOfBytesRead=0x3a) returned 0x0 [0261.161] StrRChrA (lpStart="C:\\Windows\\system32\\wow64.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64.dll" [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2470, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e25f0, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0261.161] StrRChrA (lpStart="C:\\Windows\\system32\\wow64win.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64win.dll" [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2640, Buffer=0x0, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0x0, NumberOfBytesRead=0x98) returned 0x0 [0261.161] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x2e2110, Buffer=0x0, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0x0, NumberOfBytesRead=0x40) returned 0x0 [0261.161] StrRChrA (lpStart="C:\\Windows\\system32\\wow64cpu.dll", lpEnd=0x0, wMatch=0x5c) returned="\\wow64cpu.dll" [0261.161] lstrcmpiA (lpString1="autoclb.exe", lpString2="NTDLL.DLL") returned -1 [0261.161] StrChrA (lpStart="autoclb.exe", wMatch=0x2e) returned=".exe" [0261.161] lstrcmpiA (lpString1="autoclb", lpString2="NTDLL.DLL") returned -1 [0261.161] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0261.161] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.162] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0261.162] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.162] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.163] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.164] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.165] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.166] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.167] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.169] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.170] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.171] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.172] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.173] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.174] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.175] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.176] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.177] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.178] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.179] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.180] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.181] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.182] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.182] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.182] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.182] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.182] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.183] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.184] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.185] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.186] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.187] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e3000, Buffer=0x7fff, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.188] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e4000, Buffer=0x7fff, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e5000, Buffer=0x7fff, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e6000, Buffer=0x7fff, BufferSize=0x6496000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e7000, Buffer=0x7fff, BufferSize=0x6497000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e8000, Buffer=0x7fff, BufferSize=0x6498000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9e9000, Buffer=0x7fff, BufferSize=0x6499000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ea000, Buffer=0x7fff, BufferSize=0x649a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9eb000, Buffer=0x7fff, BufferSize=0x649b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ec000, Buffer=0x7fff, BufferSize=0x649c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.189] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ed000, Buffer=0x7fff, BufferSize=0x649d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.190] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ee000, Buffer=0x7fff, BufferSize=0x649e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.190] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9ef000, Buffer=0x7fff, BufferSize=0x649f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.190] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x514, BaseAddress=0x1f9f0000, Buffer=0x7fff, BufferSize=0x64a0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.201] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwWriteVirtualMemory") returned -1 [0261.201] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwWriteVirtualMemory") returned -1 [0261.202] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgPrint", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwWriteVirtualMemory") returned -1 [0261.203] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0261.204] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwWriteVirtualMemory") returned -1 [0261.205] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.206] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="MD4Final", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="MD4Init", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="MD4Update", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="MD5Final", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="MD5Init", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="MD5Update", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.207] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwWriteVirtualMemory") returned -1 [0261.208] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtClose", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwWriteVirtualMemory") returned -1 [0261.209] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.217] CloseHandle (hObject=0x514) returned 1 [0261.218] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.219] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.219] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf5a0, ProcessInformationLength=0x30, ReturnLength=0x5eaf614 | out: ProcessInformation64=0x5eaf5a0, ReturnLength=0x5eaf614) returned 0x0 [0261.219] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe2ebf000, Buffer=0x7ff6, BufferSize=0x5eaf5d0, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0261.219] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe3230000, Buffer=0x7ff6, BufferSize=0x6313ab8, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff6, NumberOfBytesRead=0x1000) returned 0x0 [0261.219] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe32300e8, Buffer=0x7ff6, BufferSize=0x6313ab8, NumberOfBytesRead=0x1000 | out: Buffer=0x7ff6, NumberOfBytesRead=0x1000) returned 0x0 [0261.220] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe3233440, Buffer=0x7ff6, BufferSize=0x5eaf658, NumberOfBytesRead=0x4 | out: Buffer=0x7ff6, NumberOfBytesRead=0x4) returned 0x0 [0261.220] NtProtectVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5eaf5f0*=0x7ff6e3233440, NumberOfBytesToProtect=0x5eaf5f8, NewAccessProtection=0x40, OldAccessProtection=0x5eaf5e8 | out: BaseAddress=0x5eaf5f0*=0x7ff6e3233000, NumberOfBytesToProtect=0x5eaf5f8, OldAccessProtection=0x5eaf5e8*=0x20) returned 0x0 [0261.221] NtWriteVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x7ff6e3233440, Buffer=0x5eaf65c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x5eaf5e0 | out: Buffer=0x5eaf65c*, NumberOfBytesWritten=0x5eaf5e0*=0x4) returned 0x0 [0261.221] NtProtectVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5eaf5f0*=0x7ff6e3233000, NumberOfBytesToProtect=0x5eaf5f8, NewAccessProtection=0x20, OldAccessProtection=0x5eaf5e8 | out: BaseAddress=0x5eaf5f0*=0x7ff6e3233000, NumberOfBytesToProtect=0x5eaf5f8, OldAccessProtection=0x5eaf5e8*=0x40) returned 0x0 [0261.221] ResumeThread (hThread=0x508) returned 0x1 [0261.222] Sleep (dwMilliseconds=0x64) [0261.323] SuspendThread (hThread=0x508) returned 0x0 [0261.323] NtGetContextThread (in: ThreadHandle=0x508, Context=0x5eaf660 | out: Context=0x5eaf660*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x100003, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x47, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x88, [65]=0x66, [66]=0x64, [67]=0xdc, [68]=0xfe, [69]=0xf, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0xf0, [74]=0xeb, [75]=0xe2, [76]=0xf6, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x40000000, SegFs=0xe3233440, SegEs=0x7ff6, SegDs=0x9e6dfc38, Edi=0xba, Esi=0x0, Ebx=0x0, Edx=0xe2ebf000, Ecx=0x7ff6, Eax=0xe2ebf000, Ebp=0x7ff6, Eip=0xe2ebf000, SegCs=0x7ff6, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x40, [45]=0x34, [46]=0x23, [47]=0xe3, [48]=0xf6, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0261.323] NtCreateSection (in: SectionHandle=0x5eaf5fc, DesiredAccess=0xf001f, ObjectAttributes=0x5eaf5c0*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x5eaf5d8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x5eaf5fc*=0x514) returned 0x0 [0261.323] NtMapViewOfSection (in: SectionHandle=0x514, ProcessHandle=0xffffffff, BaseAddress=0x5eaf5e4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x5eaf590*=0, ViewSize=0x5eaf598*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x5eaf5e4*=0x2830000, SectionOffset=0x5eaf590*=0, ViewSize=0x5eaf598*=0x133000) returned 0x0 [0261.324] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0261.330] NtMapViewOfSection (in: SectionHandle=0x514, ProcessHandle=0x50c, BaseAddress=0x5eaf628*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x5eaf5e0*=0, ViewSize=0x5eaf5e8*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x5eaf628*=0x620000, SectionOffset=0x5eaf5e0*=0, ViewSize=0x5eaf5e8*=0x133000) returned 0x0 [0261.330] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0261.331] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.331] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.331] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf4f4, ProcessInformationLength=0x30, ReturnLength=0x5eaf548 | out: ProcessInformation64=0x5eaf4f4, ReturnLength=0x5eaf548) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe2ebf000, Buffer=0x7ff6, BufferSize=0x6313cc0, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1fa461c0, Buffer=0x7fff, BufferSize=0x6313ce8, NumberOfBytesRead=0x40 | out: Buffer=0x7fff, NumberOfBytesRead=0x40) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9034e0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903350, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903990, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903e90, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905200, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.332] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9054b0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.332] VirtualAlloc (lpAddress=0x0, dwSize=0x6c4, flAllocationType=0x3000, flProtect=0x4) returned 0x5b60000 [0261.333] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.333] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.333] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf4f4, ProcessInformationLength=0x30, ReturnLength=0x5eaf548 | out: ProcessInformation64=0x5eaf4f4, ReturnLength=0x5eaf548) returned 0x0 [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe2ebf000, Buffer=0x7ff6, BufferSize=0x6313cc0, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1fa461c0, Buffer=0x7fff, BufferSize=0x6313ce8, NumberOfBytesRead=0x40 | out: Buffer=0x7fff, NumberOfBytesRead=0x40) returned 0x0 [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9034e0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903148, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3e | out: Buffer=0xba, NumberOfBytesRead=0x3e) returned 0x0 [0261.333] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903350, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903240, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0xba, NumberOfBytesRead=0x3a) returned 0x0 [0261.333] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903990, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.333] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903b20, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0xba, NumberOfBytesRead=0x40) returned 0x0 [0261.334] StrRChrA (lpStart="C:\\Windows\\system32\\KERNEL32.DLL", lpEnd=0x0, wMatch=0x5c) returned="\\KERNEL32.DLL" [0261.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903e90, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e904020, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x44 | out: Buffer=0xba, NumberOfBytesRead=0x44) returned 0x0 [0261.334] StrRChrA (lpStart="C:\\Windows\\system32\\KERNELBASE.dll", lpEnd=0x0, wMatch=0x5c) returned="\\KERNELBASE.dll" [0261.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905200, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903920, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3e | out: Buffer=0xba, NumberOfBytesRead=0x3e) returned 0x0 [0261.334] StrRChrA (lpStart="C:\\Windows\\system32\\sechost.dll", lpEnd=0x0, wMatch=0x5c) returned="\\sechost.dll" [0261.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9054b0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.334] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905640, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3c | out: Buffer=0xba, NumberOfBytesRead=0x3c) returned 0x0 [0261.334] StrRChrA (lpStart="C:\\Windows\\system32\\RPCRT4.dll", lpEnd=0x0, wMatch=0x5c) returned="\\RPCRT4.dll" [0261.334] lstrcmpiA (lpString1="svchost.exe", lpString2="NTDLL.DLL") returned 1 [0261.334] StrChrA (lpStart="svchost.exe", wMatch=0x2e) returned=".exe" [0261.334] lstrcmpiA (lpString1="svchost", lpString2="NTDLL.DLL") returned 1 [0261.334] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0261.334] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.334] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0261.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.335] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.336] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.337] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.359] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.360] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.361] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.362] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.363] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.364] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.365] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.366] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.366] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.366] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.366] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.366] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.367] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.367] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.367] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.367] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.367] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.367] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.368] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.368] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.368] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.368] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.368] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.369] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.369] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.369] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.369] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.369] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.370] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.370] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.370] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.370] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.371] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.371] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.371] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.371] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.371] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.372] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.373] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.374] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.375] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.376] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.377] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.378] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.378] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.378] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.378] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.378] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.379] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.380] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.380] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.380] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.380] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.380] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.381] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.381] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.381] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.381] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.381] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.382] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.383] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.383] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.383] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.383] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.383] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.383] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.384] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.384] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.384] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.384] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.384] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.384] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.385] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.386] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.387] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.387] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.387] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.387] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.387] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.388] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.388] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.388] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.388] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.388] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.388] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.389] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.390] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.390] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.390] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.390] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.390] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.390] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.391] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.391] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.391] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.391] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.391] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.392] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.392] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.392] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.392] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.393] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.393] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.393] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.393] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.393] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.393] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.395] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.395] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.395] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.395] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.419] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrLoadDll") returned -1 [0261.419] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgPrint", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrLoadDll") returned -1 [0261.420] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0261.421] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="LdrLoadDll") returned -1 [0261.422] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="LdrLoadDll") returned -1 [0261.423] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="LdrLoadDll") returned -1 [0261.423] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="LdrLoadDll") returned -1 [0261.423] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="LdrLoadDll") returned -1 [0261.423] lstrcmpA (lpString1="LdrLoadDll", lpString2="LdrLoadDll") returned 0 [0261.423] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.431] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.431] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.431] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf4f4, ProcessInformationLength=0x30, ReturnLength=0x5eaf548 | out: ProcessInformation64=0x5eaf4f4, ReturnLength=0x5eaf548) returned 0x0 [0261.431] VirtualAlloc (lpAddress=0x0, dwSize=0x6c4, flAllocationType=0x3000, flProtect=0x4) returned 0x5b60000 [0261.432] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.432] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.432] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf4f4, ProcessInformationLength=0x30, ReturnLength=0x5eaf548 | out: ProcessInformation64=0x5eaf4f4, ReturnLength=0x5eaf548) returned 0x0 [0261.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe2ebf000, Buffer=0x7ff6, BufferSize=0x6313cc0, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0261.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1fa461c0, Buffer=0x7fff, BufferSize=0x6313ce8, NumberOfBytesRead=0x40 | out: Buffer=0x7fff, NumberOfBytesRead=0x40) returned 0x0 [0261.432] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9034e0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903148, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3e | out: Buffer=0xba, NumberOfBytesRead=0x3e) returned 0x0 [0261.433] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903350, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903240, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0xba, NumberOfBytesRead=0x3a) returned 0x0 [0261.433] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903990, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903b20, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0xba, NumberOfBytesRead=0x40) returned 0x0 [0261.433] StrRChrA (lpStart="C:\\Windows\\system32\\KERNEL32.DLL", lpEnd=0x0, wMatch=0x5c) returned="\\KERNEL32.DLL" [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903e90, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e904020, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x44 | out: Buffer=0xba, NumberOfBytesRead=0x44) returned 0x0 [0261.433] StrRChrA (lpStart="C:\\Windows\\system32\\KERNELBASE.dll", lpEnd=0x0, wMatch=0x5c) returned="\\KERNELBASE.dll" [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905200, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903920, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3e | out: Buffer=0xba, NumberOfBytesRead=0x3e) returned 0x0 [0261.433] StrRChrA (lpStart="C:\\Windows\\system32\\sechost.dll", lpEnd=0x0, wMatch=0x5c) returned="\\sechost.dll" [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9054b0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.433] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905640, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3c | out: Buffer=0xba, NumberOfBytesRead=0x3c) returned 0x0 [0261.434] StrRChrA (lpStart="C:\\Windows\\system32\\RPCRT4.dll", lpEnd=0x0, wMatch=0x5c) returned="\\RPCRT4.dll" [0261.434] lstrcmpiA (lpString1="svchost.exe", lpString2="NTDLL.DLL") returned 1 [0261.434] StrChrA (lpStart="svchost.exe", wMatch=0x2e) returned=".exe" [0261.434] lstrcmpiA (lpString1="svchost", lpString2="NTDLL.DLL") returned 1 [0261.434] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0261.434] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.434] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0261.434] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.435] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.436] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.436] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.436] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.436] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.436] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.436] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.437] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.438] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.438] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.438] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.438] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.438] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.439] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.440] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.440] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.440] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.440] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.440] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.441] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.442] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.442] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.442] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.442] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.442] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.442] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.443] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.444] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.444] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.444] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.444] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.444] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.444] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.445] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.446] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.446] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.446] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.446] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.446] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.446] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.447] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.448] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.449] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.450] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.451] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.452] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.453] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.454] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.454] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.454] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.454] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.454] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.454] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.455] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.456] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.457] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.458] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.459] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.459] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.459] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.459] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.459] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.459] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.460] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.461] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.462] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.463] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.464] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.464] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.464] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.464] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.464] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.464] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.465] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.466] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e3000, Buffer=0x7fff, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e4000, Buffer=0x7fff, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e5000, Buffer=0x7fff, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.467] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e6000, Buffer=0x7fff, BufferSize=0x6496000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.468] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e7000, Buffer=0x7fff, BufferSize=0x6497000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.468] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e8000, Buffer=0x7fff, BufferSize=0x6498000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.468] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e9000, Buffer=0x7fff, BufferSize=0x6499000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.468] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ea000, Buffer=0x7fff, BufferSize=0x649a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.489] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrGetProcedureAddress") returned -1 [0261.489] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgPrint", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrGetProcedureAddress") returned -1 [0261.490] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0261.491] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="LdrGetProcedureAddress") returned -1 [0261.492] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrGetProcedureAddress") returned 0 [0261.492] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.503] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.503] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.503] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf4f4, ProcessInformationLength=0x30, ReturnLength=0x5eaf548 | out: ProcessInformation64=0x5eaf4f4, ReturnLength=0x5eaf548) returned 0x0 [0261.503] VirtualAlloc (lpAddress=0x0, dwSize=0x6c4, flAllocationType=0x3000, flProtect=0x4) returned 0x5b60000 [0261.504] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x77730000 [0261.504] GetProcAddress (hModule=0x77730000, lpProcName="ZwWow64QueryInformationProcess64") returned 0x7779a840 [0261.504] NtWow64QueryInformationProcess64 (in: ProcessHandle=0x50c, ProcessInformationClass=0x0, ProcessInformation64=0x5eaf4f4, ProcessInformationLength=0x30, ReturnLength=0x5eaf548 | out: ProcessInformation64=0x5eaf4f4, ReturnLength=0x5eaf548) returned 0x0 [0261.504] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0xe2ebf000, Buffer=0x7ff6, BufferSize=0x6313cc0, NumberOfBytesRead=0x28 | out: Buffer=0x7ff6, NumberOfBytesRead=0x28) returned 0x0 [0261.504] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1fa461c0, Buffer=0x7fff, BufferSize=0x6313ce8, NumberOfBytesRead=0x40 | out: Buffer=0x7fff, NumberOfBytesRead=0x40) returned 0x0 [0261.504] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9034e0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.504] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903148, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3e | out: Buffer=0xba, NumberOfBytesRead=0x3e) returned 0x0 [0261.504] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0261.504] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903350, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.504] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903240, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3a | out: Buffer=0xba, NumberOfBytesRead=0x3a) returned 0x0 [0261.505] StrRChrA (lpStart="C:\\Windows\\SYSTEM32\\ntdll.dll", lpEnd=0x0, wMatch=0x5c) returned="\\ntdll.dll" [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903990, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903b20, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x40 | out: Buffer=0xba, NumberOfBytesRead=0x40) returned 0x0 [0261.505] StrRChrA (lpStart="C:\\Windows\\system32\\KERNEL32.DLL", lpEnd=0x0, wMatch=0x5c) returned="\\KERNEL32.DLL" [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903e90, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e904020, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x44 | out: Buffer=0xba, NumberOfBytesRead=0x44) returned 0x0 [0261.505] StrRChrA (lpStart="C:\\Windows\\system32\\KERNELBASE.dll", lpEnd=0x0, wMatch=0x5c) returned="\\KERNELBASE.dll" [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905200, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e903920, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3e | out: Buffer=0xba, NumberOfBytesRead=0x3e) returned 0x0 [0261.505] StrRChrA (lpStart="C:\\Windows\\system32\\sechost.dll", lpEnd=0x0, wMatch=0x5c) returned="\\sechost.dll" [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e9054b0, Buffer=0xba, BufferSize=0x6313d28, NumberOfBytesRead=0x98 | out: Buffer=0xba, NumberOfBytesRead=0x98) returned 0x0 [0261.505] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x9e905640, Buffer=0xba, BufferSize=0x6313ab8, NumberOfBytesRead=0x3c | out: Buffer=0xba, NumberOfBytesRead=0x3c) returned 0x0 [0261.505] StrRChrA (lpStart="C:\\Windows\\system32\\RPCRT4.dll", lpEnd=0x0, wMatch=0x5c) returned="\\RPCRT4.dll" [0261.505] lstrcmpiA (lpString1="svchost.exe", lpString2="NTDLL.DLL") returned 1 [0261.505] StrChrA (lpStart="svchost.exe", wMatch=0x2e) returned=".exe" [0261.505] lstrcmpiA (lpString1="svchost", lpString2="NTDLL.DLL") returned 1 [0261.505] lstrcmpiA (lpString1="ntdll.dll", lpString2="NTDLL.DLL") returned 0 [0261.505] VirtualFree (lpAddress=0x5b60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.506] VirtualAlloc (lpAddress=0x0, dwSize=0x1c2000, flAllocationType=0x3000, flProtect=0x4) returned 0x63b0000 [0261.506] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f900000, Buffer=0x7fff, BufferSize=0x63b0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.506] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f901000, Buffer=0x7fff, BufferSize=0x63b1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.506] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f902000, Buffer=0x7fff, BufferSize=0x63b2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.506] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f903000, Buffer=0x7fff, BufferSize=0x63b3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f904000, Buffer=0x7fff, BufferSize=0x63b4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f905000, Buffer=0x7fff, BufferSize=0x63b5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f906000, Buffer=0x7fff, BufferSize=0x63b6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f907000, Buffer=0x7fff, BufferSize=0x63b7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f908000, Buffer=0x7fff, BufferSize=0x63b8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f909000, Buffer=0x7fff, BufferSize=0x63b9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.507] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90a000, Buffer=0x7fff, BufferSize=0x63ba000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90b000, Buffer=0x7fff, BufferSize=0x63bb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90c000, Buffer=0x7fff, BufferSize=0x63bc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90d000, Buffer=0x7fff, BufferSize=0x63bd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90e000, Buffer=0x7fff, BufferSize=0x63be000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f90f000, Buffer=0x7fff, BufferSize=0x63bf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f910000, Buffer=0x7fff, BufferSize=0x63c0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f911000, Buffer=0x7fff, BufferSize=0x63c1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.508] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f912000, Buffer=0x7fff, BufferSize=0x63c2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f913000, Buffer=0x7fff, BufferSize=0x63c3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f914000, Buffer=0x7fff, BufferSize=0x63c4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f915000, Buffer=0x7fff, BufferSize=0x63c5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f916000, Buffer=0x7fff, BufferSize=0x63c6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f917000, Buffer=0x7fff, BufferSize=0x63c7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f918000, Buffer=0x7fff, BufferSize=0x63c8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f919000, Buffer=0x7fff, BufferSize=0x63c9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.509] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91a000, Buffer=0x7fff, BufferSize=0x63ca000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91b000, Buffer=0x7fff, BufferSize=0x63cb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91c000, Buffer=0x7fff, BufferSize=0x63cc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91d000, Buffer=0x7fff, BufferSize=0x63cd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91e000, Buffer=0x7fff, BufferSize=0x63ce000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f91f000, Buffer=0x7fff, BufferSize=0x63cf000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f920000, Buffer=0x7fff, BufferSize=0x63d0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.510] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f921000, Buffer=0x7fff, BufferSize=0x63d1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.511] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f922000, Buffer=0x7fff, BufferSize=0x63d2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.511] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f923000, Buffer=0x7fff, BufferSize=0x63d3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.511] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f924000, Buffer=0x7fff, BufferSize=0x63d4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.511] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f925000, Buffer=0x7fff, BufferSize=0x63d5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.511] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f926000, Buffer=0x7fff, BufferSize=0x63d6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.511] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f927000, Buffer=0x7fff, BufferSize=0x63d7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.512] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f928000, Buffer=0x7fff, BufferSize=0x63d8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.512] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f929000, Buffer=0x7fff, BufferSize=0x63d9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.512] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92a000, Buffer=0x7fff, BufferSize=0x63da000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.512] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92b000, Buffer=0x7fff, BufferSize=0x63db000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.512] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92c000, Buffer=0x7fff, BufferSize=0x63dc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.512] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92d000, Buffer=0x7fff, BufferSize=0x63dd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92e000, Buffer=0x7fff, BufferSize=0x63de000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f92f000, Buffer=0x7fff, BufferSize=0x63df000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f930000, Buffer=0x7fff, BufferSize=0x63e0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f931000, Buffer=0x7fff, BufferSize=0x63e1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f932000, Buffer=0x7fff, BufferSize=0x63e2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f933000, Buffer=0x7fff, BufferSize=0x63e3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f934000, Buffer=0x7fff, BufferSize=0x63e4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.513] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f935000, Buffer=0x7fff, BufferSize=0x63e5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f936000, Buffer=0x7fff, BufferSize=0x63e6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f937000, Buffer=0x7fff, BufferSize=0x63e7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f938000, Buffer=0x7fff, BufferSize=0x63e8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f939000, Buffer=0x7fff, BufferSize=0x63e9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93a000, Buffer=0x7fff, BufferSize=0x63ea000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93b000, Buffer=0x7fff, BufferSize=0x63eb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93c000, Buffer=0x7fff, BufferSize=0x63ec000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.514] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93d000, Buffer=0x7fff, BufferSize=0x63ed000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93e000, Buffer=0x7fff, BufferSize=0x63ee000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f93f000, Buffer=0x7fff, BufferSize=0x63ef000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f940000, Buffer=0x7fff, BufferSize=0x63f0000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f941000, Buffer=0x7fff, BufferSize=0x63f1000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f942000, Buffer=0x7fff, BufferSize=0x63f2000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f943000, Buffer=0x7fff, BufferSize=0x63f3000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f944000, Buffer=0x7fff, BufferSize=0x63f4000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.515] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f945000, Buffer=0x7fff, BufferSize=0x63f5000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f946000, Buffer=0x7fff, BufferSize=0x63f6000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f947000, Buffer=0x7fff, BufferSize=0x63f7000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f948000, Buffer=0x7fff, BufferSize=0x63f8000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f949000, Buffer=0x7fff, BufferSize=0x63f9000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94a000, Buffer=0x7fff, BufferSize=0x63fa000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94b000, Buffer=0x7fff, BufferSize=0x63fb000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94c000, Buffer=0x7fff, BufferSize=0x63fc000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.516] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94d000, Buffer=0x7fff, BufferSize=0x63fd000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94e000, Buffer=0x7fff, BufferSize=0x63fe000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f94f000, Buffer=0x7fff, BufferSize=0x63ff000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f950000, Buffer=0x7fff, BufferSize=0x6400000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f951000, Buffer=0x7fff, BufferSize=0x6401000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f952000, Buffer=0x7fff, BufferSize=0x6402000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f953000, Buffer=0x7fff, BufferSize=0x6403000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f954000, Buffer=0x7fff, BufferSize=0x6404000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.517] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f955000, Buffer=0x7fff, BufferSize=0x6405000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f956000, Buffer=0x7fff, BufferSize=0x6406000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f957000, Buffer=0x7fff, BufferSize=0x6407000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f958000, Buffer=0x7fff, BufferSize=0x6408000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f959000, Buffer=0x7fff, BufferSize=0x6409000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95a000, Buffer=0x7fff, BufferSize=0x640a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95b000, Buffer=0x7fff, BufferSize=0x640b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95c000, Buffer=0x7fff, BufferSize=0x640c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.518] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95d000, Buffer=0x7fff, BufferSize=0x640d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95e000, Buffer=0x7fff, BufferSize=0x640e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f95f000, Buffer=0x7fff, BufferSize=0x640f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f960000, Buffer=0x7fff, BufferSize=0x6410000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f961000, Buffer=0x7fff, BufferSize=0x6411000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f962000, Buffer=0x7fff, BufferSize=0x6412000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f963000, Buffer=0x7fff, BufferSize=0x6413000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f964000, Buffer=0x7fff, BufferSize=0x6414000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.519] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f965000, Buffer=0x7fff, BufferSize=0x6415000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.520] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f966000, Buffer=0x7fff, BufferSize=0x6416000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.520] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f967000, Buffer=0x7fff, BufferSize=0x6417000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.520] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f968000, Buffer=0x7fff, BufferSize=0x6418000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.520] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f969000, Buffer=0x7fff, BufferSize=0x6419000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.520] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96a000, Buffer=0x7fff, BufferSize=0x641a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.520] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96b000, Buffer=0x7fff, BufferSize=0x641b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96c000, Buffer=0x7fff, BufferSize=0x641c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96d000, Buffer=0x7fff, BufferSize=0x641d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96e000, Buffer=0x7fff, BufferSize=0x641e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f96f000, Buffer=0x7fff, BufferSize=0x641f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f970000, Buffer=0x7fff, BufferSize=0x6420000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f971000, Buffer=0x7fff, BufferSize=0x6421000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f972000, Buffer=0x7fff, BufferSize=0x6422000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.521] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f973000, Buffer=0x7fff, BufferSize=0x6423000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f974000, Buffer=0x7fff, BufferSize=0x6424000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f975000, Buffer=0x7fff, BufferSize=0x6425000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f976000, Buffer=0x7fff, BufferSize=0x6426000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f977000, Buffer=0x7fff, BufferSize=0x6427000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f978000, Buffer=0x7fff, BufferSize=0x6428000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f979000, Buffer=0x7fff, BufferSize=0x6429000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.522] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97a000, Buffer=0x7fff, BufferSize=0x642a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97b000, Buffer=0x7fff, BufferSize=0x642b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97c000, Buffer=0x7fff, BufferSize=0x642c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97d000, Buffer=0x7fff, BufferSize=0x642d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97e000, Buffer=0x7fff, BufferSize=0x642e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f97f000, Buffer=0x7fff, BufferSize=0x642f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f980000, Buffer=0x7fff, BufferSize=0x6430000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f981000, Buffer=0x7fff, BufferSize=0x6431000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.523] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f982000, Buffer=0x7fff, BufferSize=0x6432000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f983000, Buffer=0x7fff, BufferSize=0x6433000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f984000, Buffer=0x7fff, BufferSize=0x6434000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f985000, Buffer=0x7fff, BufferSize=0x6435000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f986000, Buffer=0x7fff, BufferSize=0x6436000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f987000, Buffer=0x7fff, BufferSize=0x6437000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f988000, Buffer=0x7fff, BufferSize=0x6438000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f989000, Buffer=0x7fff, BufferSize=0x6439000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.524] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98a000, Buffer=0x7fff, BufferSize=0x643a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98b000, Buffer=0x7fff, BufferSize=0x643b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98c000, Buffer=0x7fff, BufferSize=0x643c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98d000, Buffer=0x7fff, BufferSize=0x643d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98e000, Buffer=0x7fff, BufferSize=0x643e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f98f000, Buffer=0x7fff, BufferSize=0x643f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f990000, Buffer=0x7fff, BufferSize=0x6440000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f991000, Buffer=0x7fff, BufferSize=0x6441000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.525] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f992000, Buffer=0x7fff, BufferSize=0x6442000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f993000, Buffer=0x7fff, BufferSize=0x6443000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f994000, Buffer=0x7fff, BufferSize=0x6444000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f995000, Buffer=0x7fff, BufferSize=0x6445000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f996000, Buffer=0x7fff, BufferSize=0x6446000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f997000, Buffer=0x7fff, BufferSize=0x6447000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f998000, Buffer=0x7fff, BufferSize=0x6448000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f999000, Buffer=0x7fff, BufferSize=0x6449000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.526] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99a000, Buffer=0x7fff, BufferSize=0x644a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99b000, Buffer=0x7fff, BufferSize=0x644b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99c000, Buffer=0x7fff, BufferSize=0x644c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99d000, Buffer=0x7fff, BufferSize=0x644d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99e000, Buffer=0x7fff, BufferSize=0x644e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f99f000, Buffer=0x7fff, BufferSize=0x644f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a0000, Buffer=0x7fff, BufferSize=0x6450000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.527] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a1000, Buffer=0x7fff, BufferSize=0x6451000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a2000, Buffer=0x7fff, BufferSize=0x6452000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a3000, Buffer=0x7fff, BufferSize=0x6453000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a4000, Buffer=0x7fff, BufferSize=0x6454000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a5000, Buffer=0x7fff, BufferSize=0x6455000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a6000, Buffer=0x7fff, BufferSize=0x6456000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a7000, Buffer=0x7fff, BufferSize=0x6457000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.528] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a8000, Buffer=0x7fff, BufferSize=0x6458000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9a9000, Buffer=0x7fff, BufferSize=0x6459000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9aa000, Buffer=0x7fff, BufferSize=0x645a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ab000, Buffer=0x7fff, BufferSize=0x645b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ac000, Buffer=0x7fff, BufferSize=0x645c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ad000, Buffer=0x7fff, BufferSize=0x645d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ae000, Buffer=0x7fff, BufferSize=0x645e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.529] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9af000, Buffer=0x7fff, BufferSize=0x645f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.530] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b0000, Buffer=0x7fff, BufferSize=0x6460000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.530] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b1000, Buffer=0x7fff, BufferSize=0x6461000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.530] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b2000, Buffer=0x7fff, BufferSize=0x6462000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.530] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b3000, Buffer=0x7fff, BufferSize=0x6463000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.530] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b4000, Buffer=0x7fff, BufferSize=0x6464000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.530] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b5000, Buffer=0x7fff, BufferSize=0x6465000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b6000, Buffer=0x7fff, BufferSize=0x6466000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b7000, Buffer=0x7fff, BufferSize=0x6467000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b8000, Buffer=0x7fff, BufferSize=0x6468000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9b9000, Buffer=0x7fff, BufferSize=0x6469000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ba000, Buffer=0x7fff, BufferSize=0x646a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bb000, Buffer=0x7fff, BufferSize=0x646b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.531] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bc000, Buffer=0x7fff, BufferSize=0x646c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bd000, Buffer=0x7fff, BufferSize=0x646d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9be000, Buffer=0x7fff, BufferSize=0x646e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9bf000, Buffer=0x7fff, BufferSize=0x646f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c0000, Buffer=0x7fff, BufferSize=0x6470000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c1000, Buffer=0x7fff, BufferSize=0x6471000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c2000, Buffer=0x7fff, BufferSize=0x6472000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.532] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c3000, Buffer=0x7fff, BufferSize=0x6473000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c4000, Buffer=0x7fff, BufferSize=0x6474000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c5000, Buffer=0x7fff, BufferSize=0x6475000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c6000, Buffer=0x7fff, BufferSize=0x6476000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c7000, Buffer=0x7fff, BufferSize=0x6477000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c8000, Buffer=0x7fff, BufferSize=0x6478000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9c9000, Buffer=0x7fff, BufferSize=0x6479000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ca000, Buffer=0x7fff, BufferSize=0x647a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.533] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cb000, Buffer=0x7fff, BufferSize=0x647b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cc000, Buffer=0x7fff, BufferSize=0x647c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cd000, Buffer=0x7fff, BufferSize=0x647d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ce000, Buffer=0x7fff, BufferSize=0x647e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9cf000, Buffer=0x7fff, BufferSize=0x647f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d0000, Buffer=0x7fff, BufferSize=0x6480000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d1000, Buffer=0x7fff, BufferSize=0x6481000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d2000, Buffer=0x7fff, BufferSize=0x6482000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.534] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d3000, Buffer=0x7fff, BufferSize=0x6483000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d4000, Buffer=0x7fff, BufferSize=0x6484000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d5000, Buffer=0x7fff, BufferSize=0x6485000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d6000, Buffer=0x7fff, BufferSize=0x6486000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d7000, Buffer=0x7fff, BufferSize=0x6487000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d8000, Buffer=0x7fff, BufferSize=0x6488000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9d9000, Buffer=0x7fff, BufferSize=0x6489000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9da000, Buffer=0x7fff, BufferSize=0x648a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.535] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9db000, Buffer=0x7fff, BufferSize=0x648b000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9dc000, Buffer=0x7fff, BufferSize=0x648c000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9dd000, Buffer=0x7fff, BufferSize=0x648d000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9de000, Buffer=0x7fff, BufferSize=0x648e000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9df000, Buffer=0x7fff, BufferSize=0x648f000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e0000, Buffer=0x7fff, BufferSize=0x6490000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e1000, Buffer=0x7fff, BufferSize=0x6491000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e2000, Buffer=0x7fff, BufferSize=0x6492000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.536] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e3000, Buffer=0x7fff, BufferSize=0x6493000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e4000, Buffer=0x7fff, BufferSize=0x6494000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e5000, Buffer=0x7fff, BufferSize=0x6495000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e6000, Buffer=0x7fff, BufferSize=0x6496000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e7000, Buffer=0x7fff, BufferSize=0x6497000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e8000, Buffer=0x7fff, BufferSize=0x6498000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9e9000, Buffer=0x7fff, BufferSize=0x6499000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.537] NtWow64ReadVirtualMemory64 (in: ProcessHandle=0x50c, BaseAddress=0x1f9ea000, Buffer=0x7fff, BufferSize=0x649a000, NumberOfBytesRead=0x1000 | out: Buffer=0x7fff, NumberOfBytesRead=0x1000) returned 0x0 [0261.558] lstrcmpA (lpString1="A_SHAFinal", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="A_SHAInit", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="A_SHAUpdate", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrClientCallServer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrGetProcessId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="DbgBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="DbgPrint", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="DbgPrintEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.558] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgPrompt", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiContinue", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWrite", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteString", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.559] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwReplyNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwSendNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwSetMark", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwTraceMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.560] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrAccessResource", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrAddRefDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrEnumResources", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrFindResource_U", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetDllPath", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetFailureData", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrLoadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrLockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrOpenImageFileOptionsKey", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrProcessInitializationComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrProcessRelocationBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrProcessRelocationBlockEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0261.561] lstrcmpA (lpString1="LdrQueryImageFileExecutionOptionsEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrQueryImageFileKeyOption", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrQueryModuleServiceTags", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrQueryOptionalDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrQueryProcessModuleInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrRegisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrRemoveDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrRemoveLoadAsDataTable", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResFindResource", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResFindResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResGetRCConfig", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResRelease", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResSearchResource", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResolveDelayLoadedAPI", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrResolveDelayLoadsFromDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrRscIsTypeExist", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSetAppCompatDllRedirectionCallback", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSetDefaultDllDirectories", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSetDllDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSetDllManifestProber", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSetImplicitPathOptions", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSetMUICacheType", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrShutdownProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrShutdownThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrStandardizeSystemPath", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrSystemDllInitBlock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrUnloadAlternateResourceModule", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrUnloadAlternateResourceModuleEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrUnloadDll", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrUnlockLoaderLock", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrUnregisterDllNotification", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksum", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrVerifyImageMatchesChecksumEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrpResGetMappingSize", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="LdrpResGetResourceDirectory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="MD4Final", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="MD4Init", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="MD4Update", lpString2="ZwProtectVirtualMemory") returned -1 [0261.562] lstrcmpA (lpString1="MD5Final", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="MD5Init", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="MD5Update", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NlsAnsiCodePage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NlsMbCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NlsMbOemCodePageTag", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheck", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheckAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheckByType", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheckByTypeAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheckByTypeResultList", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAccessCheckByTypeResultListAndAuditAlarmByHandle", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAddAtom", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAddAtomEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAddBootEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAddDriverEntry", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAdjustGroupsToken", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAdjustPrivilegesToken", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAdjustTokenClaimsAndDeviceGroups", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlertResumeThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlertThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlertThreadByThreadId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAllocateLocallyUniqueId", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAllocateReserveObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAllocateUserPhysicalPages", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAllocateUuids", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAllocateVirtualMemory", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcAcceptConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcCancelMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcConnectPortEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcCreatePort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcCreatePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcCreateResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcCreateSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcCreateSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcDeletePortSection", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcDeleteResourceReserve", lpString2="ZwProtectVirtualMemory") returned -1 [0261.563] lstrcmpA (lpString1="NtAlpcDeleteSectionView", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcDeleteSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcDisconnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcImpersonateClientContainerOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcImpersonateClientOfPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcOpenSenderProcess", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcOpenSenderThread", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcQueryInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcQueryInformationMessage", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcRevokeSecurityContext", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcSendWaitReceivePort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAlpcSetInformation", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtApphelpCacheControl", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAreMappedFilesTheSame", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAssignProcessToJobObject", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtAssociateWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCallbackReturn", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCancelIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCancelIoFileEx", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCancelSynchronousIoFile", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCancelTimer", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCancelTimer2", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtCancelWaitCompletionPacket", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtClearEvent", lpString2="ZwProtectVirtualMemory") returned -1 [0261.564] lstrcmpA (lpString1="NtClose", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCloseObjectAuditAlarm", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCommitComplete", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCommitEnlistment", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCommitTransaction", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCompactKeys", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCompareObjects", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCompareTokens", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCompleteConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtCompressKey", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] lstrcmpA (lpString1="NtConnectPort", lpString2="ZwProtectVirtualMemory") returned -1 [0261.565] VirtualFree (lpAddress=0x63b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0261.575] NtGetContextThread (in: ThreadHandle=0x508, Context=0x5eaf0f0 | out: Context=0x5eaf0f0*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x100003, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x47, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x88, [65]=0x66, [66]=0x64, [67]=0xdc, [68]=0xfe, [69]=0xf, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0xf0, [74]=0xeb, [75]=0xe2, [76]=0xf6, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x40000000, SegFs=0xe3233440, SegEs=0x7ff6, SegDs=0x9e6dfc38, Edi=0xba, Esi=0x0, Ebx=0x0, Edx=0xe2ebf000, Ecx=0x7ff6, Eax=0xe2ebf000, Ebp=0x7ff6, Eip=0xe2ebf000, SegCs=0x7ff6, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x40, [45]=0x34, [46]=0x23, [47]=0xe3, [48]=0xf6, [49]=0x7f, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0261.576] NtWriteVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x760000, Buffer=0x6313ab8*, NumberOfBytesToWrite=0x318, NumberOfBytesWritten=0x5eaf0ec | out: Buffer=0x6313ab8*, NumberOfBytesWritten=0x5eaf0ec*=0x318) returned 0x0 [0261.576] NtSetContextThread (ThreadHandle=0x508, Context=0x5eaf0f0*(ContextFlags=0x0, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x100003, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x33, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x2b, [11]=0x0, [12]=0x47, [13]=0x2, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x76, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0xf0, [74]=0xeb, [75]=0xe2, [76]=0xf6, [77]=0x7f, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x100, SegGs=0x40000000, SegFs=0xe3233440, SegEs=0x7ff6, SegDs=0x9e6dfc38, Edi=0xba, Esi=0x0, Ebx=0x0, Edx=0xe2ebf000, Ecx=0x7ff6, Eax=0xe2ebf000, Ebp=0x7ff6, Eip=0xe2ebf000, SegCs=0x7ff6, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x18, [45]=0x2, [46]=0x76, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 0x0 [0261.588] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0261.588] CloseHandle (hObject=0x514) returned 1 [0261.588] NtProtectVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5eaf5f0*=0x7ff6e3233440, NumberOfBytesToProtect=0x5eaf5f8, NewAccessProtection=0x40, OldAccessProtection=0x5eaf5e8 | out: BaseAddress=0x5eaf5f0*=0x7ff6e3233000, NumberOfBytesToProtect=0x5eaf5f8, OldAccessProtection=0x5eaf5e8*=0x20) returned 0x0 [0261.588] NtWriteVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x7ff6e3233440, Buffer=0x5eaf658*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x5eaf5e0 | out: Buffer=0x5eaf658*, NumberOfBytesWritten=0x5eaf5e0*=0x4) returned 0x0 [0261.589] NtProtectVirtualMemory (in: ProcessHandle=0x50c, BaseAddress=0x5eaf5f0*=0x7ff6e3233000, NumberOfBytesToProtect=0x5eaf5f8, NewAccessProtection=0x20, OldAccessProtection=0x5eaf5e8 | out: BaseAddress=0x5eaf5f0*=0x7ff6e3233000, NumberOfBytesToProtect=0x5eaf5f8, OldAccessProtection=0x5eaf5e8*=0x40) returned 0x0 [0261.589] ResumeThread (hThread=0x508) returned 0x1 [0261.589] CloseHandle (hObject=0x508) returned 1 [0261.589] CloseHandle (hObject=0x50c) returned 1 [0261.589] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="RuntimeBroker.exe", AllocateDestinationString=1) returned 0x0 [0261.589] RtlFreeAnsiString (AnsiString="R") [0261.589] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="ShellExperienceHost.exe", AllocateDestinationString=1) returned 0x0 [0261.589] RtlFreeAnsiString (AnsiString="S") [0261.589] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="SearchUI.exe", AllocateDestinationString=1) returned 0x0 [0261.589] RtlFreeAnsiString (AnsiString="S") [0261.589] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="autoclb.exe", AllocateDestinationString=1) returned 0x0 [0261.589] RtlFreeAnsiString (AnsiString="A") [0261.589] RtlUpcaseUnicodeString (DestinationString=0x5eafec8, SourceString="audiodg.exe", AllocateDestinationString=1) returned 0x0 [0261.589] RtlFreeAnsiString (AnsiString="A") [0261.589] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0261.590] CreateWaitableTimerA (lpTimerAttributes=0x5eaff1c, bManualReset=1, lpTimerName="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 0x50c [0261.590] SetWaitableTimer (hTimer=0x50c, lpDueTime=0x5eaff10, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0261.590] CloseHandle (hObject=0x50c) returned 1 [0261.590] LocalFree (hMem=0x255060) returned 0x0 [0261.590] HeapDestroy (hHeap=0x5fa0000) returned 1 [0261.603] ExitProcess (uExitCode=0x0) Thread: id = 93 os_tid = 0x0 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6b9f9000" os_pid = "0xaf4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0x478" cmd_line = "C:\\Windows\\system32\\svchost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001a59e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1908 start_va = 0x7fa2a000 end_va = 0x7fa2afff entry_point = 0x0 region_type = private name = "private_0x000000007fa2a000" filename = "" Region: id = 1909 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1910 start_va = 0xba9e620000 end_va = 0xba9e63ffff entry_point = 0x0 region_type = private name = "private_0x000000ba9e620000" filename = "" Region: id = 1911 start_va = 0xba9e640000 end_va = 0xba9e653fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9e640000" filename = "" Region: id = 1912 start_va = 0xba9e660000 end_va = 0xba9e6dffff entry_point = 0x0 region_type = private name = "private_0x000000ba9e660000" filename = "" Region: id = 1913 start_va = 0xba9e6e0000 end_va = 0xba9e6e3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9e6e0000" filename = "" Region: id = 1914 start_va = 0xba9e6f0000 end_va = 0xba9e6f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9e6f0000" filename = "" Region: id = 1915 start_va = 0xba9e700000 end_va = 0xba9e701fff entry_point = 0x0 region_type = private name = "private_0x000000ba9e700000" filename = "" Region: id = 1916 start_va = 0x7df5ff9a0000 end_va = 0x7ff5ff99ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff9a0000" filename = "" Region: id = 1917 start_va = 0x7ff6e2e90000 end_va = 0x7ff6e2eb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6e2e90000" filename = "" Region: id = 1918 start_va = 0x7ff6e2ebd000 end_va = 0x7ff6e2ebefff entry_point = 0x0 region_type = private name = "private_0x00007ff6e2ebd000" filename = "" Region: id = 1919 start_va = 0x7ff6e2ebf000 end_va = 0x7ff6e2ebffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e2ebf000" filename = "" Region: id = 1920 start_va = 0x7ff6e3230000 end_va = 0x7ff6e323cfff entry_point = 0x7ff6e3230000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1921 start_va = 0x7fff1f900000 end_va = 0x7fff1fac1fff entry_point = 0x7fff1f900000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1930 start_va = 0xba9e8e0000 end_va = 0xba9e8e6fff entry_point = 0x0 region_type = private name = "private_0x000000ba9e8e0000" filename = "" Region: id = 1931 start_va = 0xba9e900000 end_va = 0xba9e9fffff entry_point = 0x0 region_type = private name = "private_0x000000ba9e900000" filename = "" Region: id = 1932 start_va = 0x7fff1cdf0000 end_va = 0x7fff1cfccfff entry_point = 0x7fff1cdf0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1933 start_va = 0x7fff1f850000 end_va = 0x7fff1f8fcfff entry_point = 0x7fff1f850000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1934 start_va = 0xba9e620000 end_va = 0xba9e62ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9e620000" filename = "" Region: id = 1935 start_va = 0xba9e710000 end_va = 0xba9e7cdfff entry_point = 0xba9e710000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1936 start_va = 0xba9e7d0000 end_va = 0xba9e84ffff entry_point = 0x0 region_type = private name = "private_0x000000ba9e7d0000" filename = "" Region: id = 1937 start_va = 0x7ff6e2d90000 end_va = 0x7ff6e2e8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6e2d90000" filename = "" Region: id = 1938 start_va = 0x7ff6e2ebb000 end_va = 0x7ff6e2ebcfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e2ebb000" filename = "" Region: id = 1939 start_va = 0x7fff1d600000 end_va = 0x7fff1d65afff entry_point = 0x7fff1d600000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1940 start_va = 0x7fff1d8f0000 end_va = 0x7fff1da15fff entry_point = 0x7fff1d8f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1942 start_va = 0x620000 end_va = 0x752fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1949 start_va = 0x760000 end_va = 0x760fff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1950 start_va = 0x7fff1ab70000 end_va = 0x7fff1ab8ffff entry_point = 0x7fff1ab70000 region_type = mapped_file name = "avifil32.dll" filename = "\\Windows\\System32\\avifil32.dll" (normalized: "c:\\windows\\system32\\avifil32.dll") Region: id = 1951 start_va = 0x7fff1f700000 end_va = 0x7fff1f79cfff entry_point = 0x7fff1f700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1952 start_va = 0x7fff1d080000 end_va = 0x7fff1d2fbfff entry_point = 0x7fff1d080000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1953 start_va = 0x7fff1f7a0000 end_va = 0x7fff1f845fff entry_point = 0x7fff1f7a0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1954 start_va = 0x7fff1f500000 end_va = 0x7fff1f684fff entry_point = 0x7fff1f500000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1955 start_va = 0x7fff1da90000 end_va = 0x7fff1dbddfff entry_point = 0x7fff1da90000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1956 start_va = 0x7fff1d3f0000 end_va = 0x7fff1d530fff entry_point = 0x7fff1d3f0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1957 start_va = 0x7fff1ab40000 end_va = 0x7fff1ab68fff entry_point = 0x7fff1ab40000 region_type = mapped_file name = "msvfw32.dll" filename = "\\Windows\\System32\\msvfw32.dll" (normalized: "c:\\windows\\system32\\msvfw32.dll") Region: id = 1958 start_va = 0x7fff1df70000 end_va = 0x7fff1f494fff entry_point = 0x7fff1df70000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1959 start_va = 0x7fff1c760000 end_va = 0x7fff1cd87fff entry_point = 0x7fff1c760000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1960 start_va = 0x7fff1f690000 end_va = 0x7fff1f6e0fff entry_point = 0x7fff1f690000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1961 start_va = 0x7fff1c3c0000 end_va = 0x7fff1c3cefff entry_point = 0x7fff1c3c0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1962 start_va = 0x7fff1c420000 end_va = 0x7fff1c4d2fff entry_point = 0x7fff1c420000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1963 start_va = 0x7fff1c350000 end_va = 0x7fff1c399fff entry_point = 0x7fff1c350000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1964 start_va = 0x7fff1c3a0000 end_va = 0x7fff1c3b2fff entry_point = 0x7fff1c3a0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1965 start_va = 0x7fff0ce80000 end_va = 0x7fff0ceabfff entry_point = 0x7fff0ce80000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 1966 start_va = 0x7fff0ceb0000 end_va = 0x7fff0ced2fff entry_point = 0x7fff0ceb0000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 1967 start_va = 0x7fff12050000 end_va = 0x7fff1206bfff entry_point = 0x7fff12050000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 1968 start_va = 0x7fff12160000 end_va = 0x7fff12209fff entry_point = 0x7fff12160000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\\comctl32.dll") Region: id = 1969 start_va = 0x7fff1aca0000 end_va = 0x7fff1acc6fff entry_point = 0x7fff1aca0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1970 start_va = 0x7fff1c3d0000 end_va = 0x7fff1c413fff entry_point = 0x7fff1c3d0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1971 start_va = 0xba9ea00000 end_va = 0xba9ea9cfff entry_point = 0x0 region_type = private name = "private_0x000000ba9ea00000" filename = "" Region: id = 1972 start_va = 0xba9eaa0000 end_va = 0xba9ec9ffff entry_point = 0x0 region_type = private name = "private_0x000000ba9eaa0000" filename = "" Region: id = 1973 start_va = 0xba9eb00000 end_va = 0xba9ebfffff entry_point = 0x0 region_type = private name = "private_0x000000ba9eb00000" filename = "" Region: id = 1974 start_va = 0xba9ec00000 end_va = 0xba9ed87fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9ec00000" filename = "" Region: id = 1975 start_va = 0xba9e850000 end_va = 0xba9e883fff entry_point = 0xba9e850000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1976 start_va = 0x7fff1d730000 end_va = 0x7fff1d765fff entry_point = 0x7fff1d730000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1977 start_va = 0x7fff1d790000 end_va = 0x7fff1d8ebfff entry_point = 0x7fff1d790000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1978 start_va = 0xba9ed90000 end_va = 0xba9ef10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9ed90000" filename = "" Region: id = 1979 start_va = 0xba9ef20000 end_va = 0xbaa031ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000ba9ef20000" filename = "" Region: id = 1980 start_va = 0xba9e630000 end_va = 0xba9e630fff entry_point = 0xba9e630000 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1981 start_va = 0xba9e850000 end_va = 0xba9e850fff entry_point = 0x0 region_type = private name = "private_0x000000ba9e850000" filename = "" Region: id = 1982 start_va = 0xba9e860000 end_va = 0xba9e860fff entry_point = 0x0 region_type = private name = "private_0x000000ba9e860000" filename = "" Region: id = 1983 start_va = 0xbaa0320000 end_va = 0xbaa04fcfff entry_point = 0x0 region_type = private name = "private_0x000000baa0320000" filename = "" Region: id = 1984 start_va = 0xbaa0500000 end_va = 0xbaa06fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0500000" filename = "" Region: id = 1985 start_va = 0xbaa0500000 end_va = 0xbaa05fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0500000" filename = "" Region: id = 1986 start_va = 0xba9e870000 end_va = 0xba9e871fff entry_point = 0xba9e870000 region_type = mapped_file name = "msvfw32.dll.mui" filename = "\\Windows\\System32\\en-US\\msvfw32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msvfw32.dll.mui") Region: id = 1987 start_va = 0xbaa0320000 end_va = 0xbaa03dcfff entry_point = 0xbaa0320000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1988 start_va = 0xbaa04f0000 end_va = 0xbaa04fcfff entry_point = 0x0 region_type = private name = "private_0x000000baa04f0000" filename = "" Region: id = 1989 start_va = 0xbaa0320000 end_va = 0xbaa049cfff entry_point = 0x0 region_type = private name = "private_0x000000baa0320000" filename = "" Region: id = 1990 start_va = 0xbaa0600000 end_va = 0xbaa07fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0600000" filename = "" Region: id = 1991 start_va = 0xbaa0600000 end_va = 0xbaa06fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0600000" filename = "" Region: id = 1992 start_va = 0xbaa0700000 end_va = 0xbaa08fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0700000" filename = "" Region: id = 1993 start_va = 0xbaa0700000 end_va = 0xbaa07fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0700000" filename = "" Region: id = 1994 start_va = 0xbaa0800000 end_va = 0xbaa09fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0800000" filename = "" Region: id = 1995 start_va = 0xbaa0800000 end_va = 0xbaa08fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0800000" filename = "" Region: id = 1996 start_va = 0xbaa0900000 end_va = 0xbaa0afffff entry_point = 0x0 region_type = private name = "private_0x000000baa0900000" filename = "" Region: id = 1997 start_va = 0xbaa0900000 end_va = 0xbaa09fffff entry_point = 0x0 region_type = private name = "private_0x000000baa0900000" filename = "" Region: id = 1998 start_va = 0x7fff1bf50000 end_va = 0x7fff1bf7bfff entry_point = 0x7fff1bf50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1999 start_va = 0xbaa0a00000 end_va = 0xbaa0d36fff entry_point = 0xbaa0a00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2000 start_va = 0x7fff1d3e0000 end_va = 0x7fff1d3e7fff entry_point = 0x7fff1d3e0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 2466 start_va = 0xbaa0320000 end_va = 0xbaa0452fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000baa0320000" filename = "" Region: id = 2467 start_va = 0xbaa0490000 end_va = 0xbaa049cfff entry_point = 0x0 region_type = private name = "private_0x000000baa0490000" filename = "" Thread: id = 92 os_tid = 0xa14 [0261.604] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0xba9e6dfbe8 | out: BaseAddress=0xba9e6dfbe8*=0x7fff1f900000) returned 0x0 [0261.604] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtCreateSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9939e0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtUnmapViewOfSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9937e0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtMapViewOfSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9937c0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwOpenProcessToken", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f994680) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwClose", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f993630) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwQueryInformationToken", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f993750) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwOpenProcess", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9937a0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtQuerySystemInformation", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9938a0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlNtStatusToDosError", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f90f0c0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwQueryInformationProcess", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9936d0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlImageDirectoryEntryToData", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f916850) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_wcsupr", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9858a0) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_strupr", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f984f60) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memmove", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f997e80) returned 0x0 [0261.605] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="bsearch", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f986420) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f985260) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_strlwr", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f984e60) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="atoi", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9843d0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="strstr", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f988bd0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="wcscpy", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f989650) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwQueryKey", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9936a0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlUpcaseUnicodeString", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f953170) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlFreeUnicodeString", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f927110) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="sprintf", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f987fb0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_snprintf", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f984970) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memset", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9981c0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f997e80) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="strcpy", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9882f0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlAdjustPrivilege", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9732a0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="mbstowcs", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9875a0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlImageNtHeader", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f916820) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9876a0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="__C_specific_handler", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f983f20) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="__chkstk", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f996290) returned 0x0 [0261.606] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0xba9e6dfbe8 | out: BaseAddress=0xba9e6dfbe8*=0x7fff1f850000) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetLocalTime", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86e9e0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenProcess", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86a8f0) returned 0x0 [0261.606] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualQueryEx", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8724a0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateRemoteThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8926d0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86eca0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetVersion", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f871fd0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetEndOfFile", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875ae0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RemoveDirectoryW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875ad0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetTempFileNameA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8759e0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9081b0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86baf0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86d680) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875510) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WriteProcessMemory", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86e710) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875760) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcmpiA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86bb10) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870c70) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f872080) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866580) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcmpA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86df40) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetModuleHandleA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86e6d0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateFileMappingA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f855bc0) returned 0x0 [0261.607] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="MapViewOfFile", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86e950) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f868f00) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86ecc0) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GlobalLock", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866230) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrlenA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86bb80) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GlobalAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86b810) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GlobalUnlock", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866170) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f92ebf0) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcpyA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86edf0) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866060) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866050) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RemoveDirectoryA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875ac0) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875790) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcatA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870e30) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875b80) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateDirectoryA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875730) returned 0x0 [0261.608] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapDestroy", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f872e50) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapCreate", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870f80) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetEvent", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8756b0) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f92d8d0) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8660a0) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindNextFileW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875880) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CopyFileW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875d70) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetWaitableTimer", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8756c0) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LocalAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f869310) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866470) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866030) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8664b0) returned 0x0 [0261.609] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f869490) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateEventA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875560) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetWindowsDirectoryA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8741b0) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DeleteFileW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8757a0) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateDirectoryW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875740) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateWaitableTimerA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f873870) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875a00) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindFirstFileW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875840) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f869320) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f872c00) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SuspendThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870d70) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WaitForMultipleObjects", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8756e0) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ResumeThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86f570) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcpyW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870a80) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FileTimeToSystemTime", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875bf0) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86bc20) returned 0x0 [0261.610] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875770) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ResetEvent", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8756a0) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SwitchToThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86a960) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcatW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f873830) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateProcessW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86dee0) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetFileSize", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875950) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetFileAttributesW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875930) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ExpandEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86e420) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866090) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f934420) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866160) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f934ec0) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetComputerNameA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86c250) returned 0x0 [0261.611] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateMutexA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8755a0) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenWaitableTimerA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f893a10) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenMutexA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f855e30) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetVolumeInformationA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875a20) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WaitForSingleObject", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875700) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ReleaseMutex", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875680) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetComputerNameW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86c3c0) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f9638f0) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LoadLibraryExW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86b820) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86aa40) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualFree", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86bc10) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetLogicalDriveStringsW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8759d0) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetFileAttributesA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875900) returned 0x0 [0261.612] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenFileMappingA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f873c10) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetExitCodeProcess", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86e450) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateProcessA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86d5b0) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcpynA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8936c0) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LocalReAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f872c80) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86dec0) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866020) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8664c0) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86ed90) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetVersionExW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86aa30) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86eb90) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875a90) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetFilePointer", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875b20) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Thread32First", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8701b0) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="QueueUserAPC", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86fe40) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateToolhelp32Snapshot", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f876830) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenThread", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86a970) returned 0x0 [0261.613] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Thread32Next", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866720) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindFirstFileA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875800) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindNextFileA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875860) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ConnectNamedPipe", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8730b0) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetOverlappedResult", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86bb70) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CancelIo", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f872f50) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DisconnectNamedPipe", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f873820) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875890) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CallNamedPipeA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f88fe50) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateNamedPipeA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f890070) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86a940) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WaitNamedPipeA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f890670) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f866070) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SleepEx", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8756d0) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f97a5b0) returned 0x0 [0261.614] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f96a7b0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenEventA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f875630) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcmpiW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8665d0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RaiseException", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86eba0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetSystemInfo", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86f580) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Process32NextW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f86b8f0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Process32FirstW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870020) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="QueueUserWorkItem", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f870f60) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FileTimeToLocalFileTime", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8757b0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8757c0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetDriveTypeW", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f8758f0) returned 0x0 [0261.615] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualProtectEx", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1f893630) returned 0x0 [0261.615] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="AVIFIL32.dll", BaseAddress=0xba9e6dfbe8 | out: BaseAddress=0xba9e6dfbe8*=0x7fff1ab70000) returned 0x0 [0261.816] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIStreamRelease", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab769a0) returned 0x0 [0261.816] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIStreamWrite", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab77230) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileOpenA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab768b0) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileCreateStreamA", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab76c10) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIStreamSetFormat", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab77070) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileExit", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab76400) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileInit", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab763d0) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIMakeCompressedStream", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab77910) returned 0x0 [0261.817] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileRelease", Ordinal=0x0, ProcedureAddress=0xba9e6dfbd0 | out: ProcedureAddress=0xba9e6dfbd0*=0x7fff1ab769a0) returned 0x0 [0261.817] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfbd8*=0x620000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x4, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfbd8*=0x620000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.817] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfb70*=0x621000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x20, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfb70*=0x621000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.818] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfb70*=0x659000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x2, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfb70*=0x659000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.818] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfb70*=0x683000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x4, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfb70*=0x683000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.818] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfb70*=0x688000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x2, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfb70*=0x688000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.818] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfb70*=0x68a000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x4, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfb70*=0x68a000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.818] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6dfb70*=0x68c000, NumberOfBytesToProtect=0xba9e6dfbe0, NewAccessProtection=0x2, OldAccessProtection=0xba9e6dfbd0 | out: BaseAddress=0xba9e6dfb70*=0x68c000, NumberOfBytesToProtect=0xba9e6dfbe0, OldAccessProtection=0xba9e6dfbd0*=0x40) returned 0x0 [0261.829] GetTickCount () returned 0xfba5 [0261.829] GetModuleHandleA (lpModuleName=0x0) returned 0x7ff6e3230000 [0261.829] GetVersion () returned 0x2800000a [0261.829] GetCurrentProcessId () returned 0xaf4 [0261.829] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x164 [0261.830] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xbaa0602040, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0261.830] lstrcpynA (in: lpString1=0xba9e6dfb20, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0261.830] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0261.830] GetProcAddress (hModule=0x7fff1f850000, lpProcName="IsWow64Process") returned 0x7fff1f86e960 [0261.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaf4) returned 0x168 [0261.831] IsWow64Process (in: hProcess=0x168, Wow64Process=0xba9e6dfac0 | out: Wow64Process=0xba9e6dfac0) returned 1 [0261.831] CloseHandle (hObject=0x168) returned 1 [0261.831] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fff1f7a0000 [0261.831] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7fff1f7bd610 [0261.831] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0261.840] NtOpenProcess (in: ProcessHandle=0xba9e6dfa78, DesiredAccess=0x400, ObjectAttributes=0xba9e6dfa10*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0xba9e6dfa00*(UniqueProcess=0xaf4, UniqueThread=0x0) | out: ProcessHandle=0xba9e6dfa78*=0x184) returned 0x0 [0261.840] NtOpenProcessToken (in: ProcessHandle=0x184, DesiredAccess=0x8, TokenHandle=0xba9e6dfa70 | out: TokenHandle=0xba9e6dfa70*=0x188) returned 0x0 [0261.840] NtQueryInformationToken (in: TokenHandle=0x188, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xba9e6dfa60 | out: TokenInformation=0x0, ReturnLength=0xba9e6dfa60) returned 0xc0000023 [0261.840] NtQueryInformationToken (in: TokenHandle=0x188, TokenInformationClass=0x1, TokenInformation=0xbaa0602260, TokenInformationLength=0x2c, ReturnLength=0xba9e6dfa60 | out: TokenInformation=0xbaa0602260, ReturnLength=0xba9e6dfa60) returned 0x0 [0261.840] NtClose (Handle=0x188) returned 0x0 [0261.840] NtClose (Handle=0x184) returned 0x0 [0261.840] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7fff1f690000 [0261.840] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrRChrA") returned 0x7fff1f6a4dd0 [0261.840] StrRChrA (lpStart="C:\\Windows\\system32\\svchost.exe", lpEnd=0x0, wMatch=0x5c) returned="\\svchost.exe" [0261.841] _strupr (in: _String=0xbaa0602054 | out: _String="SVCHOST.EXE") returned="SVCHOST.EXE" [0261.841] lstrlenA (lpString="SVCHOST.EXE") returned 11 [0261.841] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x184 [0261.841] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x7fff1da90000 [0261.841] GetProcAddress (hModule=0x7fff1da90000, lpProcName="wsprintfA") returned 0x7fff1dab2610 [0261.841] wsprintfA (in: param_1=0xbaa0602260, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0261.841] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0261.841] lstrcpyA (in: lpString1=0xbaa06022a0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0261.841] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0261.841] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0261.841] lstrlenA (lpString="\\Vars") returned 5 [0261.841] lstrcpyA (in: lpString1=0xbaa0602300, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0261.841] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Vars" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars" [0261.841] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0261.841] lstrlenA (lpString="\\Files") returned 6 [0261.841] lstrcpyA (in: lpString1=0xbaa0602370, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0261.841] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Files" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files" [0261.841] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0261.841] lstrlenA (lpString="\\Run") returned 4 [0261.842] lstrcpyA (in: lpString1=0xbaa06023e0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0261.842] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Run" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run" [0261.842] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0261.842] lstrlenA (lpString="\\Config") returned 7 [0261.842] lstrcpyA (in: lpString1=0xbaa0602440, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0261.842] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Config" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config" [0261.842] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0261.842] lstrlenA (lpString="Local\\") returned 6 [0261.842] lstrcpyA (in: lpString1=0xbaa06024b0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.842] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0261.842] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0261.842] lstrlenA (lpString="Local\\") returned 6 [0261.842] lstrcpyA (in: lpString1=0xbaa06024f0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.842] lstrcatA (in: lpString1="Local\\", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0261.842] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0261.842] lstrlenA (lpString="Local\\") returned 6 [0261.842] lstrcpyA (in: lpString1=0xbaa0602530, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.842] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0261.842] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 38 [0261.842] lstrlenA (lpString="Local\\") returned 6 [0261.842] lstrcpyA (in: lpString1=0xbaa0602570, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.842] lstrcatA (in: lpString1="Local\\", lpString2="{62D813F7-59FC-E439-F3B6-9D58D74A210C}" | out: lpString1="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}" [0261.842] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{FB999B87-1EC7-E503-005F-32E93403862D}") returned 38 [0261.842] lstrlenA (lpString="Local\\") returned 6 [0261.842] lstrcpyA (in: lpString1=0xbaa06025b0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.842] lstrcatA (in: lpString1="Local\\", lpString2="{FB999B87-1EC7-E503-005F-32E93403862D}" | out: lpString1="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}" [0261.842] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 38 [0261.843] lstrlenA (lpString="Local\\") returned 6 [0261.843] lstrcpyA (in: lpString1=0xbaa06025f0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.843] lstrcatA (in: lpString1="Local\\", lpString2="{A8435A97-E752-1A33-B15C-0BEE75506F02}" | out: lpString1="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}" [0261.843] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned 38 [0261.843] lstrlenA (lpString="Local\\") returned 6 [0261.843] lstrcpyA (in: lpString1=0xbaa0602630, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.843] lstrcatA (in: lpString1="Local\\", lpString2="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" | out: lpString1="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" [0261.843] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{BEE2402B-052B-A020-7FD2-09D423264D48}") returned 38 [0261.843] lstrlenA (lpString="Local\\") returned 6 [0261.843] lstrcpyA (in: lpString1=0xbaa0602670, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.843] lstrcatA (in: lpString1="Local\\", lpString2="{BEE2402B-052B-A020-7FD2-09D423264D48}" | out: lpString1="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}") returned="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}" [0261.843] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned 38 [0261.843] lstrlenA (lpString="\\\\.\\pipe\\") returned 9 [0261.843] lstrcpyA (in: lpString1=0xbaa06026b0, lpString2="\\\\.\\pipe\\" | out: lpString1="\\\\.\\pipe\\") returned="\\\\.\\pipe\\" [0261.843] lstrcatA (in: lpString1="\\\\.\\pipe\\", lpString2="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" | out: lpString1="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" [0261.843] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned 38 [0261.843] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0261.843] lstrcpyA (in: lpString1=0xbaa06026f0, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0261.843] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{24A75F92-33C8-F66F-DD98-178A614C3B5E}" | out: lpString1="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}" [0261.843] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned 38 [0261.843] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0261.843] lstrcpyA (in: lpString1=0xbaa0602740, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0261.843] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{25E2F79F-402D-9FBF-7229-7443C66DE827}" | out: lpString1="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}" [0261.843] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned 38 [0261.843] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0261.843] lstrcpyA (in: lpString1=0xbaa0602790, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0261.844] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" | out: lpString1="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" [0261.844] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 38 [0261.844] lstrlenA (lpString="Local\\") returned 6 [0261.844] lstrcpyA (in: lpString1=0xbaa06027e0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.844] lstrcatA (in: lpString1="Local\\", lpString2="{53667D0F-9637-FD89-3837-2A81EC5BFE45}" | out: lpString1="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}" [0261.844] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 38 [0261.844] lstrlenA (lpString="Local\\") returned 6 [0261.844] lstrcpyA (in: lpString1=0xbaa0602820, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.844] lstrcatA (in: lpString1="Local\\", lpString2="{E089BDC1-BF33-12AE-4914-63668D8847FA}" | out: lpString1="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}" [0261.844] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 38 [0261.844] lstrlenA (lpString="Local\\") returned 6 [0261.844] lstrcpyA (in: lpString1=0xbaa0602860, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.844] lstrcatA (in: lpString1="Local\\", lpString2="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" | out: lpString1="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0261.844] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned 38 [0261.844] lstrlenA (lpString="Local\\") returned 6 [0261.844] lstrcpyA (in: lpString1=0xbaa06028a0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0261.844] lstrcatA (in: lpString1="Local\\", lpString2="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" | out: lpString1="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" [0261.844] wsprintfA (in: param_1=0xbaa0602260, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{CA459827-A1FA-8CD3-7B9E-6580DFB269B4}") returned 38 [0261.844] lstrcatA (in: lpString1="", lpString2="{CA459827-A1FA-8CD3-7B9E-6580DFB269B4}" | out: lpString1="{CA459827-A1FA-8CD3-7B9E-6580DFB269B4}") returned="{CA459827-A1FA-8CD3-7B9E-6580DFB269B4}" [0261.844] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0x63c4bc) returned 0xba9e915660 [0261.844] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="{CA459827-A1FA-8CD3-7B9E-6580DFB269B4}") returned 0x188 [0261.845] GetLastError () returned 0x0 [0261.845] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegOpenKeyA") returned 0x7fff1f7bb9e0 [0261.845] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0xba9e6df9b0 | out: phkResult=0xba9e6df9b0*=0x190) returned 0x0 [0261.845] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegQueryValueExA") returned 0x7fff1f7b7dd0 [0261.845] RegQueryValueExA (in: hKey=0x190, lpValueName="Ini", lpReserved=0x0, lpType=0xba9e6df930, lpData=0x0, lpcbData=0xba9e6df9a8*=0x68d018 | out: lpType=0xba9e6df930*=0x0, lpData=0x0, lpcbData=0xba9e6df9a8*=0x0) returned 0x2 [0261.845] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegCloseKey") returned 0x7fff1f7b72e0 [0261.845] RegCloseKey (hKey=0x190) returned 0x0 [0261.845] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrToIntExA") returned 0x7fff1f6a4e70 [0261.845] StrToIntExA (in: pszString="40", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.845] StrToIntExA (in: pszString="1200", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.845] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.845] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.845] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.845] StrToIntExA (in: pszString="10", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.845] StrToIntExA (in: pszString="1000", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.846] StrToIntExA (in: pszString="12", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.846] StrToIntExA (in: pszString="60", dwFlags=0x0, piRet=0xba9e6df9a8 | out: piRet=0xba9e6df9a8) returned 1 [0261.846] lstrlenA (lpString="CBA16FFC891E31A5") returned 16 [0261.846] lstrlenA (lpString="makarcheck.com niperola.com") returned 27 [0261.846] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrChrA") returned 0x7fff1f6a4cc0 [0261.846] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0261.846] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0261.846] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrTrimA") returned 0x7fff1f6a4e80 [0261.846] StrTrimA (in: psz="makarcheck.com niperola.com", pszTrimChars=" \x09" | out: psz="makarcheck.com niperola.com") returned 0 [0261.846] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0261.846] StrTrimA (in: psz="niperola.com", pszTrimChars=" \x09" | out: psz="niperola.com") returned 0 [0261.846] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0261.846] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0261.846] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7fff1f900000 [0261.846] GetModuleHandleA (lpModuleName="kernelbase") returned 0x7fff1cdf0000 [0261.847] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="GetUserNameA") returned 0x7fff1f7cec40 [0261.847] GetUserNameA (in: lpBuffer=0x0, pcbBuffer=0xba9e6dfa68 | out: lpBuffer=0x0, pcbBuffer=0xba9e6dfa68) returned 0 [0261.911] GetUserNameA (in: lpBuffer=0xbaa0602a70, pcbBuffer=0xba9e6dfa68 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0xba9e6dfa68) returned 1 [0261.911] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7fff1f900000 [0261.911] lstrlenA (lpString="A_SHAFinal") returned 10 [0261.911] lstrlenA (lpString="A_SHAInit") returned 9 [0261.911] lstrlenA (lpString="A_SHAUpdate") returned 11 [0261.911] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0261.912] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0261.912] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0261.912] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0261.912] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0261.912] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0261.912] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0261.912] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0261.912] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0261.912] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0261.912] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0261.912] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0261.912] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0261.912] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0261.912] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0261.912] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0261.912] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0261.912] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0261.912] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0261.912] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0261.912] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0261.912] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0261.912] lstrlenA (lpString="CsrClientCallServer") returned 19 [0261.912] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0261.912] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0261.912] lstrlenA (lpString="CsrGetProcessId") returned 15 [0261.912] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0261.912] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0261.912] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0261.912] lstrlenA (lpString="DbgBreakPoint") returned 13 [0261.912] lstrlenA (lpString="DbgPrint") returned 8 [0261.912] lstrlenA (lpString="DbgPrintEx") returned 10 [0261.912] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0261.912] lstrlenA (lpString="DbgPrompt") returned 9 [0261.912] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0261.912] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0261.912] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0261.912] lstrlenA (lpString="DbgUiContinue") returned 13 [0261.912] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0261.912] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0261.912] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0261.912] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0261.912] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0261.912] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0261.912] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0261.913] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0261.913] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0261.913] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0261.913] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0261.913] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0261.913] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0261.913] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0261.913] lstrlenA (lpString="EtwEventEnabled") returned 15 [0261.913] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0261.913] lstrlenA (lpString="EtwEventRegister") returned 16 [0261.913] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0261.913] lstrlenA (lpString="EtwEventUnregister") returned 18 [0261.913] lstrlenA (lpString="EtwEventWrite") returned 13 [0261.913] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0261.913] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0261.913] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0261.913] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0261.913] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0261.913] lstrlenA (lpString="EtwEventWriteString") returned 19 [0261.913] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0261.913] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0261.913] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0261.913] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0261.913] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0261.913] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0261.913] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0261.913] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0261.913] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0261.913] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0261.913] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0261.913] lstrlenA (lpString="EtwReplyNotification") returned 20 [0261.913] lstrlenA (lpString="EtwSendNotification") returned 19 [0261.913] lstrlenA (lpString="EtwSetMark") returned 10 [0261.913] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0261.913] lstrlenA (lpString="EtwTraceMessage") returned 15 [0261.913] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0261.913] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0261.913] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0261.913] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0261.913] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0261.913] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0261.913] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0261.913] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0261.913] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0261.913] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0261.913] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0261.913] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0261.914] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0261.914] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0261.914] lstrlenA (lpString="KiUserInvertedFunctionTable") returned 27 [0261.914] lstrlenA (lpString="LdrAccessResource") returned 17 [0261.914] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0261.914] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0261.914] lstrlenA (lpString="LdrAddRefDll") returned 12 [0261.914] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0261.914] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0261.914] lstrlenA (lpString="LdrEnumResources") returned 16 [0261.914] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0261.914] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0261.914] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0261.914] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0261.914] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0261.914] lstrlenA (lpString="LdrFindResource_U") returned 17 [0261.914] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0261.914] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0261.914] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0261.914] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0261.914] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0261.914] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0261.914] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0261.914] lstrlenA (lpString="LdrGetDllPath") returned 13 [0261.914] lstrlenA (lpString="LdrGetFailureData") returned 17 [0261.914] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0261.914] lstrlenA (lpString="LdrGetKnownDllSectionHandle") returned 27 [0261.914] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0261.914] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0261.914] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0261.914] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0261.914] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0261.914] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0261.914] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0261.914] lstrlenA (lpString="LdrLoadDll") returned 10 [0261.914] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0261.914] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0261.914] lstrlenA (lpString="LdrProcessInitializationComplete") returned 32 [0261.914] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0261.914] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0261.914] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0261.915] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0261.915] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0261.915] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0261.915] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0261.915] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0261.915] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0261.915] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0261.915] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0261.915] lstrlenA (lpString="LdrResFindResource") returned 18 [0261.915] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0261.915] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0261.915] lstrlenA (lpString="LdrResRelease") returned 13 [0261.915] lstrlenA (lpString="LdrResSearchResource") returned 20 [0261.915] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0261.915] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0261.915] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0261.915] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0261.915] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0261.915] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0261.915] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0261.915] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0261.915] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0261.915] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0261.915] lstrlenA (lpString="LdrShutdownThread") returned 17 [0261.915] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0261.915] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0261.915] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0261.915] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0261.915] lstrlenA (lpString="LdrUnloadDll") returned 12 [0261.915] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0261.915] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0261.915] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0261.915] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0261.915] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0261.915] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0261.915] lstrlenA (lpString="MD4Final") returned 8 [0261.915] lstrlenA (lpString="MD4Init") returned 7 [0261.915] lstrlenA (lpString="MD4Update") returned 9 [0261.915] lstrlenA (lpString="MD5Final") returned 8 [0261.915] lstrlenA (lpString="MD5Init") returned 7 [0261.915] lstrlenA (lpString="MD5Update") returned 9 [0261.915] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0261.915] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0261.915] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0261.915] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0261.915] lstrlenA (lpString="NtAccessCheck") returned 13 [0261.916] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0261.916] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0261.916] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0261.916] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0261.916] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0261.916] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0261.916] lstrlenA (lpString="NtAddAtom") returned 9 [0261.916] lstrlenA (lpString="NtAddAtomEx") returned 11 [0261.916] lstrlenA (lpString="NtAddBootEntry") returned 14 [0261.916] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0261.916] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0261.916] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0261.916] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0261.916] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0261.916] lstrlenA (lpString="NtAlertThread") returned 13 [0261.916] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0261.916] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0261.916] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0261.916] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0261.916] lstrlenA (lpString="NtAllocateUuids") returned 15 [0261.916] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0261.916] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0261.916] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0261.916] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0261.916] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0261.916] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0261.916] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0261.916] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0261.916] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0261.916] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0261.916] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0261.916] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0261.916] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0261.916] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0261.916] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0261.916] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0261.916] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0261.916] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0261.916] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0261.916] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0261.916] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0261.917] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0261.917] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0261.917] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0261.917] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0261.917] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0261.917] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0261.917] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0261.917] lstrlenA (lpString="NtCallbackReturn") returned 16 [0261.917] lstrlenA (lpString="NtCancelIoFile") returned 14 [0261.917] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0261.917] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0261.917] lstrlenA (lpString="NtCancelTimer") returned 13 [0261.917] lstrlenA (lpString="NtCancelTimer2") returned 14 [0261.917] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0261.917] lstrlenA (lpString="NtClearEvent") returned 12 [0261.917] lstrlenA (lpString="NtClose") returned 7 [0261.917] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0261.917] lstrlenA (lpString="NtCommitComplete") returned 16 [0261.917] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0261.917] lstrlenA (lpString="NtCommitTransaction") returned 19 [0261.917] lstrlenA (lpString="NtCompactKeys") returned 13 [0261.917] lstrlenA (lpString="NtCompareObjects") returned 16 [0261.917] lstrlenA (lpString="NtCompareTokens") returned 15 [0261.917] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0261.917] lstrlenA (lpString="NtCompressKey") returned 13 [0261.917] lstrlenA (lpString="NtConnectPort") returned 13 [0261.922] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7fff1f7a0000 [0261.922] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0261.923] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessW") returned -1 [0261.925] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessW") returned -1 [0261.926] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="Beep", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessW") returned -1 [0261.927] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessW") returned -1 [0261.928] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessW") returned -1 [0261.929] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessW") returned -1 [0261.930] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessW") returned -1 [0261.940] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateProcessInternalA", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateProcessInternalW", lpString2="CreateProcessW") returned -1 [0261.941] lstrcmpA (lpString1="CreateProcessW", lpString2="CreateProcessW") returned 0 [0261.941] VirtualProtect (in: lpAddress=0x7fff1f8db780, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x2) returned 1 [0261.941] VirtualProtect (in: lpAddress=0x7fff1f8c3a00, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x20) returned 1 [0261.942] VirtualProtect (in: lpAddress=0x7fff1f8c3a00, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x40) returned 1 [0261.942] VirtualProtect (in: lpAddress=0x7fff1f8db780, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x40) returned 1 [0261.942] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df840, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df840, ReturnLength=0x0) returned 0x0 [0261.942] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0261.942] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessA") returned -1 [0261.942] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessA") returned -1 [0261.943] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessA") returned -1 [0261.944] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="Beep", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessA") returned -1 [0261.945] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessA") returned -1 [0261.946] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessA") returned -1 [0261.947] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessA") returned -1 [0261.948] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessA") returned -1 [0261.949] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessA") returned -1 [0261.949] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessA") returned -1 [0261.949] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessA") returned -1 [0261.949] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessA") returned -1 [0261.949] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessA") returned -1 [0261.949] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessA") returned 0 [0261.949] VirtualProtect (in: lpAddress=0x7fff1f8db76c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x2) returned 1 [0261.949] VirtualProtect (in: lpAddress=0x7fff1f8c3a0e, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x20) returned 1 [0261.949] VirtualProtect (in: lpAddress=0x7fff1f8c3a0e, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x40) returned 1 [0261.949] VirtualProtect (in: lpAddress=0x7fff1f8db76c, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x40) returned 1 [0261.949] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df840, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df840, ReturnLength=0x0) returned 0x0 [0261.949] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0261.949] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessAsUserW") returned -1 [0261.949] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0261.950] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0261.951] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="Beep", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessAsUserW") returned -1 [0261.952] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessAsUserW") returned -1 [0261.953] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessAsUserW") returned -1 [0261.954] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserW") returned -1 [0261.955] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessAsUserW") returned 0 [0261.955] VirtualProtect (in: lpAddress=0x7fff1f8db774, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x2) returned 1 [0261.956] VirtualProtect (in: lpAddress=0x7fff1f8c3a1c, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x20) returned 1 [0261.956] VirtualProtect (in: lpAddress=0x7fff1f8c3a1c, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x40) returned 1 [0261.956] VirtualProtect (in: lpAddress=0x7fff1f8db774, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x40) returned 1 [0261.956] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df840, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df840, ReturnLength=0x0) returned 0x0 [0261.956] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7fff1f7a0000 [0261.956] lstrcmpA (lpString1="A_SHAFinal", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="A_SHAInit", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="A_SHAUpdate", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AbortSystemShutdownA", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AbortSystemShutdownW", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AccessCheck", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AccessCheckAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AccessCheckByType", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0261.956] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddConditionalAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddMandatoryAce", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddUsersToEncryptedFile", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AddUsersToEncryptedFileEx", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditComputeEffectivePolicyBySid", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditComputeEffectivePolicyByToken", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditEnumerateCategories", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditEnumeratePerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditEnumerateSubCategories", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditFree", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditLookupCategoryGuidFromCategoryId", lpString2="CreateProcessAsUserA") returned -1 [0261.957] lstrcmpA (lpString1="AuditLookupCategoryIdFromCategoryGuid", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditLookupCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditLookupCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditLookupSubCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditLookupSubCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditQueryGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditQueryGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditQueryPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditQuerySecurity", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditQuerySystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditSetGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditSetGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditSetPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditSetSecurity", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="AuditSetSystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BackupEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BackupEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegCloseKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegCreateKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegDeleteKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegDeleteValue", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegFlushKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegGetVersion", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegOpenKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegRestoreKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegSaveKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegSetKeySecurity", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegSetValue", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BaseRegUnLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BuildExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BuildExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0261.958] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildImpersonateTrusteeA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildImpersonateTrusteeW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithSidA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="BuildTrusteeWithSidW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CancelOverlappedAccess", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ChangeServiceConfig2A", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ChangeServiceConfig2W", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ChangeServiceConfigA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ChangeServiceConfigW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CheckForHiberboot", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CheckTokenMembership", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ClearEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ClearEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CloseCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CloseEncryptedFileRaw", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CloseEventLog", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CloseServiceHandle", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CloseThreadWaitChainSession", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CloseTrace", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="CommandLineFromMsiDescriptor", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ComputeAccessTokenFromCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ControlService", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ControlServiceExA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ControlServiceExW", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ControlTraceA", lpString2="CreateProcessAsUserA") returned -1 [0261.959] lstrcmpA (lpString1="ControlTraceW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSDToStringSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSidToStringSidA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertSidToStringSidW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSDToSDDomainA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSDToSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSidToSidA", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertStringSidToSidW", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="CopySid", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="CreateCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="CreateProcessAsUserA") returned -1 [0261.960] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserA") returned 0 [0261.960] VirtualProtect (in: lpAddress=0x7fff1f82ba88, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x2) returned 1 [0261.961] VirtualProtect (in: lpAddress=0x7fff1f803800, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x20) returned 1 [0261.961] VirtualProtect (in: lpAddress=0x7fff1f803800, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0xba9e6df8a0 | out: lpflOldProtect=0xba9e6df8a0*=0x40) returned 1 [0261.961] VirtualProtect (in: lpAddress=0x7fff1f82ba88, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0xba9e6df8a8 | out: lpflOldProtect=0xba9e6df8a8*=0x40) returned 1 [0261.962] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df840, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df840, ReturnLength=0x0) returned 0x0 [0261.962] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x7fff1d3e0000 [0261.964] GetProcAddress (hModule=0x7fff1d3e0000, lpProcName="EnumProcessModules") returned 0x7fff1d3e1040 [0261.964] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xbaa0603d20, cb=0x1000, lpcbNeeded=0xba9e6df948 | out: lphModule=0xbaa0603d20, lpcbNeeded=0xba9e6df948) returned 1 [0261.964] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff6e3230000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7ff6e3230000, AllocationBase=0x7ff6e3230000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.964] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.964] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessW") returned -1 [0261.964] lstrcmpiA (lpString1="exit", lpString2="CreateProcessW") returned 1 [0261.964] lstrcmpiA (lpString1="_initterm_e", lpString2="CreateProcessW") returned -1 [0261.964] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessW") returned -1 [0261.964] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessW") returned 1 [0261.964] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="SetProcessAffinityUpdateMode", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="SetErrorMode", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RegisterServiceCtrlHandlerW", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="StartServiceCtrlDispatcherW", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="SetServiceStatus", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessW") returned -1 [0261.965] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessW") returned -1 [0261.965] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RegDisablePredefinedCacheEx", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RegQueryValueExW", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessW") returned 1 [0261.965] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="GetCommandLineW", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessW") returned -1 [0261.966] lstrcmpiA (lpString1="WideCharToMultiByte", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcMgmtStopServerListening", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="I_RpcServerDisableExceptionFilter", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcServerRegisterIf", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcServerUnregisterIfEx", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcServerListen", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcServerUseProtseqEpW", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcServerUnregisterIf", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcMgmtSetServerStackSize", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="RpcMgmtWaitServerListen", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="HeapAlloc", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="HeapFree", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="GetProcessHeap", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="HeapSetInformation", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="LCMapStringW", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="GetTokenInformation", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="SetSecurityDescriptorGroup", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="GetLengthSid", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessW") returned -1 [0261.966] lstrcmpiA (lpString1="InitializeSecurityDescriptor", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="SetSecurityDescriptorOwner", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="InitializeAcl", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="SetSecurityDescriptorDacl", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="LocalAlloc", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="LocalFree", lpString2="CreateProcessW") returned 1 [0261.966] lstrcmpiA (lpString1="CloseHandle", lpString2="CreateProcessW") returned -1 [0261.966] lstrcmpiA (lpString1="CreateActCtxW", lpString2="CreateProcessW") returned -1 [0261.966] lstrcmpiA (lpString1="ActivateActCtx", lpString2="CreateProcessW") returned -1 [0261.967] lstrcmpiA (lpString1="DeactivateActCtx", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="ReleaseActCtx", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RegisterWaitForSingleObjectEx", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="EtwEventWrite", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="EtwEventEnabled", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="EtwEventRegister", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlUnhandledExceptionFilter", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="NtSetInformationProcess", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlSetProcessIsCritical", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlInitializeCriticalSection", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlSubAuthoritySid", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlLengthRequiredSid", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlFreeHeap", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlCopySid", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlAllocateHeap", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlInitializeSid", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlSubAuthorityCountSid", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="RtlImageNtHeader", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="DelayLoadFailureHook", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="ResolveDelayLoadedAPI", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessW") returned 1 [0261.967] lstrcmpiA (lpString1="CoCreateInstance", lpString2="CreateProcessW") returned -1 [0261.967] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="CreateProcessW") returned -1 [0261.967] lstrcmpiA (lpString1="CoInitializeEx", lpString2="CreateProcessW") returned -1 [0261.967] lstrcmpiA (lpString1="CLSIDFromString", lpString2="CreateProcessW") returned -1 [0261.967] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessA") returned -1 [0261.967] lstrcmpiA (lpString1="exit", lpString2="CreateProcessA") returned 1 [0261.967] lstrcmpiA (lpString1="_initterm_e", lpString2="CreateProcessA") returned -1 [0261.967] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessA") returned -1 [0261.967] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessA") returned 1 [0261.967] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="SetProcessAffinityUpdateMode", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="SetErrorMode", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RegisterServiceCtrlHandlerW", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="StartServiceCtrlDispatcherW", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="SetServiceStatus", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessA") returned -1 [0261.968] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessA") returned -1 [0261.968] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RegDisablePredefinedCacheEx", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RegQueryValueExW", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessA") returned 1 [0261.968] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="GetCommandLineW", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessA") returned -1 [0261.969] lstrcmpiA (lpString1="WideCharToMultiByte", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcMgmtStopServerListening", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="I_RpcServerDisableExceptionFilter", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcServerRegisterIf", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcServerUnregisterIfEx", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcServerListen", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcServerUseProtseqEpW", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcServerUnregisterIf", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcMgmtSetServerStackSize", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="RpcMgmtWaitServerListen", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="HeapAlloc", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="HeapFree", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="GetProcessHeap", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="HeapSetInformation", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="LCMapStringW", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="GetTokenInformation", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="SetSecurityDescriptorGroup", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="GetLengthSid", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessA") returned -1 [0261.969] lstrcmpiA (lpString1="InitializeSecurityDescriptor", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="SetSecurityDescriptorOwner", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="InitializeAcl", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="SetSecurityDescriptorDacl", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="LocalAlloc", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="LocalFree", lpString2="CreateProcessA") returned 1 [0261.969] lstrcmpiA (lpString1="CloseHandle", lpString2="CreateProcessA") returned -1 [0261.969] lstrcmpiA (lpString1="CreateActCtxW", lpString2="CreateProcessA") returned -1 [0261.969] lstrcmpiA (lpString1="ActivateActCtx", lpString2="CreateProcessA") returned -1 [0261.970] lstrcmpiA (lpString1="DeactivateActCtx", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="ReleaseActCtx", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RegisterWaitForSingleObjectEx", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="EtwEventWrite", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="EtwEventEnabled", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="EtwEventRegister", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlUnhandledExceptionFilter", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="NtSetInformationProcess", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlSetProcessIsCritical", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlInitializeCriticalSection", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlSubAuthoritySid", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlLengthRequiredSid", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlFreeHeap", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlCopySid", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlAllocateHeap", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlInitializeSid", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlSubAuthorityCountSid", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="RtlImageNtHeader", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="DelayLoadFailureHook", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="ResolveDelayLoadedAPI", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessA") returned 1 [0261.970] lstrcmpiA (lpString1="CoCreateInstance", lpString2="CreateProcessA") returned -1 [0261.970] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="CreateProcessA") returned -1 [0261.970] lstrcmpiA (lpString1="CoInitializeEx", lpString2="CreateProcessA") returned -1 [0261.970] lstrcmpiA (lpString1="CLSIDFromString", lpString2="CreateProcessA") returned -1 [0261.970] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessAsUserW") returned -1 [0261.970] lstrcmpiA (lpString1="exit", lpString2="CreateProcessAsUserW") returned 1 [0261.970] lstrcmpiA (lpString1="_initterm_e", lpString2="CreateProcessAsUserW") returned -1 [0261.970] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessAsUserW") returned -1 [0261.970] lstrcmpiA (lpString1="QueryPerformanceCounter", lpString2="CreateProcessAsUserW") returned 1 [0261.970] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessAsUserW") returned 1 [0261.970] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="SetProcessAffinityUpdateMode", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="GetTickCount", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="GetLastError", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="SetErrorMode", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegisterServiceCtrlHandlerW", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="StartServiceCtrlDispatcherW", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="SetServiceStatus", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserW") returned -1 [0261.971] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserW") returned -1 [0261.971] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegCloseKey", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegDisablePredefinedCacheEx", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegQueryValueExW", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegOpenKeyExW", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegGetValueW", lpString2="CreateProcessAsUserW") returned 1 [0261.971] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="ExpandEnvironmentStringsW", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="GetCommandLineW", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserW") returned -1 [0261.972] lstrcmpiA (lpString1="WideCharToMultiByte", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcMgmtStopServerListening", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="I_RpcServerDisableExceptionFilter", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcServerRegisterIf", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcServerUnregisterIfEx", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcServerListen", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="I_RpcMapWin32Status", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcServerUseProtseqEpW", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcServerUnregisterIf", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcMgmtSetServerStackSize", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="RpcMgmtWaitServerListen", lpString2="CreateProcessAsUserW") returned 1 [0261.972] lstrcmpiA (lpString1="HeapAlloc", lpString2="CreateProcessAsUserW") returned 1 [0261.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f900000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1f900000, AllocationBase=0x7fff1f900000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f850000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1f850000, AllocationBase=0x7fff1f850000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cdf0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1cdf0000, AllocationBase=0x7fff1cdf0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.972] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.972] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d600000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d600000, AllocationBase=0x7fff1d600000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.973] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d8f0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d8f0000, AllocationBase=0x7fff1d8f0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.973] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab70000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1ab70000, AllocationBase=0x7fff1ab70000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.974] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f700000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1f700000, AllocationBase=0x7fff1f700000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xba)) returned 0x30 [0261.974] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.974] VirtualProtect (in: lpAddress=0x7fff1f775428, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.974] VirtualProtect (in: lpAddress=0x7fff1f775428, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.975] VirtualProtect (in: lpAddress=0x7fff1f775420, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.975] VirtualProtect (in: lpAddress=0x7fff1f775420, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.975] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d080000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d080000, AllocationBase=0x7fff1d080000, AllocationProtect=0x80, __alignment1=0xba, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0261.975] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f500000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1f500000, AllocationBase=0x7fff1f500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.976] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da90000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1da90000, AllocationBase=0x7fff1da90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.976] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.977] VirtualProtect (in: lpAddress=0x7fff1db19728, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.977] VirtualProtect (in: lpAddress=0x7fff1db19728, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.986] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3f0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d3f0000, AllocationBase=0x7fff1d3f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0261.986] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.986] VirtualProtect (in: lpAddress=0x7fff1d4b3020, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.986] VirtualProtect (in: lpAddress=0x7fff1d4b3020, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.987] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab40000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1ab40000, AllocationBase=0x7fff1ab40000, AllocationProtect=0x80, __alignment1=0xba, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0261.987] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.987] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1df70000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1df70000, AllocationBase=0x7fff1df70000, AllocationProtect=0x80, __alignment1=0xba, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0261.988] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.988] VirtualProtect (in: lpAddress=0x7fff1e5563b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.988] VirtualProtect (in: lpAddress=0x7fff1e5563b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.989] VirtualProtect (in: lpAddress=0x7fff1e5563e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.989] VirtualProtect (in: lpAddress=0x7fff1e5563e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.990] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c760000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1c760000, AllocationBase=0x7fff1c760000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.990] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.990] VirtualProtect (in: lpAddress=0x7fff1cc02758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.990] VirtualProtect (in: lpAddress=0x7fff1cc02758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.991] VirtualProtect (in: lpAddress=0x7fff1cc026b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.991] VirtualProtect (in: lpAddress=0x7fff1cc026b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.992] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f690000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1f690000, AllocationBase=0x7fff1f690000, AllocationProtect=0x80, __alignment1=0xba, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0261.992] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.992] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3c0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1c3c0000, AllocationBase=0x7fff1c3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.993] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.993] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c420000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1c420000, AllocationBase=0x7fff1c420000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.993] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.994] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c350000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1c350000, AllocationBase=0x7fff1c350000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.994] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.994] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3a0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1c3a0000, AllocationBase=0x7fff1c3a0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.994] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.995] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12050000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff12050000, AllocationBase=0x7fff12050000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.995] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.995] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ceb0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff0ceb0000, AllocationBase=0x7fff0ceb0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.995] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.996] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12160000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff12160000, AllocationBase=0x7fff12160000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.996] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.996] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ce80000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff0ce80000, AllocationBase=0x7fff0ce80000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.996] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.997] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3d0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1c3d0000, AllocationBase=0x7fff1c3d0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.997] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.997] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aca0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1aca0000, AllocationBase=0x7fff1aca0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.997] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.998] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d730000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d730000, AllocationBase=0x7fff1d730000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.998] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.998] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d790000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d790000, AllocationBase=0x7fff1d790000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.998] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0261.998] VirtualProtect (in: lpAddress=0x7fff1d871820, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x2) returned 1 [0261.999] VirtualProtect (in: lpAddress=0x7fff1d871820, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0xba9e6df890 | out: lpflOldProtect=0xba9e6df890*=0x40) returned 1 [0261.999] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bf50000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1bf50000, AllocationBase=0x7fff1bf50000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0261.999] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0262.000] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3e0000, lpBuffer=0xba9e6df950, dwLength=0x30 | out: lpBuffer=0xba9e6df950*(BaseAddress=0x7fff1d3e0000, AllocationBase=0x7fff1d3e0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.000] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0xba9e6df890, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0xba9e6df890, ReturnLength=0x0) returned 0x0 [0262.000] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xbaa0603d20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0262.000] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrStrIW") returned 0x7fff1f69b260 [0262.000] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="electrum-") returned 0x0 [0262.000] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="bitcoin") returned 0x0 [0262.000] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="multibit-hd") returned 0x0 [0262.000] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="bither") returned 0x0 [0262.000] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="msigna.") returned 0x0 [0262.001] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="Jaxx.") returned 0x0 [0262.001] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="JEdudus.") returned 0x0 [0262.001] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="armory-") returned 0x0 [0262.001] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="veracrypt") returned 0x0 [0262.001] StrStrIW (lpFirst="C:\\Windows\\system32\\svchost.exe", lpSrch="truecrypt") returned 0x0 [0262.001] GetProcAddress (hModule=0x7fff1da90000, lpProcName="GetShellWindow") returned 0x7fff1dab4060 [0262.001] GetShellWindow () returned 0x100de [0262.001] GetProcAddress (hModule=0x7fff1da90000, lpProcName="GetWindowThreadProcessId") returned 0x7fff1daa4040 [0262.001] GetWindowThreadProcessId (in: hWnd=0x100de, lpdwProcessId=0xba9e6df9a0 | out: lpdwProcessId=0xba9e6df9a0) returned 0x664 [0262.002] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x568) returned 0x1a0 [0262.002] IsWow64Process (in: hProcess=0x1a0, Wow64Process=0xba9e6df910 | out: Wow64Process=0xba9e6df910) returned 1 [0262.002] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7fff1f900000 [0262.002] GetProcAddress (hModule=0x7fff1f900000, lpProcName="RtlExitUserThread") returned 0x7fff1f909fa0 [0262.002] CreateRemoteThread (in: hProcess=0x1a0, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7fff1f909fa0, lpParameter=0x0, dwCreationFlags=0x4, lpThreadId=0xba9e6df954 | out: lpThreadId=0xba9e6df954*=0x94c) returned 0x1a4 [0262.007] IsWow64Process (in: hProcess=0x1a0, Wow64Process=0xba9e6df3c0 | out: Wow64Process=0xba9e6df3c0) returned 1 [0262.007] NtReadVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x7fff1f909fa0, Buffer=0xba9e6df918, NumberOfBytesToRead=0x4, NumberOfBytesRead=0xba9e6df3e0 | out: Buffer=0xba9e6df918*, NumberOfBytesRead=0xba9e6df3e0*=0x4) returned 0x0 [0262.007] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7fff1f909fa0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xba9e6df910 | out: lpflOldProtect=0xba9e6df910*=0x20) returned 1 [0262.008] NtWriteVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x7fff1f909fa0, Buffer=0xba9e6df908*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0xba9e6df390 | out: Buffer=0xba9e6df908*, NumberOfBytesWritten=0xba9e6df390*=0x4) returned 0x0 [0262.043] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7fff1f909fa0, dwSize=0x4, flNewProtect=0x20, lpflOldProtect=0xba9e6df910 | out: lpflOldProtect=0xba9e6df910*=0x40) returned 1 [0262.043] ResumeThread (hThread=0x1a4) returned 0x1 [0262.149] Sleep (dwMilliseconds=0x64) [0262.260] SuspendThread (hThread=0x1a4) returned 0x0 [0262.260] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xba9e6df3f0 | out: Context=0xba9e6df3f0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x10000b, MxCsr=0x1f80, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x247, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0xfffe3f213f4, Rcx=0x0, Rdx=0x10004000000000, Rbx=0x7fff1f909fa0, Rsp=0x9b9fa58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x7fff1f909fa0, FltSave.ControlWord=0x27f, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x1f80, FltSave.MxCsr_Mask=0xffff, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0xd8, [129]=0x3, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x98, [137]=0xa6, [138]=0xd4, [139]=0xa0, [140]=0x0, [141]=0xd0, [142]=0xff, [143]=0xff, [144]=0xc0, [145]=0xc3, [146]=0x81, [147]=0xdb, [148]=0x1, [149]=0xe0, [150]=0xff, [151]=0xff, [152]=0x80, [153]=0x60, [154]=0x38, [155]=0xdb, [156]=0x1, [157]=0xe0, [158]=0xff, [159]=0xff, [160]=0x1, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x56, [169]=0xf6, [170]=0x36, [171]=0xcd, [172]=0x2, [173]=0xf8, [174]=0xff, [175]=0xff, [176]=0x56, [177]=0xc0, [178]=0x28, [179]=0xb9, [180]=0xf7, [181]=0x57, [182]=0xff, [183]=0xff, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x2, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0xdb81c3c0), FltSave.Cr0NpxState=0xffffe001, Header.Low=0x27f, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 0x0 [0262.260] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.260] NtCreateSection (in: SectionHandle=0xba9e6df2f0, DesiredAccess=0xf001f, ObjectAttributes=0xba9e6df330*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0xba9e6df300, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0xba9e6df2f0*=0x1a8) returned 0x0 [0262.261] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0xffffffffffffffff, BaseAddress=0xba9e6df2f8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0xba9e6df2b8*=0, ViewSize=0xba9e6df280*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xba9e6df2f8*=0xbaa0320000, SectionOffset=0xba9e6df2b8*=0, ViewSize=0xba9e6df280*=0x133000) returned 0x0 [0262.261] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.269] NtMapViewOfSection (in: SectionHandle=0x1a8, ProcessHandle=0x1a0, BaseAddress=0xba9e6df2e0*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0xba9e6df2b8*=0, ViewSize=0xba9e6df280*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0xba9e6df2e0*=0xb020000, SectionOffset=0xba9e6df2b8*=0, ViewSize=0xba9e6df280*=0x133000) returned 0x0 [0262.271] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.276] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7fff1f900000 [0262.276] GetModuleFileNameA (in: hModule=0x7fff1f900000, lpFilename=0xbaa0603f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0262.276] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrLoadDll") returned -1 [0262.276] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgPrint", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrLoadDll") returned -1 [0262.277] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0262.278] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetFailureData", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetFileNameFromLoadAsDataTable", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetKnownDllSectionHandle", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetProcedureAddress", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetProcedureAddressEx", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrGetProcedureAddressForCaller", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrInitShimEngineDynamic", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrInitializeThunk", lpString2="LdrLoadDll") returned -1 [0262.279] lstrcmpA (lpString1="LdrLoadAlternateResourceModule", lpString2="LdrLoadDll") returned -1 [0262.280] lstrcmpA (lpString1="LdrLoadAlternateResourceModuleEx", lpString2="LdrLoadDll") returned -1 [0262.280] lstrcmpA (lpString1="LdrLoadDll", lpString2="LdrLoadDll") returned 0 [0262.280] CreateFileA (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0262.280] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=1227984, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x12bcd0 [0262.280] ReadFile (in: hFile=0x1ac, lpBuffer=0xba9e6df280, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0xba9e6df2b8, lpOverlapped=0x0 | out: lpBuffer=0xba9e6df280*, lpNumberOfBytesRead=0xba9e6df2b8*=0x4, lpOverlapped=0x0) returned 1 [0262.282] CloseHandle (hObject=0x1ac) returned 1 [0262.282] GetModuleFileNameA (in: hModule=0x7fff1f900000, lpFilename=0xbaa0603f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0262.282] lstrcmpA (lpString1="A_SHAFinal", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="A_SHAInit", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="A_SHAUpdate", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcAdjustCompletionListConcurrencyCount", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcFreeCompletionListMessage", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcGetCompletionListLastMessageInformation", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcGetCompletionListMessageAttributes", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcGetHeaderSize", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcGetMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcGetMessageFromCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcGetOutstandingCompletionListMessageCount", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcInitializeMessageAttribute", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcMaxAllowedMessageLength", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcRegisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcRegisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcRundownCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcUnregisterCompletionList", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="AlpcUnregisterCompletionListWorkerThread", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="ApiSetQueryApiSetPresence", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrAllocateCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrAllocateMessagePointer", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrCaptureMessageBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrCaptureMessageMultiUnicodeStringsInPlace", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrCaptureMessageString", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrCaptureTimeout", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrClientCallServer", lpString2="LdrGetProcedureAddress") returned -1 [0262.282] lstrcmpA (lpString1="CsrClientConnectToServer", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="CsrFreeCaptureBuffer", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="CsrGetProcessId", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="CsrIdentifyAlertableThread", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="CsrSetPriorityClass", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="CsrVerifyRegion", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgPrint", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgPrintEx", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgPrintReturnControlC", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgPrompt", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgQueryDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgSetDebugFilterState", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiConnectToDbg", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiContinue", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiConvertStateChangeStructure", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiConvertStateChangeStructureEx", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiDebugActiveProcess", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiGetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiIssueRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiRemoteBreakin", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiSetThreadDebugObject", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiStopDebugging", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUiWaitStateChange", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="DbgUserBreakPoint", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwCreateTraceInstanceId", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwDeliverDataBlock", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEnumerateProcessRegGuids", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventActivityIdControl", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventProviderEnabled", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventRegister", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventSetInformation", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventWrite", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventWriteEndScenario", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventWriteEx", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventWriteFull", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventWriteNoRegistration", lpString2="LdrGetProcedureAddress") returned -1 [0262.283] lstrcmpA (lpString1="EtwEventWriteStartScenario", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwEventWriteString", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwEventWriteTransfer", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwGetTraceEnableFlags", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwGetTraceEnableLevel", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwGetTraceLoggerHandle", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwLogTraceEvent", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwNotificationRegister", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwNotificationUnregister", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwProcessPrivateLoggerRequest", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwRegisterSecurityProvider", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwRegisterTraceGuidsA", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwRegisterTraceGuidsW", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwReplyNotification", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwSendNotification", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwSetMark", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwTraceEventInstance", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwTraceMessage", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwTraceMessageVa", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwUnregisterTraceGuids", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwWriteUMSecurityEvent", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwpCreateEtwThread", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EtwpGetCpuSpeed", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EvtIntReportAuthzEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="EvtIntReportEventAndSourceAsync", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="ExpInterlockedPopEntrySListEnd", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="ExpInterlockedPopEntrySListFault", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="ExpInterlockedPopEntrySListResume", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="KiRaiseUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="KiUserApcDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="KiUserCallbackDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="KiUserExceptionDispatcher", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="KiUserInvertedFunctionTable", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="LdrAccessResource", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="LdrAddDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="LdrAddLoadAsDataTable", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="LdrAddRefDll", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="LdrAppxHandleIntegrityFailure", lpString2="LdrGetProcedureAddress") returned -1 [0262.284] lstrcmpA (lpString1="LdrDisableThreadCalloutsForDll", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrEnumResources", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrEnumerateLoadedModules", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrFastFailInLoaderCallout", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrFindEntryForAddress", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrFindResourceDirectory_U", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrFindResourceEx_U", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrFindResource_U", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrFlushAlternateResourceModules", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllDirectory", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllFullName", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllHandle", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllHandleByMapping", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllHandleByName", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllHandleEx", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] lstrcmpA (lpString1="LdrGetDllPath", lpString2="LdrGetProcedureAddress") returned -1 [0262.285] CreateFileA (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0262.285] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=1227956, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x12bcb4 [0262.285] ReadFile (in: hFile=0x1ac, lpBuffer=0xba9e6df280, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0xba9e6df2b8, lpOverlapped=0x0 | out: lpBuffer=0xba9e6df280*, lpNumberOfBytesRead=0xba9e6df2b8*=0x4, lpOverlapped=0x0) returned 1 [0262.285] CloseHandle (hObject=0x1ac) returned 1 [0262.285] GetModuleFileNameA (in: hModule=0x7fff1f900000, lpFilename=0xbaa0603f40, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0262.286] CreateFileA (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0262.286] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=1234820, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x12d784 [0262.286] ReadFile (in: hFile=0x1ac, lpBuffer=0xba9e6df280, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0xba9e6df2b8, lpOverlapped=0x0 | out: lpBuffer=0xba9e6df280*, lpNumberOfBytesRead=0xba9e6df2b8*=0x4, lpOverlapped=0x0) returned 1 [0262.287] CloseHandle (hObject=0x1ac) returned 1 [0262.287] NtAllocateVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0xba9e6ded60*=0x0, ZeroBits=0x0, RegionSize=0xba9e6ded68*=0x318, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0xba9e6ded60*=0x48c0000, RegionSize=0xba9e6ded68*=0x1000) returned 0x0 [0262.288] NtGetContextThread (in: ThreadHandle=0x1a4, Context=0xba9e6dedb0 | out: Context=0xba9e6dedb0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100003, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x247, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0xfffe3f213f4, Rcx=0x0, Rdx=0x10004000000000, Rbx=0x7fff1f909fa0, Rsp=0x9b9fa58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x7fff1f909fa0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 0x0 [0262.288] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.288] NtWriteVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x48c0000, Buffer=0xbaa0603f40*, NumberOfBytesToWrite=0x318, NumberOfBytesWritten=0xba9e6df2a0 | out: Buffer=0xbaa0603f40*, NumberOfBytesWritten=0xba9e6df2a0*=0x318) returned 0x0 [0262.289] NtSetContextThread (ThreadHandle=0x1a4, Context=0xba9e6dedb0*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100003, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x247, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x48c0000, Rcx=0x0, Rdx=0x10004000000000, Rbx=0x7fff1f909fa0, Rsp=0x9b9fa58, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x48c0218, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 0x0 [0262.289] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.289] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0xbaa0320000) returned 0x0 [0262.300] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.300] CloseHandle (hObject=0x1a8) returned 1 [0262.300] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7fff1f909fa0, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0xba9e6df910 | out: lpflOldProtect=0xba9e6df910*=0x20) returned 1 [0262.300] NtWriteVirtualMemory (in: ProcessHandle=0x1a0, BaseAddress=0x7fff1f909fa0, Buffer=0xba9e6df918*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0xba9e6df390 | out: Buffer=0xba9e6df918*, NumberOfBytesWritten=0xba9e6df390*=0x4) returned 0x0 [0262.302] VirtualProtectEx (in: hProcess=0x1a0, lpAddress=0x7fff1f909fa0, dwSize=0x4, flNewProtect=0x20, lpflOldProtect=0xba9e6df910 | out: lpflOldProtect=0xba9e6df910*=0x40) returned 1 [0262.302] ResumeThread (hThread=0x1a4) returned 0x1 [0262.400] CloseHandle (hObject=0x1a4) returned 1 [0262.400] CloseHandle (hObject=0x1a0) returned 1 [0262.400] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegCreateKeyA") returned 0x7fff1f7e6dc0 [0262.400] RegCreateKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0xba9e6df9b0 | out: phkResult=0xba9e6df9b0*=0x1a0) returned 0x0 [0262.400] RegQueryValueExA (in: hKey=0x1a0, lpValueName="Client", lpReserved=0x0, lpType=0xba9e6df9a8, lpData=0x686ba0, lpcbData=0xba9e6df9a0*=0x28 | out: lpType=0xba9e6df9a8*=0x3, lpData=0x686ba0*, lpcbData=0xba9e6df9a0*=0x28) returned 0x0 [0262.400] RegCloseKey (hKey=0x1a0) returned 0x0 [0262.400] wsprintfA (in: param_1=0xbaa0603d20, param_2="%08x%08x%08x%08x" | out: param_1="c5449c7a8bfcc0923b720af430d5cede") returned 32 [0262.400] GetComputerNameA (in: lpBuffer=0xba9e6df890, nSize=0xba9e6df9a0 | out: lpBuffer="LHNIWSJ", nSize=0xba9e6df9a0) returned 1 [0262.400] lstrlenA (lpString="LHNIWSJ") returned 7 [0262.400] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegOpenKeyExA") returned 0x7fff1f7b7d70 [0262.400] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0xba9e6df880 | out: phkResult=0xba9e6df880*=0x1a0) returned 0x0 [0262.400] RegQueryValueExA (in: hKey=0x1a0, lpValueName="ProductID", lpReserved=0x0, lpType=0x0, lpData=0xba9e6df890, lpcbData=0xba9e6df9a0*=0x100 | out: lpType=0x0, lpData=0xba9e6df890*=0x30, lpcbData=0xba9e6df9a0*=0x18) returned 0x0 [0262.401] lstrlenA (lpString="00330-80107-01105-AA992") returned 23 [0262.401] RegQueryValueExA (in: hKey=0x1a0, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0xba9e6df890, lpcbData=0xba9e6df9a0*=0x100 | out: lpType=0x0, lpData=0xba9e6df890*=0x57, lpcbData=0xba9e6df9a0*=0xf) returned 0x0 [0262.401] lstrlenA (lpString="Windows 10 Pro") returned 14 [0262.401] RegQueryValueExA (in: hKey=0x1a0, lpValueName="CurrentVersion", lpReserved=0x0, lpType=0x0, lpData=0xba9e6df890, lpcbData=0xba9e6df9a0*=0x100 | out: lpType=0x0, lpData=0xba9e6df890*=0x36, lpcbData=0xba9e6df9a0*=0x4) returned 0x0 [0262.401] lstrlenA (lpString="6.3") returned 3 [0262.401] RegQueryValueExA (in: hKey=0x1a0, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0xba9e6df888, lpcbData=0xba9e6df9a0*=0x4 | out: lpType=0x0, lpData=0xba9e6df888*=0x41, lpcbData=0xba9e6df9a0*=0x4) returned 0x0 [0262.401] RegCloseKey (hKey=0x1a0) returned 0x0 [0262.401] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0xba9e6df9b8, lpMaximumComponentLength=0xba9e6df9a0, lpFileSystemFlags=0xba9e6df9b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xba9e6df9b8*=0xd2ca4def, lpMaximumComponentLength=0xba9e6df9a0*=0xff, lpFileSystemFlags=0xba9e6df9b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1 [0262.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x63c5b8, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xba9e6dfa78 | out: lpThreadId=0xba9e6dfa78*=0x7b0) returned 0x1a0 [0262.401] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0xba9e6dfa08 | out: phkResult=0xba9e6dfa08*=0x1a4) returned 0x0 [0262.401] RegQueryValueExA (in: hKey=0x1a4, lpValueName="Scr", lpReserved=0x0, lpType=0xba9e6df970, lpData=0x0, lpcbData=0xba9e6dfa70*=0x68d018 | out: lpType=0xba9e6df970*=0x0, lpData=0x0, lpcbData=0xba9e6dfa70*=0x0) returned 0x2 [0262.401] RegCloseKey (hKey=0x1a4) returned 0x0 [0262.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x627ea4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xba9e6dfa78 | out: lpThreadId=0xba9e6dfa78*=0x798) returned 0x1a4 Thread: id = 94 os_tid = 0x790 Thread: id = 164 os_tid = 0x7b0 Thread: id = 165 os_tid = 0x798 Process: id = "10" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x4ac78000" os_pid = "0x568" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "9" os_parent_pid = "0xaf4" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "LHNIWSJ\\CIiHmnxMn6Ps" os_groups = "LHNIWSJ\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001a59e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2001 start_va = 0xfa0000 end_va = 0xfaffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 2002 start_va = 0xfb0000 end_va = 0xfb6fff entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2003 start_va = 0xfc0000 end_va = 0xfd3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fc0000" filename = "" Region: id = 2004 start_va = 0xfe0000 end_va = 0x105ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2005 start_va = 0x1060000 end_va = 0x1063fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001060000" filename = "" Region: id = 2006 start_va = 0x1070000 end_va = 0x1072fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001070000" filename = "" Region: id = 2007 start_va = 0x1080000 end_va = 0x1081fff entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 2008 start_va = 0x1090000 end_va = 0x114dfff entry_point = 0x1090000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2009 start_va = 0x1150000 end_va = 0x1156fff entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 2010 start_va = 0x1160000 end_va = 0x1167fff entry_point = 0x1160000 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 2011 start_va = 0x1170000 end_va = 0x1170fff entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 2012 start_va = 0x1180000 end_va = 0x1180fff entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 2013 start_va = 0x1190000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 2014 start_va = 0x11a0000 end_va = 0x11a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011a0000" filename = "" Region: id = 2015 start_va = 0x11b0000 end_va = 0x11b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011b0000" filename = "" Region: id = 2016 start_va = 0x11c0000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x00000000011c0000" filename = "" Region: id = 2017 start_va = 0x12c0000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 2018 start_va = 0x1340000 end_va = 0x14c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001340000" filename = "" Region: id = 2019 start_va = 0x14d0000 end_va = 0x1650fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000014d0000" filename = "" Region: id = 2020 start_va = 0x1660000 end_va = 0x2a5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001660000" filename = "" Region: id = 2021 start_va = 0x2a60000 end_va = 0x2a60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a60000" filename = "" Region: id = 2022 start_va = 0x2a70000 end_va = 0x2a70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a70000" filename = "" Region: id = 2023 start_va = 0x2a80000 end_va = 0x2a80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a80000" filename = "" Region: id = 2024 start_va = 0x2a90000 end_va = 0x2aa3fff entry_point = 0x2a90000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001d.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001d.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001d.db") Region: id = 2025 start_va = 0x2ab0000 end_va = 0x2ab3fff entry_point = 0x2ab0000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2026 start_va = 0x2ac0000 end_va = 0x2adbfff entry_point = 0x2ac0000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000035.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db") Region: id = 2027 start_va = 0x2ae0000 end_va = 0x2ae2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ae0000" filename = "" Region: id = 2028 start_va = 0x2af0000 end_va = 0x2afffff entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 2029 start_va = 0x2b00000 end_va = 0x2e36fff entry_point = 0x2b00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2030 start_va = 0x2e40000 end_va = 0x2ebffff entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 2031 start_va = 0x2ec0000 end_va = 0x2f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 2032 start_va = 0x2f40000 end_va = 0x2fbffff entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 2033 start_va = 0x2fc0000 end_va = 0x303ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 2034 start_va = 0x3040000 end_va = 0x30a0fff entry_point = 0x3040000 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 2035 start_va = 0x30b0000 end_va = 0x30b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030b0000" filename = "" Region: id = 2036 start_va = 0x30c0000 end_va = 0x30e9fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030c0000" filename = "" Region: id = 2037 start_va = 0x30f0000 end_va = 0x31cefff entry_point = 0x30f0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2038 start_va = 0x31d0000 end_va = 0x324ffff entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 2039 start_va = 0x3250000 end_va = 0x32cffff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 2040 start_va = 0x32d0000 end_va = 0x334ffff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 2041 start_va = 0x3350000 end_va = 0x3351fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003350000" filename = "" Region: id = 2042 start_va = 0x3360000 end_va = 0x3361fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003360000" filename = "" Region: id = 2043 start_va = 0x3370000 end_va = 0x3371fff entry_point = 0x3370000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 2044 start_va = 0x3380000 end_va = 0x3384fff entry_point = 0x3380000 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 2045 start_va = 0x3390000 end_va = 0x3447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003390000" filename = "" Region: id = 2046 start_va = 0x3450000 end_va = 0x3453fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003450000" filename = "" Region: id = 2047 start_va = 0x3460000 end_va = 0x355ffff entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 2048 start_va = 0x3560000 end_va = 0x365ffff entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 2049 start_va = 0x3660000 end_va = 0x3660fff entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 2050 start_va = 0x3670000 end_va = 0x46affff entry_point = 0x3670000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2051 start_va = 0x46b0000 end_va = 0x46b6fff entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 2052 start_va = 0x46c0000 end_va = 0x46c0fff entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 2053 start_va = 0x46d0000 end_va = 0x46d0fff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 2054 start_va = 0x46e0000 end_va = 0x46e0fff entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 2055 start_va = 0x46f0000 end_va = 0x476ffff entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 2056 start_va = 0x4770000 end_va = 0x4771fff entry_point = 0x0 region_type = private name = "private_0x0000000004770000" filename = "" Region: id = 2057 start_va = 0x4780000 end_va = 0x4780fff entry_point = 0x0 region_type = private name = "private_0x0000000004780000" filename = "" Region: id = 2058 start_va = 0x4790000 end_va = 0x4790fff entry_point = 0x0 region_type = private name = "private_0x0000000004790000" filename = "" Region: id = 2059 start_va = 0x47a0000 end_va = 0x47a0fff entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 2060 start_va = 0x47b0000 end_va = 0x47b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047b0000" filename = "" Region: id = 2061 start_va = 0x47c0000 end_va = 0x47c3fff entry_point = 0x47c0000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2062 start_va = 0x47d0000 end_va = 0x47d0fff entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 2063 start_va = 0x47e0000 end_va = 0x47e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047e0000" filename = "" Region: id = 2064 start_va = 0x47f0000 end_va = 0x47f0fff entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 2065 start_va = 0x4800000 end_va = 0x4802fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004800000" filename = "" Region: id = 2066 start_va = 0x4810000 end_va = 0x4848fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004810000" filename = "" Region: id = 2067 start_va = 0x4850000 end_va = 0x4852fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004850000" filename = "" Region: id = 2068 start_va = 0x4860000 end_va = 0x4860fff entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 2069 start_va = 0x4870000 end_va = 0x4870fff entry_point = 0x0 region_type = private name = "private_0x0000000004870000" filename = "" Region: id = 2070 start_va = 0x4880000 end_va = 0x4882fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004880000" filename = "" Region: id = 2071 start_va = 0x4890000 end_va = 0x48acfff entry_point = 0x4890000 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000036.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000036.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000036.db") Region: id = 2072 start_va = 0x48b0000 end_va = 0x48b1fff entry_point = 0x48b0000 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 2073 start_va = 0x48d0000 end_va = 0x48d0fff entry_point = 0x0 region_type = private name = "private_0x00000000048d0000" filename = "" Region: id = 2074 start_va = 0x48e0000 end_va = 0x48e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000048e0000" filename = "" Region: id = 2075 start_va = 0x48f0000 end_va = 0x48f1fff entry_point = 0x48f0000 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 2076 start_va = 0x4900000 end_va = 0x4902fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004900000" filename = "" Region: id = 2077 start_va = 0x4910000 end_va = 0x4913fff entry_point = 0x4910000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2078 start_va = 0x4920000 end_va = 0x4962fff entry_point = 0x4920000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db") Region: id = 2079 start_va = 0x4970000 end_va = 0x4973fff entry_point = 0x4970000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2080 start_va = 0x4980000 end_va = 0x4a0afff entry_point = 0x4980000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2081 start_va = 0x4a10000 end_va = 0x4a20fff entry_point = 0x4a10000 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 2082 start_va = 0x4a30000 end_va = 0x4aaffff entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 2083 start_va = 0x4ab0000 end_va = 0x4b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 2084 start_va = 0x4b30000 end_va = 0x4baffff entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 2085 start_va = 0x4bb0000 end_va = 0x4c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 2086 start_va = 0x4c30000 end_va = 0x542ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 2087 start_va = 0x5430000 end_va = 0x54affff entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Region: id = 2088 start_va = 0x54b0000 end_va = 0x54b0fff entry_point = 0x0 region_type = private name = "private_0x00000000054b0000" filename = "" Region: id = 2089 start_va = 0x54c0000 end_va = 0x553ffff entry_point = 0x0 region_type = private name = "private_0x00000000054c0000" filename = "" Region: id = 2090 start_va = 0x5540000 end_va = 0x5a31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005540000" filename = "" Region: id = 2091 start_va = 0x5a40000 end_va = 0x5a40fff entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 2092 start_va = 0x5a50000 end_va = 0x5acffff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 2093 start_va = 0x5ad0000 end_va = 0x5b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 2094 start_va = 0x5b50000 end_va = 0x5bcffff entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 2095 start_va = 0x5bd0000 end_va = 0x5c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 2096 start_va = 0x5c50000 end_va = 0x5ccffff entry_point = 0x0 region_type = private name = "private_0x0000000005c50000" filename = "" Region: id = 2097 start_va = 0x5cd0000 end_va = 0x5d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005cd0000" filename = "" Region: id = 2098 start_va = 0x5d50000 end_va = 0x5dcffff entry_point = 0x0 region_type = private name = "private_0x0000000005d50000" filename = "" Region: id = 2099 start_va = 0x5dd0000 end_va = 0x5e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 2100 start_va = 0x5e50000 end_va = 0x5ecffff entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 2101 start_va = 0x5ed0000 end_va = 0x5ed0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005ed0000" filename = "" Region: id = 2102 start_va = 0x5ee0000 end_va = 0x5ee0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ee0000" filename = "" Region: id = 2103 start_va = 0x5ef0000 end_va = 0x5ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ef0000" filename = "" Region: id = 2104 start_va = 0x5f00000 end_va = 0x5f03fff entry_point = 0x5f00000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2105 start_va = 0x5f10000 end_va = 0x5f14fff entry_point = 0x5f10000 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 2106 start_va = 0x5f20000 end_va = 0x5f2ffff entry_point = 0x5f20000 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 2107 start_va = 0x5f30000 end_va = 0x5f32fff entry_point = 0x5f30000 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 2108 start_va = 0x5f40000 end_va = 0x5f40fff entry_point = 0x0 region_type = private name = "private_0x0000000005f40000" filename = "" Region: id = 2109 start_va = 0x5f50000 end_va = 0x604ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f50000" filename = "" Region: id = 2110 start_va = 0x6050000 end_va = 0x6052fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006050000" filename = "" Region: id = 2111 start_va = 0x6060000 end_va = 0x6062fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006060000" filename = "" Region: id = 2112 start_va = 0x6070000 end_va = 0x6071fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006070000" filename = "" Region: id = 2113 start_va = 0x6080000 end_va = 0x6081fff entry_point = 0x6080000 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 2114 start_va = 0x6090000 end_va = 0x6098fff entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 2115 start_va = 0x60a0000 end_va = 0x60a3fff entry_point = 0x0 region_type = private name = "private_0x00000000060a0000" filename = "" Region: id = 2116 start_va = 0x60b0000 end_va = 0x60b1fff entry_point = 0x60b0000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 2117 start_va = 0x60c0000 end_va = 0x60c0fff entry_point = 0x60c0000 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 2118 start_va = 0x60d0000 end_va = 0x60d8fff entry_point = 0x0 region_type = private name = "private_0x00000000060d0000" filename = "" Region: id = 2119 start_va = 0x60e0000 end_va = 0x60e0fff entry_point = 0x0 region_type = private name = "private_0x00000000060e0000" filename = "" Region: id = 2120 start_va = 0x60f0000 end_va = 0x61effff entry_point = 0x0 region_type = private name = "private_0x00000000060f0000" filename = "" Region: id = 2121 start_va = 0x61f0000 end_va = 0x61f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000061f0000" filename = "" Region: id = 2122 start_va = 0x6200000 end_va = 0x6247fff entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 2123 start_va = 0x6250000 end_va = 0x6297fff entry_point = 0x0 region_type = private name = "private_0x0000000006250000" filename = "" Region: id = 2124 start_va = 0x62a0000 end_va = 0x631ffff entry_point = 0x0 region_type = private name = "private_0x00000000062a0000" filename = "" Region: id = 2125 start_va = 0x6320000 end_va = 0x641ffff entry_point = 0x6320000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 2126 start_va = 0x6420000 end_va = 0x6451fff entry_point = 0x6420000 region_type = mapped_file name = "netmsg.dll.mui" filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui") Region: id = 2127 start_va = 0x6460000 end_va = 0x64dffff entry_point = 0x0 region_type = private name = "private_0x0000000006460000" filename = "" Region: id = 2128 start_va = 0x64e0000 end_va = 0x64e1fff entry_point = 0x64e0000 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 2129 start_va = 0x64f0000 end_va = 0x65effff entry_point = 0x64f0000 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 2130 start_va = 0x65f0000 end_va = 0x666ffff entry_point = 0x0 region_type = private name = "private_0x00000000065f0000" filename = "" Region: id = 2131 start_va = 0x6670000 end_va = 0x66effff entry_point = 0x0 region_type = private name = "private_0x0000000006670000" filename = "" Region: id = 2132 start_va = 0x66f0000 end_va = 0x66f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000066f0000" filename = "" Region: id = 2133 start_va = 0x6700000 end_va = 0x6700fff entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 2134 start_va = 0x6710000 end_va = 0x6711fff entry_point = 0x6710000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 2135 start_va = 0x6720000 end_va = 0x681ffff entry_point = 0x6720000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 2136 start_va = 0x6820000 end_va = 0x6821fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006820000" filename = "" Region: id = 2137 start_va = 0x6830000 end_va = 0x70b2fff entry_point = 0x6830000 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll") Region: id = 2138 start_va = 0x70c0000 end_va = 0x70c1fff entry_point = 0x70c0000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 2139 start_va = 0x70d0000 end_va = 0x71cffff entry_point = 0x70d0000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 2140 start_va = 0x71d0000 end_va = 0x724ffff entry_point = 0x0 region_type = private name = "private_0x00000000071d0000" filename = "" Region: id = 2141 start_va = 0x7250000 end_va = 0x7250fff entry_point = 0x0 region_type = private name = "private_0x0000000007250000" filename = "" Region: id = 2142 start_va = 0x7260000 end_va = 0x72a8fff entry_point = 0x0 region_type = private name = "private_0x0000000007260000" filename = "" Region: id = 2143 start_va = 0x72b0000 end_va = 0x74affff entry_point = 0x0 region_type = private name = "private_0x00000000072b0000" filename = "" Region: id = 2144 start_va = 0x74b0000 end_va = 0x9831fff entry_point = 0x74b0000 region_type = mapped_file name = "appdb.dat" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat") Region: id = 2145 start_va = 0x9840000 end_va = 0x98bffff entry_point = 0x0 region_type = private name = "private_0x0000000009840000" filename = "" Region: id = 2146 start_va = 0x98c0000 end_va = 0x993ffff entry_point = 0x0 region_type = private name = "private_0x00000000098c0000" filename = "" Region: id = 2147 start_va = 0x9940000 end_va = 0x9941fff entry_point = 0x9940000 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 2148 start_va = 0x9950000 end_va = 0x9a4ffff entry_point = 0x9950000 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 2149 start_va = 0x9a50000 end_va = 0x9a97fff entry_point = 0x0 region_type = private name = "private_0x0000000009a50000" filename = "" Region: id = 2150 start_va = 0x9aa0000 end_va = 0x9b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000009aa0000" filename = "" Region: id = 2151 start_va = 0x9b20000 end_va = 0x9b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009b20000" filename = "" Region: id = 2152 start_va = 0x9ba0000 end_va = 0x9c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000009ba0000" filename = "" Region: id = 2153 start_va = 0x9c20000 end_va = 0x9c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009c20000" filename = "" Region: id = 2154 start_va = 0x9ca0000 end_va = 0x9d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000009ca0000" filename = "" Region: id = 2155 start_va = 0x9d20000 end_va = 0x9d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009d20000" filename = "" Region: id = 2156 start_va = 0x9da0000 end_va = 0x9e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000009da0000" filename = "" Region: id = 2157 start_va = 0x9e20000 end_va = 0x9e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009e20000" filename = "" Region: id = 2158 start_va = 0x9ea0000 end_va = 0x9f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 2159 start_va = 0x9f20000 end_va = 0x9f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000009f20000" filename = "" Region: id = 2160 start_va = 0x9fa0000 end_va = 0xa01ffff entry_point = 0x0 region_type = private name = "private_0x0000000009fa0000" filename = "" Region: id = 2161 start_va = 0xa020000 end_va = 0xa027fff entry_point = 0xa020000 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 2162 start_va = 0xa030000 end_va = 0xa032fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a030000" filename = "" Region: id = 2163 start_va = 0xa040000 end_va = 0xa04dfff entry_point = 0x0 region_type = private name = "private_0x000000000a040000" filename = "" Region: id = 2164 start_va = 0xa050000 end_va = 0xa051fff entry_point = 0xa050000 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 2165 start_va = 0xa060000 end_va = 0xa0dffff entry_point = 0x0 region_type = private name = "private_0x000000000a060000" filename = "" Region: id = 2166 start_va = 0xa0e0000 end_va = 0xa15ffff entry_point = 0x0 region_type = private name = "private_0x000000000a0e0000" filename = "" Region: id = 2167 start_va = 0xa160000 end_va = 0xa160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a160000" filename = "" Region: id = 2168 start_va = 0xa1a0000 end_va = 0xa21ffff entry_point = 0x0 region_type = private name = "private_0x000000000a1a0000" filename = "" Region: id = 2169 start_va = 0xa220000 end_va = 0xa29ffff entry_point = 0x0 region_type = private name = "private_0x000000000a220000" filename = "" Region: id = 2170 start_va = 0xa2a0000 end_va = 0xa31ffff entry_point = 0x0 region_type = private name = "private_0x000000000a2a0000" filename = "" Region: id = 2171 start_va = 0xa320000 end_va = 0xa39ffff entry_point = 0x0 region_type = private name = "private_0x000000000a320000" filename = "" Region: id = 2172 start_va = 0xa3a0000 end_va = 0xa41ffff entry_point = 0x0 region_type = private name = "private_0x000000000a3a0000" filename = "" Region: id = 2173 start_va = 0xa420000 end_va = 0xa49ffff entry_point = 0x0 region_type = private name = "private_0x000000000a420000" filename = "" Region: id = 2174 start_va = 0xa4a0000 end_va = 0xa51ffff entry_point = 0x0 region_type = private name = "private_0x000000000a4a0000" filename = "" Region: id = 2175 start_va = 0xa520000 end_va = 0xa59ffff entry_point = 0x0 region_type = private name = "private_0x000000000a520000" filename = "" Region: id = 2176 start_va = 0xa5a0000 end_va = 0xa61ffff entry_point = 0x0 region_type = private name = "private_0x000000000a5a0000" filename = "" Region: id = 2177 start_va = 0xa620000 end_va = 0xa69ffff entry_point = 0x0 region_type = private name = "private_0x000000000a620000" filename = "" Region: id = 2178 start_va = 0xa6a0000 end_va = 0xa71ffff entry_point = 0x0 region_type = private name = "private_0x000000000a6a0000" filename = "" Region: id = 2179 start_va = 0xa720000 end_va = 0xa79ffff entry_point = 0x0 region_type = private name = "private_0x000000000a720000" filename = "" Region: id = 2180 start_va = 0xa7a0000 end_va = 0xab9ffff entry_point = 0x0 region_type = private name = "private_0x000000000a7a0000" filename = "" Region: id = 2181 start_va = 0xaba0000 end_va = 0xac1ffff entry_point = 0x0 region_type = private name = "private_0x000000000aba0000" filename = "" Region: id = 2182 start_va = 0xac20000 end_va = 0xac9ffff entry_point = 0x0 region_type = private name = "private_0x000000000ac20000" filename = "" Region: id = 2183 start_va = 0xaca0000 end_va = 0xad1ffff entry_point = 0x0 region_type = private name = "private_0x000000000aca0000" filename = "" Region: id = 2184 start_va = 0xad20000 end_va = 0xad9ffff entry_point = 0x0 region_type = private name = "private_0x000000000ad20000" filename = "" Region: id = 2185 start_va = 0xada0000 end_va = 0xae1ffff entry_point = 0x0 region_type = private name = "private_0x000000000ada0000" filename = "" Region: id = 2186 start_va = 0xae20000 end_va = 0xae9ffff entry_point = 0x0 region_type = private name = "private_0x000000000ae20000" filename = "" Region: id = 2187 start_va = 0xaea0000 end_va = 0xaf1ffff entry_point = 0x0 region_type = private name = "private_0x000000000aea0000" filename = "" Region: id = 2188 start_va = 0xaf20000 end_va = 0xaf9ffff entry_point = 0x0 region_type = private name = "private_0x000000000af20000" filename = "" Region: id = 2189 start_va = 0xafa0000 end_va = 0xb01ffff entry_point = 0x0 region_type = private name = "private_0x000000000afa0000" filename = "" Region: id = 2190 start_va = 0xbb20000 end_va = 0xbb22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb20000" filename = "" Region: id = 2191 start_va = 0xbb30000 end_va = 0xbb33fff entry_point = 0xbb30000 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 2192 start_va = 0xbb40000 end_va = 0xbb40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb40000" filename = "" Region: id = 2193 start_va = 0xbb50000 end_va = 0xbb51fff entry_point = 0xbb50000 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 2194 start_va = 0xbb60000 end_va = 0xbb62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb60000" filename = "" Region: id = 2195 start_va = 0xbb70000 end_va = 0xbb71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb70000" filename = "" Region: id = 2196 start_va = 0xbb80000 end_va = 0xbb80fff entry_point = 0x0 region_type = private name = "private_0x000000000bb80000" filename = "" Region: id = 2197 start_va = 0xbb90000 end_va = 0xbb92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb90000" filename = "" Region: id = 2198 start_va = 0xbbe0000 end_va = 0xbcdffff entry_point = 0x0 region_type = private name = "private_0x000000000bbe0000" filename = "" Region: id = 2199 start_va = 0xc1e0000 end_va = 0xc2dffff entry_point = 0xc1e0000 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 2200 start_va = 0xc2e0000 end_va = 0xc35ffff entry_point = 0x0 region_type = private name = "private_0x000000000c2e0000" filename = "" Region: id = 2201 start_va = 0xc360000 end_va = 0xc362fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c360000" filename = "" Region: id = 2202 start_va = 0xc370000 end_va = 0xc372fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c370000" filename = "" Region: id = 2203 start_va = 0xc380000 end_va = 0xc382fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c380000" filename = "" Region: id = 2204 start_va = 0xc460000 end_va = 0xc4dffff entry_point = 0x0 region_type = private name = "private_0x000000000c460000" filename = "" Region: id = 2205 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2206 start_va = 0x7df5fff90000 end_va = 0x7ff5fff8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fff90000" filename = "" Region: id = 2207 start_va = 0x7ff6e4884000 end_va = 0x7ff6e4885fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4884000" filename = "" Region: id = 2208 start_va = 0x7ff6e4886000 end_va = 0x7ff6e4887fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4886000" filename = "" Region: id = 2209 start_va = 0x7ff6e4888000 end_va = 0x7ff6e4889fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4888000" filename = "" Region: id = 2210 start_va = 0x7ff6e488a000 end_va = 0x7ff6e488bfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e488a000" filename = "" Region: id = 2211 start_va = 0x7ff6e488c000 end_va = 0x7ff6e488dfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e488c000" filename = "" Region: id = 2212 start_va = 0x7ff6e488e000 end_va = 0x7ff6e488ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e488e000" filename = "" Region: id = 2213 start_va = 0x7ff6e4890000 end_va = 0x7ff6e4891fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4890000" filename = "" Region: id = 2214 start_va = 0x7ff6e4892000 end_va = 0x7ff6e4893fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4892000" filename = "" Region: id = 2215 start_va = 0x7ff6e4894000 end_va = 0x7ff6e4895fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4894000" filename = "" Region: id = 2216 start_va = 0x7ff6e4896000 end_va = 0x7ff6e4897fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4896000" filename = "" Region: id = 2217 start_va = 0x7ff6e4898000 end_va = 0x7ff6e4899fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4898000" filename = "" Region: id = 2218 start_va = 0x7ff6e489a000 end_va = 0x7ff6e489bfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e489a000" filename = "" Region: id = 2219 start_va = 0x7ff6e489c000 end_va = 0x7ff6e489dfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e489c000" filename = "" Region: id = 2220 start_va = 0x7ff6e489e000 end_va = 0x7ff6e489ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e489e000" filename = "" Region: id = 2221 start_va = 0x7ff6e48a0000 end_va = 0x7ff6e48a1fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48a0000" filename = "" Region: id = 2222 start_va = 0x7ff6e48a2000 end_va = 0x7ff6e48a3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48a2000" filename = "" Region: id = 2223 start_va = 0x7ff6e48a4000 end_va = 0x7ff6e48a5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48a4000" filename = "" Region: id = 2224 start_va = 0x7ff6e48a6000 end_va = 0x7ff6e48a7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48a6000" filename = "" Region: id = 2225 start_va = 0x7ff6e48a8000 end_va = 0x7ff6e48a9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48a8000" filename = "" Region: id = 2226 start_va = 0x7ff6e48aa000 end_va = 0x7ff6e48abfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48aa000" filename = "" Region: id = 2227 start_va = 0x7ff6e48ac000 end_va = 0x7ff6e48adfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ac000" filename = "" Region: id = 2228 start_va = 0x7ff6e48ae000 end_va = 0x7ff6e48affff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ae000" filename = "" Region: id = 2229 start_va = 0x7ff6e48b0000 end_va = 0x7ff6e48b1fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48b0000" filename = "" Region: id = 2230 start_va = 0x7ff6e48b2000 end_va = 0x7ff6e48b3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48b2000" filename = "" Region: id = 2231 start_va = 0x7ff6e48b4000 end_va = 0x7ff6e48b5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48b4000" filename = "" Region: id = 2232 start_va = 0x7ff6e48b6000 end_va = 0x7ff6e48b7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48b6000" filename = "" Region: id = 2233 start_va = 0x7ff6e48b8000 end_va = 0x7ff6e48b9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48b8000" filename = "" Region: id = 2234 start_va = 0x7ff6e48ba000 end_va = 0x7ff6e48bbfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ba000" filename = "" Region: id = 2235 start_va = 0x7ff6e48bc000 end_va = 0x7ff6e48bdfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48bc000" filename = "" Region: id = 2236 start_va = 0x7ff6e48be000 end_va = 0x7ff6e48bffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48be000" filename = "" Region: id = 2237 start_va = 0x7ff6e48c0000 end_va = 0x7ff6e48c1fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48c0000" filename = "" Region: id = 2238 start_va = 0x7ff6e48c2000 end_va = 0x7ff6e48c3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48c2000" filename = "" Region: id = 2239 start_va = 0x7ff6e48c4000 end_va = 0x7ff6e48c5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48c4000" filename = "" Region: id = 2240 start_va = 0x7ff6e48c6000 end_va = 0x7ff6e48c7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48c6000" filename = "" Region: id = 2241 start_va = 0x7ff6e48c8000 end_va = 0x7ff6e48c9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48c8000" filename = "" Region: id = 2242 start_va = 0x7ff6e48ca000 end_va = 0x7ff6e48cbfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ca000" filename = "" Region: id = 2243 start_va = 0x7ff6e48cc000 end_va = 0x7ff6e48cdfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48cc000" filename = "" Region: id = 2244 start_va = 0x7ff6e48ce000 end_va = 0x7ff6e48cffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ce000" filename = "" Region: id = 2245 start_va = 0x7ff6e48d0000 end_va = 0x7ff6e48d1fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48d0000" filename = "" Region: id = 2246 start_va = 0x7ff6e48d2000 end_va = 0x7ff6e48d3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48d2000" filename = "" Region: id = 2247 start_va = 0x7ff6e48d4000 end_va = 0x7ff6e48d5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48d4000" filename = "" Region: id = 2248 start_va = 0x7ff6e48d6000 end_va = 0x7ff6e48d7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48d6000" filename = "" Region: id = 2249 start_va = 0x7ff6e48d8000 end_va = 0x7ff6e48d9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48d8000" filename = "" Region: id = 2250 start_va = 0x7ff6e48da000 end_va = 0x7ff6e48dbfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48da000" filename = "" Region: id = 2251 start_va = 0x7ff6e48dc000 end_va = 0x7ff6e48ddfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48dc000" filename = "" Region: id = 2252 start_va = 0x7ff6e48de000 end_va = 0x7ff6e48dffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48de000" filename = "" Region: id = 2253 start_va = 0x7ff6e48e0000 end_va = 0x7ff6e48e1fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48e0000" filename = "" Region: id = 2254 start_va = 0x7ff6e48e2000 end_va = 0x7ff6e48e3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48e2000" filename = "" Region: id = 2255 start_va = 0x7ff6e48e4000 end_va = 0x7ff6e48e5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48e4000" filename = "" Region: id = 2256 start_va = 0x7ff6e48e6000 end_va = 0x7ff6e48e7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48e6000" filename = "" Region: id = 2257 start_va = 0x7ff6e48e8000 end_va = 0x7ff6e48e9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48e8000" filename = "" Region: id = 2258 start_va = 0x7ff6e48ea000 end_va = 0x7ff6e48ebfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ea000" filename = "" Region: id = 2259 start_va = 0x7ff6e48ec000 end_va = 0x7ff6e48edfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ec000" filename = "" Region: id = 2260 start_va = 0x7ff6e48ee000 end_va = 0x7ff6e48effff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48ee000" filename = "" Region: id = 2261 start_va = 0x7ff6e48f0000 end_va = 0x7ff6e48f1fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48f0000" filename = "" Region: id = 2262 start_va = 0x7ff6e48f2000 end_va = 0x7ff6e48f3fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48f2000" filename = "" Region: id = 2263 start_va = 0x7ff6e48f4000 end_va = 0x7ff6e48f5fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48f4000" filename = "" Region: id = 2264 start_va = 0x7ff6e48f6000 end_va = 0x7ff6e48f7fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48f6000" filename = "" Region: id = 2265 start_va = 0x7ff6e48f8000 end_va = 0x7ff6e48f9fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48f8000" filename = "" Region: id = 2266 start_va = 0x7ff6e48fa000 end_va = 0x7ff6e48fbfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48fa000" filename = "" Region: id = 2267 start_va = 0x7ff6e48fc000 end_va = 0x7ff6e48fdfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48fc000" filename = "" Region: id = 2268 start_va = 0x7ff6e48fe000 end_va = 0x7ff6e48fffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e48fe000" filename = "" Region: id = 2269 start_va = 0x7ff6e4900000 end_va = 0x7ff6e49fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6e4900000" filename = "" Region: id = 2270 start_va = 0x7ff6e4a00000 end_va = 0x7ff6e4a22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6e4a00000" filename = "" Region: id = 2271 start_va = 0x7ff6e4a23000 end_va = 0x7ff6e4a24fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a23000" filename = "" Region: id = 2272 start_va = 0x7ff6e4a25000 end_va = 0x7ff6e4a26fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a25000" filename = "" Region: id = 2273 start_va = 0x7ff6e4a27000 end_va = 0x7ff6e4a28fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a27000" filename = "" Region: id = 2274 start_va = 0x7ff6e4a29000 end_va = 0x7ff6e4a29fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a29000" filename = "" Region: id = 2275 start_va = 0x7ff6e4a2a000 end_va = 0x7ff6e4a2bfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a2a000" filename = "" Region: id = 2276 start_va = 0x7ff6e4a2c000 end_va = 0x7ff6e4a2dfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a2c000" filename = "" Region: id = 2277 start_va = 0x7ff6e4a2e000 end_va = 0x7ff6e4a2ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4a2e000" filename = "" Region: id = 2278 start_va = 0x7ff6e4e10000 end_va = 0x7ff6e525dfff entry_point = 0x7ff6e4e10000 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 2279 start_va = 0x7fff08240000 end_va = 0x7fff082d8fff entry_point = 0x7fff08240000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 2280 start_va = 0x7fff082e0000 end_va = 0x7fff0837ffff entry_point = 0x7fff082e0000 region_type = mapped_file name = "hgcpl.dll" filename = "\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll") Region: id = 2281 start_va = 0x7fff08380000 end_va = 0x7fff086c5fff entry_point = 0x7fff08380000 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 2282 start_va = 0x7fff086d0000 end_va = 0x7fff0871ffff entry_point = 0x7fff086d0000 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 2283 start_va = 0x7fff08720000 end_va = 0x7fff0872cfff entry_point = 0x7fff08720000 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 2284 start_va = 0x7fff08730000 end_va = 0x7fff087f3fff entry_point = 0x7fff08730000 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 2285 start_va = 0x7fff08800000 end_va = 0x7fff0883efff entry_point = 0x7fff08800000 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 2286 start_va = 0x7fff08840000 end_va = 0x7fff08871fff entry_point = 0x7fff08840000 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 2287 start_va = 0x7fff08880000 end_va = 0x7fff08894fff entry_point = 0x7fff08880000 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 2288 start_va = 0x7fff088a0000 end_va = 0x7fff088dffff entry_point = 0x7fff088a0000 region_type = mapped_file name = "windows.gaming.input.dll" filename = "\\Windows\\System32\\Windows.Gaming.Input.dll" (normalized: "c:\\windows\\system32\\windows.gaming.input.dll") Region: id = 2289 start_va = 0x7fff08920000 end_va = 0x7fff0895bfff entry_point = 0x7fff08920000 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 2290 start_va = 0x7fff0a5e0000 end_va = 0x7fff0a79efff entry_point = 0x7fff0a5e0000 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 2291 start_va = 0x7fff0aa10000 end_va = 0x7fff0ac51fff entry_point = 0x7fff0aa10000 region_type = mapped_file name = "authui.dll" filename = "\\Windows\\System32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll") Region: id = 2292 start_va = 0x7fff0ac60000 end_va = 0x7fff0acaffff entry_point = 0x7fff0ac60000 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 2293 start_va = 0x7fff0acb0000 end_va = 0x7fff0ad34fff entry_point = 0x7fff0acb0000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2294 start_va = 0x7fff0ad40000 end_va = 0x7fff0ad56fff entry_point = 0x7fff0ad40000 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 2295 start_va = 0x7fff0ad60000 end_va = 0x7fff0ada0fff entry_point = 0x7fff0ad60000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 2296 start_va = 0x7fff0adb0000 end_va = 0x7fff0ae28fff entry_point = 0x7fff0adb0000 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 2297 start_va = 0x7fff0ae30000 end_va = 0x7fff0aeb3fff entry_point = 0x7fff0ae30000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 2298 start_va = 0x7fff0aec0000 end_va = 0x7fff0af3bfff entry_point = 0x7fff0aec0000 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 2299 start_va = 0x7fff0af40000 end_va = 0x7fff0b07afff entry_point = 0x7fff0af40000 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 2300 start_va = 0x7fff0b080000 end_va = 0x7fff0b27dfff entry_point = 0x7fff0b080000 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 2301 start_va = 0x7fff0b280000 end_va = 0x7fff0b2dbfff entry_point = 0x7fff0b280000 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 2302 start_va = 0x7fff0b6f0000 end_va = 0x7fff0b98ffff entry_point = 0x7fff0b6f0000 region_type = mapped_file name = "gameux.dll" filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll") Region: id = 2303 start_va = 0x7fff0c3d0000 end_va = 0x7fff0c41dfff entry_point = 0x7fff0c3d0000 region_type = mapped_file name = "notificationobjfactory.dll" filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll") Region: id = 2304 start_va = 0x7fff0ce80000 end_va = 0x7fff0ceabfff entry_point = 0x7fff0ce80000 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 2305 start_va = 0x7fff0ceb0000 end_va = 0x7fff0ced2fff entry_point = 0x7fff0ceb0000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 2306 start_va = 0x7fff0d970000 end_va = 0x7fff0d97ffff entry_point = 0x7fff0d970000 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 2307 start_va = 0x7fff0da30000 end_va = 0x7fff0da3bfff entry_point = 0x7fff0da30000 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 2308 start_va = 0x7fff0da70000 end_va = 0x7fff0db08fff entry_point = 0x7fff0da70000 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 2309 start_va = 0x7fff0db10000 end_va = 0x7fff0dda1fff entry_point = 0x7fff0db10000 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 2310 start_va = 0x7fff0ddb0000 end_va = 0x7fff0de09fff entry_point = 0x7fff0ddb0000 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 2311 start_va = 0x7fff0de10000 end_va = 0x7fff0de21fff entry_point = 0x7fff0de10000 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 2312 start_va = 0x7fff0de30000 end_va = 0x7fff0de4ffff entry_point = 0x7fff0de30000 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll") Region: id = 2313 start_va = 0x7fff0de50000 end_va = 0x7fff0de65fff entry_point = 0x7fff0de50000 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 2314 start_va = 0x7fff0dfd0000 end_va = 0x7fff0e068fff entry_point = 0x7fff0dfd0000 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 2315 start_va = 0x7fff0e090000 end_va = 0x7fff0e0bafff entry_point = 0x7fff0e090000 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 2316 start_va = 0x7fff0e0c0000 end_va = 0x7fff0e16bfff entry_point = 0x7fff0e0c0000 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 2317 start_va = 0x7fff0e250000 end_va = 0x7fff0e297fff entry_point = 0x7fff0e250000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 2318 start_va = 0x7fff0e3d0000 end_va = 0x7fff0e418fff entry_point = 0x7fff0e3d0000 region_type = mapped_file name = "veeventdispatcher.dll" filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll") Region: id = 2319 start_va = 0x7fff0e420000 end_va = 0x7fff0e4a2fff entry_point = 0x7fff0e420000 region_type = mapped_file name = "notificationcontroller.dll" filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll") Region: id = 2320 start_va = 0x7fff0e4b0000 end_va = 0x7fff0e583fff entry_point = 0x7fff0e4b0000 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 2321 start_va = 0x7fff0e590000 end_va = 0x7fff0e605fff entry_point = 0x7fff0e590000 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 2322 start_va = 0x7fff0e610000 end_va = 0x7fff0e646fff entry_point = 0x7fff0e610000 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 2323 start_va = 0x7fff0e650000 end_va = 0x7fff0e7f8fff entry_point = 0x7fff0e650000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\\gdiplus.dll") Region: id = 2324 start_va = 0x7fff0e800000 end_va = 0x7fff0e89efff entry_point = 0x7fff0e800000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 2325 start_va = 0x7fff0e8a0000 end_va = 0x7fff0e8b5fff entry_point = 0x7fff0e8a0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 2326 start_va = 0x7fff0e8c0000 end_va = 0x7fff0ebd2fff entry_point = 0x7fff0e8c0000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 2327 start_va = 0x7fff0ebe0000 end_va = 0x7fff0ee9dfff entry_point = 0x7fff0ebe0000 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\amd64\\filesyncshell64.dll") Region: id = 2328 start_va = 0x7fff0eea0000 end_va = 0x7fff0eeacfff entry_point = 0x7fff0eea0000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 2329 start_va = 0x7fff0eeb0000 end_va = 0x7fff0eefafff entry_point = 0x7fff0eeb0000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 2330 start_va = 0x7fff0ef00000 end_va = 0x7fff0efd9fff entry_point = 0x7fff0ef00000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 2331 start_va = 0x7fff0efe0000 end_va = 0x7fff0eff7fff entry_point = 0x7fff0efe0000 region_type = mapped_file name = "elscore.dll" filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll") Region: id = 2332 start_va = 0x7fff0f000000 end_va = 0x7fff0f11afff entry_point = 0x7fff0f000000 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 2333 start_va = 0x7fff0f120000 end_va = 0x7fff0f32cfff entry_point = 0x7fff0f120000 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 2334 start_va = 0x7fff0f330000 end_va = 0x7fff0f33ffff entry_point = 0x7fff0f330000 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 2335 start_va = 0x7fff0f340000 end_va = 0x7fff0f38cfff entry_point = 0x7fff0f340000 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 2336 start_va = 0x7fff0f390000 end_va = 0x7fff0fe9cfff entry_point = 0x7fff0f390000 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 2337 start_va = 0x7fff0fea0000 end_va = 0x7fff1032ffff entry_point = 0x7fff0fea0000 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 2338 start_va = 0x7fff10330000 end_va = 0x7fff10375fff entry_point = 0x7fff10330000 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 2339 start_va = 0x7fff10380000 end_va = 0x7fff103e8fff entry_point = 0x7fff10380000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 2340 start_va = 0x7fff103f0000 end_va = 0x7fff10454fff entry_point = 0x7fff103f0000 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 2341 start_va = 0x7fff10460000 end_va = 0x7fff10525fff entry_point = 0x7fff10460000 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 2342 start_va = 0x7fff10530000 end_va = 0x7fff10610fff entry_point = 0x7fff10530000 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 2343 start_va = 0x7fff10620000 end_va = 0x7fff10630fff entry_point = 0x7fff10620000 region_type = mapped_file name = "settingsyncpolicy.dll" filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll") Region: id = 2344 start_va = 0x7fff10640000 end_va = 0x7fff106f9fff entry_point = 0x7fff10640000 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 2345 start_va = 0x7fff10780000 end_va = 0x7fff10794fff entry_point = 0x7fff10780000 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 2346 start_va = 0x7fff10ba0000 end_va = 0x7fff10ba9fff entry_point = 0x7fff10ba0000 region_type = mapped_file name = "msiltcfg.dll" filename = "\\Windows\\System32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll") Region: id = 2347 start_va = 0x7fff10c50000 end_va = 0x7fff110b9fff entry_point = 0x7fff10c50000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2348 start_va = 0x7fff11100000 end_va = 0x7fff11360fff entry_point = 0x7fff11100000 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 2349 start_va = 0x7fff11b40000 end_va = 0x7fff11b8efff entry_point = 0x7fff11b40000 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 2350 start_va = 0x7fff11b90000 end_va = 0x7fff11bfafff entry_point = 0x7fff11b90000 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 2351 start_va = 0x7fff11c00000 end_va = 0x7fff11c20fff entry_point = 0x7fff11c00000 region_type = mapped_file name = "networkstatus.dll" filename = "\\Windows\\System32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll") Region: id = 2352 start_va = 0x7fff11ca0000 end_va = 0x7fff11cc6fff entry_point = 0x7fff11ca0000 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 2353 start_va = 0x7fff12070000 end_va = 0x7fff120f2fff entry_point = 0x7fff12070000 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 2354 start_va = 0x7fff12100000 end_va = 0x7fff1215cfff entry_point = 0x7fff12100000 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 2355 start_va = 0x7fff12290000 end_va = 0x7fff122adfff entry_point = 0x7fff12290000 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 2356 start_va = 0x7fff12330000 end_va = 0x7fff1233dfff entry_point = 0x7fff12330000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2357 start_va = 0x7fff12580000 end_va = 0x7fff12594fff entry_point = 0x7fff12580000 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 2358 start_va = 0x7fff125b0000 end_va = 0x7fff1262ffff entry_point = 0x7fff125b0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 2359 start_va = 0x7fff12910000 end_va = 0x7fff12921fff entry_point = 0x7fff12910000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2360 start_va = 0x7fff12dd0000 end_va = 0x7fff12e2efff entry_point = 0x7fff12dd0000 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2361 start_va = 0x7fff14320000 end_va = 0x7fff14329fff entry_point = 0x7fff14320000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2362 start_va = 0x7fff14410000 end_va = 0x7fff14424fff entry_point = 0x7fff14410000 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 2363 start_va = 0x7fff14430000 end_va = 0x7fff1446efff entry_point = 0x7fff14430000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2364 start_va = 0x7fff14470000 end_va = 0x7fff14716fff entry_point = 0x7fff14470000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 2365 start_va = 0x7fff14720000 end_va = 0x7fff148b6fff entry_point = 0x7fff14720000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 2366 start_va = 0x7fff14a80000 end_va = 0x7fff14a89fff entry_point = 0x7fff14a80000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2367 start_va = 0x7fff14a90000 end_va = 0x7fff14d03fff entry_point = 0x7fff14a90000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43\\comctl32.dll") Region: id = 2368 start_va = 0x7fff14d10000 end_va = 0x7fff1504cfff entry_point = 0x7fff14d10000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 2369 start_va = 0x7fff151d0000 end_va = 0x7fff15201fff entry_point = 0x7fff151d0000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2370 start_va = 0x7fff15470000 end_va = 0x7fff15545fff entry_point = 0x7fff15470000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2371 start_va = 0x7fff15c90000 end_va = 0x7fff15d21fff entry_point = 0x7fff15c90000 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2372 start_va = 0x7fff15d30000 end_va = 0x7fff15d68fff entry_point = 0x7fff15d30000 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2373 start_va = 0x7fff15ea0000 end_va = 0x7fff15ed5fff entry_point = 0x7fff15ea0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2374 start_va = 0x7fff15fb0000 end_va = 0x7fff15fdffff entry_point = 0x7fff15fb0000 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 2375 start_va = 0x7fff15fe0000 end_va = 0x7fff160ebfff entry_point = 0x7fff15fe0000 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 2376 start_va = 0x7fff161b0000 end_va = 0x7fff166f4fff entry_point = 0x7fff161b0000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 2377 start_va = 0x7fff167a0000 end_va = 0x7fff16891fff entry_point = 0x7fff167a0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2378 start_va = 0x7fff16c20000 end_va = 0x7fff16dd6fff entry_point = 0x7fff16c20000 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 2379 start_va = 0x7fff16de0000 end_va = 0x7fff17155fff entry_point = 0x7fff16de0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2380 start_va = 0x7fff18160000 end_va = 0x7fff181fdfff entry_point = 0x7fff18160000 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 2381 start_va = 0x7fff18200000 end_va = 0x7fff1830efff entry_point = 0x7fff18200000 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 2382 start_va = 0x7fff18310000 end_va = 0x7fff18379fff entry_point = 0x7fff18310000 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 2383 start_va = 0x7fff186e0000 end_va = 0x7fff18747fff entry_point = 0x7fff186e0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2384 start_va = 0x7fff18800000 end_va = 0x7fff18819fff entry_point = 0x7fff18800000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2385 start_va = 0x7fff18820000 end_va = 0x7fff18835fff entry_point = 0x7fff18820000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2386 start_va = 0x7fff18980000 end_va = 0x7fff1899bfff entry_point = 0x7fff18980000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 2387 start_va = 0x7fff189e0000 end_va = 0x7fff189eafff entry_point = 0x7fff189e0000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2388 start_va = 0x7fff18cd0000 end_va = 0x7fff18e52fff entry_point = 0x7fff18cd0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2389 start_va = 0x7fff18e60000 end_va = 0x7fff18ed1fff entry_point = 0x7fff18e60000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2390 start_va = 0x7fff18f50000 end_va = 0x7fff18fc9fff entry_point = 0x7fff18f50000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2391 start_va = 0x7fff18ff0000 end_va = 0x7fff19090fff entry_point = 0x7fff18ff0000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 2392 start_va = 0x7fff19120000 end_va = 0x7fff19135fff entry_point = 0x7fff19120000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2393 start_va = 0x7fff19140000 end_va = 0x7fff191a4fff entry_point = 0x7fff19140000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2394 start_va = 0x7fff19360000 end_va = 0x7fff19490fff entry_point = 0x7fff19360000 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2395 start_va = 0x7fff194e0000 end_va = 0x7fff194f7fff entry_point = 0x7fff194e0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2396 start_va = 0x7fff19780000 end_va = 0x7fff19790fff entry_point = 0x7fff19780000 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2397 start_va = 0x7fff199e0000 end_va = 0x7fff199eafff entry_point = 0x7fff199e0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2398 start_va = 0x7fff19a00000 end_va = 0x7fff19a37fff entry_point = 0x7fff19a00000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2399 start_va = 0x7fff19bd0000 end_va = 0x7fff19c1afff entry_point = 0x7fff19bd0000 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 2400 start_va = 0x7fff19c20000 end_va = 0x7fff19dd1fff entry_point = 0x7fff19c20000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 2401 start_va = 0x7fff19de0000 end_va = 0x7fff1a04dfff entry_point = 0x7fff19de0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 2402 start_va = 0x7fff1a050000 end_va = 0x7fff1a0ebfff entry_point = 0x7fff1a050000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 2403 start_va = 0x7fff1a0f0000 end_va = 0x7fff1a392fff entry_point = 0x7fff1a0f0000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 2404 start_va = 0x7fff1a3a0000 end_va = 0x7fff1a3c1fff entry_point = 0x7fff1a3a0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2405 start_va = 0x7fff1a3f0000 end_va = 0x7fff1a44bfff entry_point = 0x7fff1a3f0000 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 2406 start_va = 0x7fff1a450000 end_va = 0x7fff1a517fff entry_point = 0x7fff1a450000 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 2407 start_va = 0x7fff1a520000 end_va = 0x7fff1a5f0fff entry_point = 0x7fff1a520000 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 2408 start_va = 0x7fff1a8f0000 end_va = 0x7fff1a967fff entry_point = 0x7fff1a8f0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2409 start_va = 0x7fff1aa50000 end_va = 0x7fff1aa62fff entry_point = 0x7fff1aa50000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2410 start_va = 0x7fff1aa70000 end_va = 0x7fff1aad5fff entry_point = 0x7fff1aa70000 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 2411 start_va = 0x7fff1aae0000 end_va = 0x7fff1ab04fff entry_point = 0x7fff1aae0000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2412 start_va = 0x7fff1ab10000 end_va = 0x7fff1ab35fff entry_point = 0x7fff1ab10000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 2413 start_va = 0x7fff1ac00000 end_va = 0x7fff1ac95fff entry_point = 0x7fff1ac00000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2414 start_va = 0x7fff1aca0000 end_va = 0x7fff1acc6fff entry_point = 0x7fff1aca0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2415 start_va = 0x7fff1acf0000 end_va = 0x7fff1adddfff entry_point = 0x7fff1acf0000 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2416 start_va = 0x7fff1b030000 end_va = 0x7fff1b057fff entry_point = 0x7fff1b030000 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 2417 start_va = 0x7fff1b380000 end_va = 0x7fff1b38bfff entry_point = 0x7fff1b380000 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 2418 start_va = 0x7fff1b4d0000 end_va = 0x7fff1b527fff entry_point = 0x7fff1b4d0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2419 start_va = 0x7fff1b5e0000 end_va = 0x7fff1b5ebfff entry_point = 0x7fff1b5e0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2420 start_va = 0x7fff1b5f0000 end_va = 0x7fff1b615fff entry_point = 0x7fff1b5f0000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2421 start_va = 0x7fff1b6d0000 end_va = 0x7fff1b701fff entry_point = 0x7fff1b6d0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2422 start_va = 0x7fff1b7b0000 end_va = 0x7fff1b7b9fff entry_point = 0x7fff1b7b0000 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 2423 start_va = 0x7fff1b850000 end_va = 0x7fff1b882fff entry_point = 0x7fff1b850000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2424 start_va = 0x7fff1b940000 end_va = 0x7fff1b95efff entry_point = 0x7fff1b940000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2425 start_va = 0x7fff1b9a0000 end_va = 0x7fff1ba47fff entry_point = 0x7fff1b9a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2426 start_va = 0x7fff1bba0000 end_va = 0x7fff1bbfcfff entry_point = 0x7fff1bba0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2427 start_va = 0x7fff1bc00000 end_va = 0x7fff1bc16fff entry_point = 0x7fff1bc00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2428 start_va = 0x7fff1bd70000 end_va = 0x7fff1bd7afff entry_point = 0x7fff1bd70000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2429 start_va = 0x7fff1be00000 end_va = 0x7fff1be35fff entry_point = 0x7fff1be00000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2430 start_va = 0x7fff1be40000 end_va = 0x7fff1be65fff entry_point = 0x7fff1be40000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2431 start_va = 0x7fff1bf50000 end_va = 0x7fff1bf7bfff entry_point = 0x7fff1bf50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2432 start_va = 0x7fff1c150000 end_va = 0x7fff1c177fff entry_point = 0x7fff1c150000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2433 start_va = 0x7fff1c180000 end_va = 0x7fff1c1eafff entry_point = 0x7fff1c180000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2434 start_va = 0x7fff1c1f0000 end_va = 0x7fff1c287fff entry_point = 0x7fff1c1f0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2435 start_va = 0x7fff1c330000 end_va = 0x7fff1c340fff entry_point = 0x7fff1c330000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2436 start_va = 0x7fff1c350000 end_va = 0x7fff1c399fff entry_point = 0x7fff1c350000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2437 start_va = 0x7fff1c3a0000 end_va = 0x7fff1c3b2fff entry_point = 0x7fff1c3a0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2438 start_va = 0x7fff1c3c0000 end_va = 0x7fff1c3cefff entry_point = 0x7fff1c3c0000 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2439 start_va = 0x7fff1c3d0000 end_va = 0x7fff1c413fff entry_point = 0x7fff1c3d0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2440 start_va = 0x7fff1c420000 end_va = 0x7fff1c4d2fff entry_point = 0x7fff1c420000 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2441 start_va = 0x7fff1c4e0000 end_va = 0x7fff1c6a0fff entry_point = 0x7fff1c4e0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2442 start_va = 0x7fff1c760000 end_va = 0x7fff1cd87fff entry_point = 0x7fff1c760000 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2443 start_va = 0x7fff1cd90000 end_va = 0x7fff1cde3fff entry_point = 0x7fff1cd90000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2444 start_va = 0x7fff1cdf0000 end_va = 0x7fff1cfccfff entry_point = 0x7fff1cdf0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2445 start_va = 0x7fff1cfd0000 end_va = 0x7fff1d074fff entry_point = 0x7fff1cfd0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2446 start_va = 0x7fff1d080000 end_va = 0x7fff1d2fbfff entry_point = 0x7fff1d080000 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2447 start_va = 0x7fff1d3f0000 end_va = 0x7fff1d530fff entry_point = 0x7fff1d3f0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2448 start_va = 0x7fff1d540000 end_va = 0x7fff1d5fdfff entry_point = 0x7fff1d540000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2449 start_va = 0x7fff1d600000 end_va = 0x7fff1d65afff entry_point = 0x7fff1d600000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2450 start_va = 0x7fff1d660000 end_va = 0x7fff1d6bafff entry_point = 0x7fff1d660000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2451 start_va = 0x7fff1d6c0000 end_va = 0x7fff1d728fff entry_point = 0x7fff1d6c0000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2452 start_va = 0x7fff1d730000 end_va = 0x7fff1d765fff entry_point = 0x7fff1d730000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2453 start_va = 0x7fff1d790000 end_va = 0x7fff1d8ebfff entry_point = 0x7fff1d790000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2454 start_va = 0x7fff1d8f0000 end_va = 0x7fff1da15fff entry_point = 0x7fff1d8f0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2455 start_va = 0x7fff1da20000 end_va = 0x7fff1da8efff entry_point = 0x7fff1da20000 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 2456 start_va = 0x7fff1da90000 end_va = 0x7fff1dbddfff entry_point = 0x7fff1da90000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2457 start_va = 0x7fff1dbe0000 end_va = 0x7fff1dbe7fff entry_point = 0x7fff1dbe0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2458 start_va = 0x7fff1dda0000 end_va = 0x7fff1df64fff entry_point = 0x7fff1dda0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2459 start_va = 0x7fff1df70000 end_va = 0x7fff1f494fff entry_point = 0x7fff1df70000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2460 start_va = 0x7fff1f500000 end_va = 0x7fff1f684fff entry_point = 0x7fff1f500000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2461 start_va = 0x7fff1f690000 end_va = 0x7fff1f6e0fff entry_point = 0x7fff1f690000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2462 start_va = 0x7fff1f700000 end_va = 0x7fff1f79cfff entry_point = 0x7fff1f700000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2463 start_va = 0x7fff1f7a0000 end_va = 0x7fff1f845fff entry_point = 0x7fff1f7a0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2464 start_va = 0x7fff1f850000 end_va = 0x7fff1f8fcfff entry_point = 0x7fff1f850000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2465 start_va = 0x7fff1f900000 end_va = 0x7fff1fac1fff entry_point = 0x7fff1f900000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2468 start_va = 0xb020000 end_va = 0xb152fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b020000" filename = "" Region: id = 2469 start_va = 0x48c0000 end_va = 0x48c0fff entry_point = 0x0 region_type = private name = "private_0x00000000048c0000" filename = "" Region: id = 2470 start_va = 0x7fff1ab70000 end_va = 0x7fff1ab8ffff entry_point = 0x7fff1ab70000 region_type = mapped_file name = "avifil32.dll" filename = "\\Windows\\System32\\avifil32.dll" (normalized: "c:\\windows\\system32\\avifil32.dll") Region: id = 2471 start_va = 0x7fff1ab40000 end_va = 0x7fff1ab68fff entry_point = 0x7fff1ab40000 region_type = mapped_file name = "msvfw32.dll" filename = "\\Windows\\System32\\msvfw32.dll" (normalized: "c:\\windows\\system32\\msvfw32.dll") Region: id = 2472 start_va = 0x7fff12050000 end_va = 0x7fff1206bfff entry_point = 0x7fff12050000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\System32\\msacm32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll") Region: id = 2473 start_va = 0x48d0000 end_va = 0x48d1fff entry_point = 0x48d0000 region_type = mapped_file name = "msvfw32.dll.mui" filename = "\\Windows\\System32\\en-US\\msvfw32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msvfw32.dll.mui") Region: id = 2474 start_va = 0xb160000 end_va = 0xb56ffff entry_point = 0x0 region_type = private name = "private_0x000000000b160000" filename = "" Region: id = 2475 start_va = 0x7fff1d3e0000 end_va = 0x7fff1d3e7fff entry_point = 0x7fff1d3e0000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 2476 start_va = 0xa170000 end_va = 0xa176fff entry_point = 0x0 region_type = private name = "private_0x000000000a170000" filename = "" Region: id = 2477 start_va = 0xb570000 end_va = 0xb5effff entry_point = 0x0 region_type = private name = "private_0x000000000b570000" filename = "" Region: id = 2478 start_va = 0x7ff6e4882000 end_va = 0x7ff6e4883fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4882000" filename = "" Region: id = 2479 start_va = 0xb5f0000 end_va = 0xb66ffff entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 2480 start_va = 0xb670000 end_va = 0xb6effff entry_point = 0x0 region_type = private name = "private_0x000000000b670000" filename = "" Region: id = 2481 start_va = 0x7ff6e487e000 end_va = 0x7ff6e487ffff entry_point = 0x0 region_type = private name = "private_0x00007ff6e487e000" filename = "" Region: id = 2482 start_va = 0x7ff6e4880000 end_va = 0x7ff6e4881fff entry_point = 0x0 region_type = private name = "private_0x00007ff6e4880000" filename = "" Region: id = 2483 start_va = 0xb6f0000 end_va = 0xb76ffff entry_point = 0x0 region_type = private name = "private_0x000000000b6f0000" filename = "" Region: id = 2484 start_va = 0xb770000 end_va = 0xb7effff entry_point = 0x0 region_type = private name = "private_0x000000000b770000" filename = "" Region: id = 2485 start_va = 0x7ff6e487a000 end_va = 0x7ff6e487bfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e487a000" filename = "" Region: id = 2486 start_va = 0x7ff6e487c000 end_va = 0x7ff6e487dfff entry_point = 0x0 region_type = private name = "private_0x00007ff6e487c000" filename = "" Region: id = 2487 start_va = 0x7fff12200000 end_va = 0x7fff12208fff entry_point = 0x7fff12200000 region_type = mapped_file name = "ploptin.dll" filename = "\\Windows\\System32\\ploptin.dll" (normalized: "c:\\windows\\system32\\ploptin.dll") Region: id = 2488 start_va = 0x7fff0e070000 end_va = 0x7fff0e085fff entry_point = 0x7fff0e070000 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Thread: id = 95 os_tid = 0x3e8 Thread: id = 96 os_tid = 0x7a4 Thread: id = 97 os_tid = 0xbd0 Thread: id = 98 os_tid = 0xbcc Thread: id = 99 os_tid = 0xbc8 Thread: id = 100 os_tid = 0xbc4 Thread: id = 101 os_tid = 0xbc0 Thread: id = 102 os_tid = 0xbbc Thread: id = 103 os_tid = 0xbb8 Thread: id = 104 os_tid = 0xbb0 Thread: id = 105 os_tid = 0xbac Thread: id = 106 os_tid = 0xba4 Thread: id = 107 os_tid = 0xba0 Thread: id = 108 os_tid = 0xa78 Thread: id = 109 os_tid = 0xa74 Thread: id = 110 os_tid = 0xa68 Thread: id = 111 os_tid = 0xa64 Thread: id = 112 os_tid = 0xa50 Thread: id = 113 os_tid = 0xa4c Thread: id = 114 os_tid = 0xa48 Thread: id = 115 os_tid = 0xa40 Thread: id = 116 os_tid = 0xa0c Thread: id = 117 os_tid = 0x9d4 Thread: id = 118 os_tid = 0x9c4 Thread: id = 119 os_tid = 0x954 Thread: id = 120 os_tid = 0x948 Thread: id = 121 os_tid = 0x940 Thread: id = 122 os_tid = 0x93c Thread: id = 123 os_tid = 0x938 Thread: id = 124 os_tid = 0x930 Thread: id = 125 os_tid = 0x928 Thread: id = 126 os_tid = 0x924 Thread: id = 127 os_tid = 0x910 Thread: id = 128 os_tid = 0x90c Thread: id = 129 os_tid = 0x908 Thread: id = 130 os_tid = 0x8f8 Thread: id = 131 os_tid = 0x8f0 Thread: id = 132 os_tid = 0x8e8 Thread: id = 133 os_tid = 0x8e4 Thread: id = 134 os_tid = 0x8e0 Thread: id = 135 os_tid = 0x8dc Thread: id = 136 os_tid = 0x8d8 Thread: id = 137 os_tid = 0x8c8 Thread: id = 138 os_tid = 0x8c4 Thread: id = 139 os_tid = 0x8c0 Thread: id = 140 os_tid = 0x8ac Thread: id = 141 os_tid = 0x8a4 Thread: id = 142 os_tid = 0x864 Thread: id = 143 os_tid = 0x850 Thread: id = 144 os_tid = 0x83c Thread: id = 145 os_tid = 0x838 Thread: id = 146 os_tid = 0x834 Thread: id = 147 os_tid = 0x828 Thread: id = 148 os_tid = 0x824 Thread: id = 149 os_tid = 0x810 Thread: id = 150 os_tid = 0x80c Thread: id = 151 os_tid = 0x804 Thread: id = 152 os_tid = 0x698 Thread: id = 153 os_tid = 0x5f4 Thread: id = 154 os_tid = 0x7ac Thread: id = 155 os_tid = 0x778 Thread: id = 156 os_tid = 0x46c Thread: id = 157 os_tid = 0x2b8 Thread: id = 158 os_tid = 0x454 Thread: id = 159 os_tid = 0x758 Thread: id = 160 os_tid = 0x6b8 Thread: id = 161 os_tid = 0x688 Thread: id = 162 os_tid = 0x664 Thread: id = 163 os_tid = 0x94c [0262.302] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0x9b9fa08 | out: BaseAddress=0x9b9fa08*=0x7fff1f900000) returned 0x0 [0262.303] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtCreateSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9939e0) returned 0x0 [0262.304] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtUnmapViewOfSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9937e0) returned 0x0 [0262.304] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtMapViewOfSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9937c0) returned 0x0 [0262.304] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwOpenProcessToken", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f994680) returned 0x0 [0262.305] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwClose", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f993630) returned 0x0 [0262.305] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwQueryInformationToken", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f993750) returned 0x0 [0262.306] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwOpenProcess", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9937a0) returned 0x0 [0262.307] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="NtQuerySystemInformation", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9938a0) returned 0x0 [0262.307] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlNtStatusToDosError", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f90f0c0) returned 0x0 [0262.308] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwQueryInformationProcess", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9936d0) returned 0x0 [0262.308] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlImageDirectoryEntryToData", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f916850) returned 0x0 [0262.308] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_wcsupr", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9858a0) returned 0x0 [0262.309] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_strupr", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f984f60) returned 0x0 [0262.309] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memmove", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f997e80) returned 0x0 [0262.310] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="bsearch", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f986420) returned 0x0 [0262.310] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f985260) returned 0x0 [0262.311] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_strlwr", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f984e60) returned 0x0 [0262.311] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="atoi", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9843d0) returned 0x0 [0262.312] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="strstr", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f988bd0) returned 0x0 [0262.312] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="wcscpy", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f989650) returned 0x0 [0262.313] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="ZwQueryKey", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9936a0) returned 0x0 [0262.313] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlUpcaseUnicodeString", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f953170) returned 0x0 [0262.314] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlFreeUnicodeString", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f927110) returned 0x0 [0262.314] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="sprintf", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f987fb0) returned 0x0 [0262.315] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="_snprintf", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f984970) returned 0x0 [0262.315] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memset", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9981c0) returned 0x0 [0262.316] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f997e80) returned 0x0 [0262.316] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="strcpy", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9882f0) returned 0x0 [0262.317] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlAdjustPrivilege", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9732a0) returned 0x0 [0262.317] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="mbstowcs", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9875a0) returned 0x0 [0262.317] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="RtlImageNtHeader", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f916820) returned 0x0 [0262.318] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9876a0) returned 0x0 [0262.318] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="__C_specific_handler", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f983f20) returned 0x0 [0262.319] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f900000, Name="__chkstk", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f996290) returned 0x0 [0262.319] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x9b9fa08 | out: BaseAddress=0x9b9fa08*=0x7fff1f850000) returned 0x0 [0262.320] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetLocalTime", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86e9e0) returned 0x0 [0262.320] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenProcess", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86a8f0) returned 0x0 [0262.320] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualQueryEx", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8724a0) returned 0x0 [0262.321] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateRemoteThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8926d0) returned 0x0 [0262.322] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86eca0) returned 0x0 [0262.322] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetVersion", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f871fd0) returned 0x0 [0262.323] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetEndOfFile", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875ae0) returned 0x0 [0262.323] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RemoveDirectoryW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875ad0) returned 0x0 [0262.323] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetTempFileNameA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8759e0) returned 0x0 [0262.324] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9081b0) returned 0x0 [0262.324] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86baf0) returned 0x0 [0262.325] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86d680) returned 0x0 [0262.325] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875510) returned 0x0 [0262.326] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WriteProcessMemory", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86e710) returned 0x0 [0262.326] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875760) returned 0x0 [0262.327] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcmpiA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86bb10) returned 0x0 [0262.327] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870c70) returned 0x0 [0262.328] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f872080) returned 0x0 [0262.328] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866580) returned 0x0 [0262.329] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcmpA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86df40) returned 0x0 [0262.329] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetModuleHandleA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86e6d0) returned 0x0 [0262.330] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateFileMappingA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f855bc0) returned 0x0 [0262.330] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="MapViewOfFile", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86e950) returned 0x0 [0262.331] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f868f00) returned 0x0 [0262.331] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="UnmapViewOfFile", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86ecc0) returned 0x0 [0262.331] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GlobalLock", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866230) returned 0x0 [0262.332] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrlenA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86bb80) returned 0x0 [0262.332] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GlobalAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86b810) returned 0x0 [0262.333] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GlobalUnlock", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866170) returned 0x0 [0262.333] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f92ebf0) returned 0x0 [0262.334] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcpyA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86edf0) returned 0x0 [0262.334] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866060) returned 0x0 [0262.335] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866050) returned 0x0 [0262.335] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RemoveDirectoryA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875ac0) returned 0x0 [0262.335] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875790) returned 0x0 [0262.336] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcatA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870e30) returned 0x0 [0262.336] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875b80) returned 0x0 [0262.337] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateDirectoryA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875730) returned 0x0 [0262.337] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapDestroy", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f872e50) returned 0x0 [0262.338] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapCreate", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870f80) returned 0x0 [0262.338] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetEvent", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8756b0) returned 0x0 [0262.339] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f92d8d0) returned 0x0 [0262.339] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8660a0) returned 0x0 [0262.340] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindNextFileW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875880) returned 0x0 [0262.340] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CopyFileW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875d70) returned 0x0 [0262.341] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetWaitableTimer", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8756c0) returned 0x0 [0262.341] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LocalAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f869310) returned 0x0 [0262.342] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866470) returned 0x0 [0262.342] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866030) returned 0x0 [0262.343] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8664b0) returned 0x0 [0262.343] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f869490) returned 0x0 [0262.343] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateEventA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875560) returned 0x0 [0262.344] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetWindowsDirectoryA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8741b0) returned 0x0 [0262.345] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DeleteFileW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8757a0) returned 0x0 [0262.345] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateDirectoryW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875740) returned 0x0 [0262.346] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateWaitableTimerA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f873870) returned 0x0 [0262.346] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875a00) returned 0x0 [0262.347] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindFirstFileW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875840) returned 0x0 [0262.347] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f869320) returned 0x0 [0262.348] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f872c00) returned 0x0 [0262.348] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SuspendThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870d70) returned 0x0 [0262.349] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WaitForMultipleObjects", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8756e0) returned 0x0 [0262.349] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ResumeThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86f570) returned 0x0 [0262.350] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcpyW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870a80) returned 0x0 [0262.350] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FileTimeToSystemTime", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875bf0) returned 0x0 [0262.351] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86bc20) returned 0x0 [0262.351] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875770) returned 0x0 [0262.351] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ResetEvent", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8756a0) returned 0x0 [0262.352] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SwitchToThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86a960) returned 0x0 [0262.353] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcatW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f873830) returned 0x0 [0262.353] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateProcessW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86dee0) returned 0x0 [0262.354] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetFileSize", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875950) returned 0x0 [0262.354] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetFileAttributesW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875930) returned 0x0 [0262.354] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ExpandEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86e420) returned 0x0 [0262.355] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866090) returned 0x0 [0262.355] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f934420) returned 0x0 [0262.356] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866160) returned 0x0 [0262.356] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f934ec0) returned 0x0 [0262.357] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetComputerNameA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86c250) returned 0x0 [0262.357] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateMutexA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8755a0) returned 0x0 [0262.358] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenWaitableTimerA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f893a10) returned 0x0 [0262.358] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenMutexA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f855e30) returned 0x0 [0262.358] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetVolumeInformationA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875a20) returned 0x0 [0262.359] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WaitForSingleObject", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875700) returned 0x0 [0262.359] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ReleaseMutex", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875680) returned 0x0 [0262.360] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetComputerNameW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86c3c0) returned 0x0 [0262.360] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f9638f0) returned 0x0 [0262.361] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LoadLibraryExW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86b820) returned 0x0 [0262.361] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86aa40) returned 0x0 [0262.362] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualFree", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86bc10) returned 0x0 [0262.362] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetLogicalDriveStringsW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8759d0) returned 0x0 [0262.363] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetFileAttributesA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875900) returned 0x0 [0262.363] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenFileMappingA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f873c10) returned 0x0 [0262.364] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetExitCodeProcess", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86e450) returned 0x0 [0262.364] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateProcessA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86d5b0) returned 0x0 [0262.365] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcpynA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8936c0) returned 0x0 [0262.365] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LocalReAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f872c80) returned 0x0 [0262.366] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86dec0) returned 0x0 [0262.366] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866020) returned 0x0 [0262.367] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8664c0) returned 0x0 [0262.367] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86ed90) returned 0x0 [0262.367] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetVersionExW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86aa30) returned 0x0 [0262.368] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86eb90) returned 0x0 [0262.369] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875a90) returned 0x0 [0262.369] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SetFilePointer", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875b20) returned 0x0 [0262.370] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Thread32First", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8701b0) returned 0x0 [0262.370] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="QueueUserAPC", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86fe40) returned 0x0 [0262.371] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateToolhelp32Snapshot", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f876830) returned 0x0 [0262.371] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenThread", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86a970) returned 0x0 [0262.372] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Thread32Next", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866720) returned 0x0 [0262.372] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindFirstFileA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875800) returned 0x0 [0262.372] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindNextFileA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875860) returned 0x0 [0262.373] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="ConnectNamedPipe", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8730b0) returned 0x0 [0262.373] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetOverlappedResult", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86bb70) returned 0x0 [0262.374] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CancelIo", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f872f50) returned 0x0 [0262.374] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="DisconnectNamedPipe", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f873820) returned 0x0 [0262.375] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875890) returned 0x0 [0262.375] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CallNamedPipeA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f88fe50) returned 0x0 [0262.376] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="CreateNamedPipeA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f890070) returned 0x0 [0262.376] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86a940) returned 0x0 [0262.377] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="WaitNamedPipeA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f890670) returned 0x0 [0262.377] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f866070) returned 0x0 [0262.378] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="SleepEx", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8756d0) returned 0x0 [0262.378] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RemoveVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f97a5b0) returned 0x0 [0262.378] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="AddVectoredExceptionHandler", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f96a7b0) returned 0x0 [0262.379] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="OpenEventA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f875630) returned 0x0 [0262.379] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="lstrcmpiW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8665d0) returned 0x0 [0262.380] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="RaiseException", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86eba0) returned 0x0 [0262.381] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetSystemInfo", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86f580) returned 0x0 [0262.381] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Process32NextW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f86b8f0) returned 0x0 [0262.382] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="Process32FirstW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870020) returned 0x0 [0262.382] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="QueueUserWorkItem", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f870f60) returned 0x0 [0262.383] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FileTimeToLocalFileTime", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8757b0) returned 0x0 [0262.384] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8757c0) returned 0x0 [0262.385] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="GetDriveTypeW", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f8758f0) returned 0x0 [0262.385] LdrGetProcedureAddress (in: BaseAddress=0x7fff1f850000, Name="VirtualProtectEx", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1f893630) returned 0x0 [0262.385] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="AVIFIL32.dll", BaseAddress=0x9b9fa08 | out: BaseAddress=0x9b9fa08*=0x7fff1ab70000) returned 0x0 [0262.395] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIStreamRelease", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab769a0) returned 0x0 [0262.396] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIStreamWrite", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab77230) returned 0x0 [0262.396] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileOpenA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab768b0) returned 0x0 [0262.397] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileCreateStreamA", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab76c10) returned 0x0 [0262.397] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIStreamSetFormat", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab77070) returned 0x0 [0262.398] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileExit", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab76400) returned 0x0 [0262.399] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileInit", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab763d0) returned 0x0 [0262.399] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIMakeCompressedStream", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab77910) returned 0x0 [0262.411] LdrGetProcedureAddress (in: BaseAddress=0x7fff1ab70000, Name="AVIFileRelease", Ordinal=0x0, ProcedureAddress=0x9b9f9f0 | out: ProcedureAddress=0x9b9f9f0*=0x7fff1ab769a0) returned 0x0 [0262.411] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f9f8*=0xb020000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x4, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f9f8*=0xb020000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.411] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f990*=0xb021000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x20, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f990*=0xb021000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.411] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f990*=0xb059000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x2, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f990*=0xb059000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f990*=0xb083000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x4, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f990*=0xb083000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f990*=0xb088000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x2, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f990*=0xb088000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f990*=0xb08a000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x4, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f990*=0xb08a000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.412] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x9b9f990*=0xb08c000, NumberOfBytesToProtect=0x9b9fa00, NewAccessProtection=0x2, OldAccessProtection=0x9b9f9f0 | out: BaseAddress=0x9b9f990*=0xb08c000, NumberOfBytesToProtect=0x9b9fa00, OldAccessProtection=0x9b9f9f0*=0x40) returned 0x0 [0262.424] GetTickCount () returned 0xfdf7 [0262.424] GetModuleHandleA (lpModuleName=0x0) returned 0x7ff6e4e10000 [0262.424] GetVersion () returned 0x2800000a [0262.424] GetCurrentProcessId () returned 0x568 [0262.425] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb18 [0262.425] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xb55c830, nSize=0x104 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0262.425] lstrcpynA (in: lpString1=0x9b9f940, lpString2=".bss", iMaxLength=8 | out: lpString1=".bss") returned=".bss" [0262.426] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0262.427] GetProcAddress (hModule=0x7fff1f850000, lpProcName="IsWow64Process") returned 0x7fff1f86e960 [0262.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x568) returned 0x1640 [0262.427] IsWow64Process (in: hProcess=0x1640, Wow64Process=0x9b9f8e0 | out: Wow64Process=0x9b9f8e0) returned 1 [0262.427] CloseHandle (hObject=0x1640) returned 1 [0262.427] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fff1f7a0000 [0262.428] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x7fff1f7bd610 [0262.428] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x1 [0262.430] NtOpenProcess (in: ProcessHandle=0x9b9f898, DesiredAccess=0x400, ObjectAttributes=0x9b9f830*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x9b9f820*(UniqueProcess=0x568, UniqueThread=0x0) | out: ProcessHandle=0x9b9f898*=0x1418) returned 0x0 [0262.430] NtOpenProcessToken (in: ProcessHandle=0x1418, DesiredAccess=0x8, TokenHandle=0x9b9f890 | out: TokenHandle=0x9b9f890*=0x1444) returned 0x0 [0262.430] NtQueryInformationToken (in: TokenHandle=0x1444, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x9b9f880 | out: TokenInformation=0x0, ReturnLength=0x9b9f880) returned 0xc0000023 [0262.430] NtQueryInformationToken (in: TokenHandle=0x1444, TokenInformationClass=0x1, TokenInformation=0xb55ca40, TokenInformationLength=0x2c, ReturnLength=0x9b9f880 | out: TokenInformation=0xb55ca40, ReturnLength=0x9b9f880) returned 0x0 [0262.430] NtClose (Handle=0x1444) returned 0x0 [0262.459] NtClose (Handle=0x1418) returned 0x0 [0262.459] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7fff1f690000 [0262.460] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrRChrA") returned 0x7fff1f6a4dd0 [0262.460] StrRChrA (lpStart="C:\\Windows\\Explorer.EXE", lpEnd=0x0, wMatch=0x5c) returned="\\Explorer.EXE" [0262.460] _strupr (in: _String=0xb55c83b | out: _String="EXPLORER.EXE") returned="EXPLORER.EXE" [0262.460] lstrlenA (lpString="EXPLORER.EXE") returned 12 [0262.460] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1418 [0262.460] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x7fff1da90000 [0262.461] GetProcAddress (hModule=0x7fff1da90000, lpProcName="wsprintfA") returned 0x7fff1dab2610 [0262.462] wsprintfA (in: param_1=0xb55ca40, param_2="%08X-%04X-%04X-%04X-%08X%04X" | out: param_1="667F6611-8D0F-88EB-47FA-113C6BCED530") returned 36 [0262.462] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\") returned 39 [0262.462] lstrcpyA (in: lpString1=0xb55ca70, lpString2="Software\\AppDataLow\\Software\\Microsoft\\" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\") returned="Software\\AppDataLow\\Software\\Microsoft\\" [0262.462] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\", lpString2="667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0262.462] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0262.462] lstrlenA (lpString="\\Vars") returned 5 [0262.462] lstrcpyA (in: lpString1=0xb55cad0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0262.462] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Vars" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Vars" [0262.462] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0262.462] lstrlenA (lpString="\\Files") returned 6 [0262.462] lstrcpyA (in: lpString1=0xb55cb30, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0262.462] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Files" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Files" [0262.462] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0262.462] lstrlenA (lpString="\\Run") returned 4 [0262.462] lstrcpyA (in: lpString1=0xb55cb90, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0262.462] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Run" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Run" [0262.462] lstrlenA (lpString="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned 75 [0262.462] lstrlenA (lpString="\\Config") returned 7 [0262.462] lstrcpyA (in: lpString1=0xb55cbf0, lpString2="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530" [0262.462] lstrcatA (in: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", lpString2="\\Config" | out: lpString1="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config") returned="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530\\Config" [0262.462] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.463] lstrcpyA (in: lpString1=0xb55cc50, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.463] lstrcatA (in: lpString1="Local\\", lpString2="{2F87B751-C28A-394B-44D3-167DB8B7AA01}" | out: lpString1="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}" [0262.463] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.463] lstrcpyA (in: lpString1=0xb55cc90, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.463] lstrcatA (in: lpString1="Local\\", lpString2="{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" | out: lpString1="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}" [0262.463] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.463] lstrcpyA (in: lpString1=0xb55ccd0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.463] lstrcatA (in: lpString1="Local\\", lpString2="{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" | out: lpString1="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}" [0262.463] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.463] lstrcpyA (in: lpString1=0xb55cd10, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.463] lstrcatA (in: lpString1="Local\\", lpString2="{62D813F7-59FC-E439-F3B6-9D58D74A210C}" | out: lpString1="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}" [0262.463] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{FB999B87-1EC7-E503-005F-32E93403862D}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.463] lstrcpyA (in: lpString1=0xb55cd50, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.463] lstrcatA (in: lpString1="Local\\", lpString2="{FB999B87-1EC7-E503-005F-32E93403862D}" | out: lpString1="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}" [0262.463] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.463] lstrcpyA (in: lpString1=0xb55cd90, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.463] lstrcatA (in: lpString1="Local\\", lpString2="{A8435A97-E752-1A33-B15C-0BEE75506F02}" | out: lpString1="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}" [0262.463] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned 38 [0262.463] lstrlenA (lpString="Local\\") returned 6 [0262.464] lstrcpyA (in: lpString1=0xb55cdd0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.464] lstrcatA (in: lpString1="Local\\", lpString2="{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" | out: lpString1="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}") returned="Local\\{793DD25A-8448-133A-56BD-F8F7EA41AC1B}" [0262.464] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{BEE2402B-052B-A020-7FD2-09D423264D48}") returned 38 [0262.464] lstrlenA (lpString="Local\\") returned 6 [0262.464] lstrcpyA (in: lpString1=0xb55ce10, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.464] lstrcatA (in: lpString1="Local\\", lpString2="{BEE2402B-052B-A020-7FD2-09D423264D48}" | out: lpString1="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}") returned="Local\\{BEE2402B-052B-A020-7FD2-09D423264D48}" [0262.464] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned 38 [0262.464] lstrlenA (lpString="\\\\.\\pipe\\") returned 9 [0262.464] lstrcpyA (in: lpString1=0xb55ce50, lpString2="\\\\.\\pipe\\" | out: lpString1="\\\\.\\pipe\\") returned="\\\\.\\pipe\\" [0262.464] lstrcatA (in: lpString1="\\\\.\\pipe\\", lpString2="{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" | out: lpString1="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}") returned="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" [0262.464] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned 38 [0262.464] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0262.464] lstrcpyA (in: lpString1=0xb55ce90, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0262.464] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{24A75F92-33C8-F66F-DD98-178A614C3B5E}" | out: lpString1="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}") returned="%APPDATA%\\Microsoft\\{24A75F92-33C8-F66F-DD98-178A614C3B5E}" [0262.464] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned 38 [0262.464] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0262.464] lstrcpyA (in: lpString1=0xb55cee0, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0262.464] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{25E2F79F-402D-9FBF-7229-7443C66DE827}" | out: lpString1="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}") returned="%APPDATA%\\Microsoft\\{25E2F79F-402D-9FBF-7229-7443C66DE827}" [0262.464] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned 38 [0262.464] lstrlenA (lpString="%APPDATA%\\Microsoft\\") returned 20 [0262.464] lstrcpyA (in: lpString1=0xb55cf30, lpString2="%APPDATA%\\Microsoft\\" | out: lpString1="%APPDATA%\\Microsoft\\") returned="%APPDATA%\\Microsoft\\" [0262.464] lstrcatA (in: lpString1="%APPDATA%\\Microsoft\\", lpString2="{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" | out: lpString1="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}") returned="%APPDATA%\\Microsoft\\{5A76122F-F1D1-9CA2-4B2E-B590AF42B9C4}" [0262.464] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 38 [0262.464] lstrlenA (lpString="Local\\") returned 6 [0262.465] lstrcpyA (in: lpString1=0xb55cf80, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.465] lstrcatA (in: lpString1="Local\\", lpString2="{53667D0F-9637-FD89-3837-2A81EC5BFE45}" | out: lpString1="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}" [0262.465] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 38 [0262.465] lstrlenA (lpString="Local\\") returned 6 [0262.465] lstrcpyA (in: lpString1=0xb55cfc0, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.465] lstrcatA (in: lpString1="Local\\", lpString2="{E089BDC1-BF33-12AE-4914-63668D8847FA}" | out: lpString1="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}" [0262.465] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 38 [0262.465] lstrlenA (lpString="Local\\") returned 6 [0262.465] lstrcpyA (in: lpString1=0xb55d000, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.465] lstrcatA (in: lpString1="Local\\", lpString2="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" | out: lpString1="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0262.465] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned 38 [0262.465] lstrlenA (lpString="Local\\") returned 6 [0262.465] lstrcpyA (in: lpString1=0xb55d040, lpString2="Local\\" | out: lpString1="Local\\") returned="Local\\" [0262.465] lstrcatA (in: lpString1="Local\\", lpString2="{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" | out: lpString1="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}") returned="Local\\{36CFCEF2-1DFD-D85B-57CA-A18C7B9E6580}" [0262.465] wsprintfA (in: param_1=0xb55ca40, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{AE35B69A-3501-1021-2FC2-3944D3167DB8}") returned 38 [0262.465] lstrcatA (in: lpString1="", lpString2="{AE35B69A-3501-1021-2FC2-3944D3167DB8}" | out: lpString1="{AE35B69A-3501-1021-2FC2-3944D3167DB8}") returned="{AE35B69A-3501-1021-2FC2-3944D3167DB8}" [0262.465] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0xb03c4bc) returned 0xa878220 [0262.465] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="{AE35B69A-3501-1021-2FC2-3944D3167DB8}") returned 0x1444 [0262.465] GetLastError () returned 0x0 [0262.466] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegOpenKeyA") returned 0x7fff1f7bb9e0 [0262.466] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x9b9f7d0 | out: phkResult=0x9b9f7d0*=0x1448) returned 0x0 [0262.466] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegQueryValueExA") returned 0x7fff1f7b7dd0 [0262.466] RegQueryValueExA (in: hKey=0x1448, lpValueName="Ini", lpReserved=0x0, lpType=0x9b9f750, lpData=0x0, lpcbData=0x9b9f7c8*=0xb08d018 | out: lpType=0x9b9f750*=0x0, lpData=0x0, lpcbData=0x9b9f7c8*=0x0) returned 0x2 [0262.467] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegCloseKey") returned 0x7fff1f7b72e0 [0262.467] RegCloseKey (hKey=0x1448) returned 0x0 [0262.468] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrToIntExA") returned 0x7fff1f6a4e70 [0262.468] StrToIntExA (in: pszString="40", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="1200", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="10", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="1000", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="12", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="60", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] StrToIntExA (in: pszString="300", dwFlags=0x0, piRet=0x9b9f7c8 | out: piRet=0x9b9f7c8) returned 1 [0262.468] lstrlenA (lpString="CBA16FFC891E31A5") returned 16 [0262.468] lstrlenA (lpString="makarcheck.com niperola.com") returned 27 [0262.469] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrChrA") returned 0x7fff1f6a4cc0 [0262.469] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0262.469] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0262.469] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrTrimA") returned 0x7fff1f6a4e80 [0262.469] StrTrimA (in: psz="makarcheck.com niperola.com", pszTrimChars=" \x09" | out: psz="makarcheck.com niperola.com") returned 0 [0262.469] StrChrA (lpStart="makarcheck.com niperola.com", wMatch=0x20) returned=" niperola.com" [0262.469] StrTrimA (in: psz="niperola.com", pszTrimChars=" \x09" | out: psz="niperola.com") returned 0 [0262.469] StrChrA (lpStart="niperola.com", wMatch=0x20) returned 0x0 [0262.470] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0262.470] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7fff1f900000 [0262.471] GetModuleHandleA (lpModuleName="kernelbase") returned 0x7fff1cdf0000 [0262.472] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="GetUserNameA") returned 0x7fff1f7cec40 [0262.472] GetUserNameA (in: lpBuffer=0x0, pcbBuffer=0x9b9f888 | out: lpBuffer=0x0, pcbBuffer=0x9b9f888) returned 0 [0262.472] GetUserNameA (in: lpBuffer=0xb55d1e0, pcbBuffer=0x9b9f888 | out: lpBuffer="CIiHmnxMn6Ps", pcbBuffer=0x9b9f888) returned 1 [0262.473] GetModuleHandleA (lpModuleName="NTDLL.DLL") returned 0x7fff1f900000 [0262.473] lstrlenA (lpString="A_SHAFinal") returned 10 [0262.473] lstrlenA (lpString="A_SHAInit") returned 9 [0262.473] lstrlenA (lpString="A_SHAUpdate") returned 11 [0262.473] lstrlenA (lpString="AlpcAdjustCompletionListConcurrencyCount") returned 40 [0262.473] lstrlenA (lpString="AlpcFreeCompletionListMessage") returned 29 [0262.474] lstrlenA (lpString="AlpcGetCompletionListLastMessageInformation") returned 43 [0262.474] lstrlenA (lpString="AlpcGetCompletionListMessageAttributes") returned 38 [0262.474] lstrlenA (lpString="AlpcGetHeaderSize") returned 17 [0262.474] lstrlenA (lpString="AlpcGetMessageAttribute") returned 23 [0262.474] lstrlenA (lpString="AlpcGetMessageFromCompletionList") returned 32 [0262.474] lstrlenA (lpString="AlpcGetOutstandingCompletionListMessageCount") returned 44 [0262.474] lstrlenA (lpString="AlpcInitializeMessageAttribute") returned 30 [0262.474] lstrlenA (lpString="AlpcMaxAllowedMessageLength") returned 27 [0262.474] lstrlenA (lpString="AlpcRegisterCompletionList") returned 26 [0262.474] lstrlenA (lpString="AlpcRegisterCompletionListWorkerThread") returned 38 [0262.474] lstrlenA (lpString="AlpcRundownCompletionList") returned 25 [0262.474] lstrlenA (lpString="AlpcUnregisterCompletionList") returned 28 [0262.474] lstrlenA (lpString="AlpcUnregisterCompletionListWorkerThread") returned 40 [0262.474] lstrlenA (lpString="ApiSetQueryApiSetPresence") returned 25 [0262.474] lstrlenA (lpString="CsrAllocateCaptureBuffer") returned 24 [0262.474] lstrlenA (lpString="CsrAllocateMessagePointer") returned 25 [0262.474] lstrlenA (lpString="CsrCaptureMessageBuffer") returned 23 [0262.474] lstrlenA (lpString="CsrCaptureMessageMultiUnicodeStringsInPlace") returned 43 [0262.474] lstrlenA (lpString="CsrCaptureMessageString") returned 23 [0262.474] lstrlenA (lpString="CsrCaptureTimeout") returned 17 [0262.474] lstrlenA (lpString="CsrClientCallServer") returned 19 [0262.474] lstrlenA (lpString="CsrClientConnectToServer") returned 24 [0262.474] lstrlenA (lpString="CsrFreeCaptureBuffer") returned 20 [0262.474] lstrlenA (lpString="CsrGetProcessId") returned 15 [0262.474] lstrlenA (lpString="CsrIdentifyAlertableThread") returned 26 [0262.474] lstrlenA (lpString="CsrSetPriorityClass") returned 19 [0262.474] lstrlenA (lpString="CsrVerifyRegion") returned 15 [0262.474] lstrlenA (lpString="DbgBreakPoint") returned 13 [0262.474] lstrlenA (lpString="DbgPrint") returned 8 [0262.474] lstrlenA (lpString="DbgPrintEx") returned 10 [0262.474] lstrlenA (lpString="DbgPrintReturnControlC") returned 22 [0262.474] lstrlenA (lpString="DbgPrompt") returned 9 [0262.474] lstrlenA (lpString="DbgQueryDebugFilterState") returned 24 [0262.474] lstrlenA (lpString="DbgSetDebugFilterState") returned 22 [0262.474] lstrlenA (lpString="DbgUiConnectToDbg") returned 17 [0262.474] lstrlenA (lpString="DbgUiContinue") returned 13 [0262.475] lstrlenA (lpString="DbgUiConvertStateChangeStructure") returned 32 [0262.475] lstrlenA (lpString="DbgUiConvertStateChangeStructureEx") returned 34 [0262.475] lstrlenA (lpString="DbgUiDebugActiveProcess") returned 23 [0262.475] lstrlenA (lpString="DbgUiGetThreadDebugObject") returned 25 [0262.475] lstrlenA (lpString="DbgUiIssueRemoteBreakin") returned 23 [0262.475] lstrlenA (lpString="DbgUiRemoteBreakin") returned 18 [0262.475] lstrlenA (lpString="DbgUiSetThreadDebugObject") returned 25 [0262.475] lstrlenA (lpString="DbgUiStopDebugging") returned 18 [0262.475] lstrlenA (lpString="DbgUiWaitStateChange") returned 20 [0262.475] lstrlenA (lpString="DbgUserBreakPoint") returned 17 [0262.475] lstrlenA (lpString="EtwCreateTraceInstanceId") returned 24 [0262.475] lstrlenA (lpString="EtwDeliverDataBlock") returned 19 [0262.475] lstrlenA (lpString="EtwEnumerateProcessRegGuids") returned 27 [0262.475] lstrlenA (lpString="EtwEventActivityIdControl") returned 25 [0262.475] lstrlenA (lpString="EtwEventEnabled") returned 15 [0262.475] lstrlenA (lpString="EtwEventProviderEnabled") returned 23 [0262.475] lstrlenA (lpString="EtwEventRegister") returned 16 [0262.475] lstrlenA (lpString="EtwEventSetInformation") returned 22 [0262.475] lstrlenA (lpString="EtwEventUnregister") returned 18 [0262.475] lstrlenA (lpString="EtwEventWrite") returned 13 [0262.475] lstrlenA (lpString="EtwEventWriteEndScenario") returned 24 [0262.475] lstrlenA (lpString="EtwEventWriteEx") returned 15 [0262.475] lstrlenA (lpString="EtwEventWriteFull") returned 17 [0262.475] lstrlenA (lpString="EtwEventWriteNoRegistration") returned 27 [0262.475] lstrlenA (lpString="EtwEventWriteStartScenario") returned 26 [0262.475] lstrlenA (lpString="EtwEventWriteString") returned 19 [0262.475] lstrlenA (lpString="EtwEventWriteTransfer") returned 21 [0262.475] lstrlenA (lpString="EtwGetTraceEnableFlags") returned 22 [0262.475] lstrlenA (lpString="EtwGetTraceEnableLevel") returned 22 [0262.475] lstrlenA (lpString="EtwGetTraceLoggerHandle") returned 23 [0262.475] lstrlenA (lpString="EtwLogTraceEvent") returned 16 [0262.475] lstrlenA (lpString="EtwNotificationRegister") returned 23 [0262.475] lstrlenA (lpString="EtwNotificationUnregister") returned 25 [0262.475] lstrlenA (lpString="EtwProcessPrivateLoggerRequest") returned 30 [0262.475] lstrlenA (lpString="EtwRegisterSecurityProvider") returned 27 [0262.475] lstrlenA (lpString="EtwRegisterTraceGuidsA") returned 22 [0262.475] lstrlenA (lpString="EtwRegisterTraceGuidsW") returned 22 [0262.475] lstrlenA (lpString="EtwReplyNotification") returned 20 [0262.476] lstrlenA (lpString="EtwSendNotification") returned 19 [0262.476] lstrlenA (lpString="EtwSetMark") returned 10 [0262.476] lstrlenA (lpString="EtwTraceEventInstance") returned 21 [0262.476] lstrlenA (lpString="EtwTraceMessage") returned 15 [0262.476] lstrlenA (lpString="EtwTraceMessageVa") returned 17 [0262.476] lstrlenA (lpString="EtwUnregisterTraceGuids") returned 23 [0262.476] lstrlenA (lpString="EtwWriteUMSecurityEvent") returned 23 [0262.476] lstrlenA (lpString="EtwpCreateEtwThread") returned 19 [0262.476] lstrlenA (lpString="EtwpGetCpuSpeed") returned 15 [0262.476] lstrlenA (lpString="EvtIntReportAuthzEventAndSourceAsync") returned 36 [0262.476] lstrlenA (lpString="EvtIntReportEventAndSourceAsync") returned 31 [0262.476] lstrlenA (lpString="ExpInterlockedPopEntrySListEnd") returned 30 [0262.476] lstrlenA (lpString="ExpInterlockedPopEntrySListFault") returned 32 [0262.476] lstrlenA (lpString="ExpInterlockedPopEntrySListResume") returned 33 [0262.476] lstrlenA (lpString="KiRaiseUserExceptionDispatcher") returned 30 [0262.476] lstrlenA (lpString="KiUserApcDispatcher") returned 19 [0262.476] lstrlenA (lpString="KiUserCallbackDispatcher") returned 24 [0262.476] lstrlenA (lpString="KiUserExceptionDispatcher") returned 25 [0262.476] lstrlenA (lpString="KiUserInvertedFunctionTable") returned 27 [0262.476] lstrlenA (lpString="LdrAccessResource") returned 17 [0262.476] lstrlenA (lpString="LdrAddDllDirectory") returned 18 [0262.476] lstrlenA (lpString="LdrAddLoadAsDataTable") returned 21 [0262.476] lstrlenA (lpString="LdrAddRefDll") returned 12 [0262.476] lstrlenA (lpString="LdrAppxHandleIntegrityFailure") returned 29 [0262.476] lstrlenA (lpString="LdrDisableThreadCalloutsForDll") returned 30 [0262.476] lstrlenA (lpString="LdrEnumResources") returned 16 [0262.476] lstrlenA (lpString="LdrEnumerateLoadedModules") returned 25 [0262.476] lstrlenA (lpString="LdrFastFailInLoaderCallout") returned 26 [0262.476] lstrlenA (lpString="LdrFindEntryForAddress") returned 22 [0262.476] lstrlenA (lpString="LdrFindResourceDirectory_U") returned 26 [0262.476] lstrlenA (lpString="LdrFindResourceEx_U") returned 19 [0262.476] lstrlenA (lpString="LdrFindResource_U") returned 17 [0262.476] lstrlenA (lpString="LdrFlushAlternateResourceModules") returned 32 [0262.476] lstrlenA (lpString="LdrGetDllDirectory") returned 18 [0262.476] lstrlenA (lpString="LdrGetDllFullName") returned 17 [0262.476] lstrlenA (lpString="LdrGetDllHandle") returned 15 [0262.476] lstrlenA (lpString="LdrGetDllHandleByMapping") returned 24 [0262.476] lstrlenA (lpString="LdrGetDllHandleByName") returned 21 [0262.476] lstrlenA (lpString="LdrGetDllHandleEx") returned 17 [0262.476] lstrlenA (lpString="LdrGetDllPath") returned 13 [0262.476] lstrlenA (lpString="LdrGetFailureData") returned 17 [0262.476] lstrlenA (lpString="LdrGetFileNameFromLoadAsDataTable") returned 33 [0262.476] lstrlenA (lpString="LdrGetKnownDllSectionHandle") returned 27 [0262.476] lstrlenA (lpString="LdrGetProcedureAddress") returned 22 [0262.476] lstrlenA (lpString="LdrGetProcedureAddressEx") returned 24 [0262.476] lstrlenA (lpString="LdrGetProcedureAddressForCaller") returned 31 [0262.476] lstrlenA (lpString="LdrInitShimEngineDynamic") returned 24 [0262.477] lstrlenA (lpString="LdrInitializeThunk") returned 18 [0262.477] lstrlenA (lpString="LdrLoadAlternateResourceModule") returned 30 [0262.477] lstrlenA (lpString="LdrLoadAlternateResourceModuleEx") returned 32 [0262.477] lstrlenA (lpString="LdrLoadDll") returned 10 [0262.477] lstrlenA (lpString="LdrLockLoaderLock") returned 17 [0262.477] lstrlenA (lpString="LdrOpenImageFileOptionsKey") returned 26 [0262.477] lstrlenA (lpString="LdrProcessInitializationComplete") returned 32 [0262.477] lstrlenA (lpString="LdrProcessRelocationBlock") returned 25 [0262.477] lstrlenA (lpString="LdrProcessRelocationBlockEx") returned 27 [0262.477] lstrlenA (lpString="LdrQueryImageFileExecutionOptions") returned 33 [0262.477] lstrlenA (lpString="LdrQueryImageFileExecutionOptionsEx") returned 35 [0262.477] lstrlenA (lpString="LdrQueryImageFileKeyOption") returned 26 [0262.477] lstrlenA (lpString="LdrQueryModuleServiceTags") returned 25 [0262.477] lstrlenA (lpString="LdrQueryOptionalDelayLoadedAPI") returned 30 [0262.477] lstrlenA (lpString="LdrQueryProcessModuleInformation") returned 32 [0262.477] lstrlenA (lpString="LdrRegisterDllNotification") returned 26 [0262.477] lstrlenA (lpString="LdrRemoveDllDirectory") returned 21 [0262.477] lstrlenA (lpString="LdrRemoveLoadAsDataTable") returned 24 [0262.477] lstrlenA (lpString="LdrResFindResource") returned 18 [0262.477] lstrlenA (lpString="LdrResFindResourceDirectory") returned 27 [0262.477] lstrlenA (lpString="LdrResGetRCConfig") returned 17 [0262.477] lstrlenA (lpString="LdrResRelease") returned 13 [0262.477] lstrlenA (lpString="LdrResSearchResource") returned 20 [0262.477] lstrlenA (lpString="LdrResolveDelayLoadedAPI") returned 24 [0262.477] lstrlenA (lpString="LdrResolveDelayLoadsFromDll") returned 27 [0262.477] lstrlenA (lpString="LdrRscIsTypeExist") returned 17 [0262.477] lstrlenA (lpString="LdrSetAppCompatDllRedirectionCallback") returned 37 [0262.477] lstrlenA (lpString="LdrSetDefaultDllDirectories") returned 27 [0262.477] lstrlenA (lpString="LdrSetDllDirectory") returned 18 [0262.477] lstrlenA (lpString="LdrSetDllManifestProber") returned 23 [0262.477] lstrlenA (lpString="LdrSetImplicitPathOptions") returned 25 [0262.477] lstrlenA (lpString="LdrSetMUICacheType") returned 18 [0262.477] lstrlenA (lpString="LdrShutdownProcess") returned 18 [0262.477] lstrlenA (lpString="LdrShutdownThread") returned 17 [0262.477] lstrlenA (lpString="LdrStandardizeSystemPath") returned 24 [0262.478] lstrlenA (lpString="LdrSystemDllInitBlock") returned 21 [0262.478] lstrlenA (lpString="LdrUnloadAlternateResourceModule") returned 32 [0262.478] lstrlenA (lpString="LdrUnloadAlternateResourceModuleEx") returned 34 [0262.478] lstrlenA (lpString="LdrUnloadDll") returned 12 [0262.478] lstrlenA (lpString="LdrUnlockLoaderLock") returned 19 [0262.478] lstrlenA (lpString="LdrUnregisterDllNotification") returned 28 [0262.478] lstrlenA (lpString="LdrVerifyImageMatchesChecksum") returned 29 [0262.478] lstrlenA (lpString="LdrVerifyImageMatchesChecksumEx") returned 31 [0262.478] lstrlenA (lpString="LdrpResGetMappingSize") returned 21 [0262.478] lstrlenA (lpString="LdrpResGetResourceDirectory") returned 27 [0262.478] lstrlenA (lpString="MD4Final") returned 8 [0262.478] lstrlenA (lpString="MD4Init") returned 7 [0262.478] lstrlenA (lpString="MD4Update") returned 9 [0262.478] lstrlenA (lpString="MD5Final") returned 8 [0262.478] lstrlenA (lpString="MD5Init") returned 7 [0262.478] lstrlenA (lpString="MD5Update") returned 9 [0262.478] lstrlenA (lpString="NlsAnsiCodePage") returned 15 [0262.478] lstrlenA (lpString="NlsMbCodePageTag") returned 16 [0262.478] lstrlenA (lpString="NlsMbOemCodePageTag") returned 19 [0262.478] lstrlenA (lpString="NtAcceptConnectPort") returned 19 [0262.478] lstrlenA (lpString="NtAccessCheck") returned 13 [0262.478] lstrlenA (lpString="NtAccessCheckAndAuditAlarm") returned 26 [0262.478] lstrlenA (lpString="NtAccessCheckByType") returned 19 [0262.478] lstrlenA (lpString="NtAccessCheckByTypeAndAuditAlarm") returned 32 [0262.478] lstrlenA (lpString="NtAccessCheckByTypeResultList") returned 29 [0262.478] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarm") returned 42 [0262.478] lstrlenA (lpString="NtAccessCheckByTypeResultListAndAuditAlarmByHandle") returned 50 [0262.478] lstrlenA (lpString="NtAddAtom") returned 9 [0262.478] lstrlenA (lpString="NtAddAtomEx") returned 11 [0262.478] lstrlenA (lpString="NtAddBootEntry") returned 14 [0262.478] lstrlenA (lpString="NtAddDriverEntry") returned 16 [0262.478] lstrlenA (lpString="NtAdjustGroupsToken") returned 19 [0262.478] lstrlenA (lpString="NtAdjustPrivilegesToken") returned 23 [0262.478] lstrlenA (lpString="NtAdjustTokenClaimsAndDeviceGroups") returned 34 [0262.478] lstrlenA (lpString="NtAlertResumeThread") returned 19 [0262.478] lstrlenA (lpString="NtAlertThread") returned 13 [0262.478] lstrlenA (lpString="NtAlertThreadByThreadId") returned 23 [0262.478] lstrlenA (lpString="NtAllocateLocallyUniqueId") returned 25 [0262.478] lstrlenA (lpString="NtAllocateReserveObject") returned 23 [0262.478] lstrlenA (lpString="NtAllocateUserPhysicalPages") returned 27 [0262.478] lstrlenA (lpString="NtAllocateUuids") returned 15 [0262.479] lstrlenA (lpString="NtAllocateVirtualMemory") returned 23 [0262.479] lstrlenA (lpString="NtAlpcAcceptConnectPort") returned 23 [0262.479] lstrlenA (lpString="NtAlpcCancelMessage") returned 19 [0262.479] lstrlenA (lpString="NtAlpcConnectPort") returned 17 [0262.479] lstrlenA (lpString="NtAlpcConnectPortEx") returned 19 [0262.479] lstrlenA (lpString="NtAlpcCreatePort") returned 16 [0262.479] lstrlenA (lpString="NtAlpcCreatePortSection") returned 23 [0262.479] lstrlenA (lpString="NtAlpcCreateResourceReserve") returned 27 [0262.479] lstrlenA (lpString="NtAlpcCreateSectionView") returned 23 [0262.479] lstrlenA (lpString="NtAlpcCreateSecurityContext") returned 27 [0262.479] lstrlenA (lpString="NtAlpcDeletePortSection") returned 23 [0262.479] lstrlenA (lpString="NtAlpcDeleteResourceReserve") returned 27 [0262.479] lstrlenA (lpString="NtAlpcDeleteSectionView") returned 23 [0262.479] lstrlenA (lpString="NtAlpcDeleteSecurityContext") returned 27 [0262.479] lstrlenA (lpString="NtAlpcDisconnectPort") returned 20 [0262.479] lstrlenA (lpString="NtAlpcImpersonateClientContainerOfPort") returned 38 [0262.479] lstrlenA (lpString="NtAlpcImpersonateClientOfPort") returned 29 [0262.479] lstrlenA (lpString="NtAlpcOpenSenderProcess") returned 23 [0262.479] lstrlenA (lpString="NtAlpcOpenSenderThread") returned 22 [0262.479] lstrlenA (lpString="NtAlpcQueryInformation") returned 22 [0262.479] lstrlenA (lpString="NtAlpcQueryInformationMessage") returned 29 [0262.479] lstrlenA (lpString="NtAlpcRevokeSecurityContext") returned 27 [0262.479] lstrlenA (lpString="NtAlpcSendWaitReceivePort") returned 25 [0262.479] lstrlenA (lpString="NtAlpcSetInformation") returned 20 [0262.479] lstrlenA (lpString="NtApphelpCacheControl") returned 21 [0262.479] lstrlenA (lpString="NtAreMappedFilesTheSame") returned 23 [0262.479] lstrlenA (lpString="NtAssignProcessToJobObject") returned 26 [0262.479] lstrlenA (lpString="NtAssociateWaitCompletionPacket") returned 31 [0262.479] lstrlenA (lpString="NtCallbackReturn") returned 16 [0262.479] lstrlenA (lpString="NtCancelIoFile") returned 14 [0262.479] lstrlenA (lpString="NtCancelIoFileEx") returned 16 [0262.479] lstrlenA (lpString="NtCancelSynchronousIoFile") returned 25 [0262.479] lstrlenA (lpString="NtCancelTimer") returned 13 [0262.479] lstrlenA (lpString="NtCancelTimer2") returned 14 [0262.479] lstrlenA (lpString="NtCancelWaitCompletionPacket") returned 28 [0262.479] lstrlenA (lpString="NtClearEvent") returned 12 [0262.479] lstrlenA (lpString="NtClose") returned 7 [0262.479] lstrlenA (lpString="NtCloseObjectAuditAlarm") returned 23 [0262.479] lstrlenA (lpString="NtCommitComplete") returned 16 [0262.479] lstrlenA (lpString="NtCommitEnlistment") returned 18 [0262.479] lstrlenA (lpString="NtCommitTransaction") returned 19 [0262.479] lstrlenA (lpString="NtCompactKeys") returned 13 [0262.479] lstrlenA (lpString="NtCompareObjects") returned 16 [0262.479] lstrlenA (lpString="NtCompareTokens") returned 15 [0262.479] lstrlenA (lpString="NtCompleteConnectPort") returned 21 [0262.479] lstrlenA (lpString="NtCompressKey") returned 13 [0262.480] lstrlenA (lpString="NtConnectPort") returned 13 [0262.485] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7fff1f7a0000 [0262.486] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0262.486] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessW") returned -1 [0262.486] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0262.487] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessW") returned -1 [0262.488] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="Beep", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessW") returned -1 [0262.489] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessW") returned -1 [0262.490] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessW") returned -1 [0262.491] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessW") returned -1 [0262.492] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateProcessInternalA", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateProcessInternalW", lpString2="CreateProcessW") returned -1 [0262.493] lstrcmpA (lpString1="CreateProcessW", lpString2="CreateProcessW") returned 0 [0262.493] VirtualProtect (in: lpAddress=0x7fff1f8db780, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x2) returned 1 [0262.494] VirtualProtect (in: lpAddress=0x7fff1f8c3a00, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x20) returned 1 [0262.495] VirtualProtect (in: lpAddress=0x7fff1f8c3a00, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x40) returned 1 [0262.495] VirtualProtect (in: lpAddress=0x7fff1f8db780, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x40) returned 1 [0262.495] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f660, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f660, ReturnLength=0x0) returned 0x0 [0262.496] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0262.496] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0262.496] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessA") returned -1 [0262.497] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessA") returned -1 [0262.498] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="Beep", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessA") returned -1 [0262.499] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessA") returned -1 [0262.500] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessA") returned -1 [0262.501] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessA") returned -1 [0262.502] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessA") returned 0 [0262.502] VirtualProtect (in: lpAddress=0x7fff1f8db76c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x2) returned 1 [0262.503] VirtualProtect (in: lpAddress=0x7fff1f8c3a0e, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x20) returned 1 [0262.504] VirtualProtect (in: lpAddress=0x7fff1f8c3a0e, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x40) returned 1 [0262.504] VirtualProtect (in: lpAddress=0x7fff1f8db76c, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x40) returned 1 [0262.504] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f660, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f660, ReturnLength=0x0) returned 0x0 [0262.504] GetModuleHandleA (lpModuleName="KERNEL32.DLL") returned 0x7fff1f850000 [0262.504] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="CreateProcessAsUserW") returned -1 [0262.504] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="CreateProcessAsUserW") returned -1 [0262.504] lstrcmpA (lpString1="ActivateActCtx", lpString2="CreateProcessAsUserW") returned -1 [0262.504] lstrcmpA (lpString1="ActivateActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.504] lstrcmpA (lpString1="AddAtomA", lpString2="CreateProcessAsUserW") returned -1 [0262.504] lstrcmpA (lpString1="AddAtomW", lpString2="CreateProcessAsUserW") returned -1 [0262.504] lstrcmpA (lpString1="AddConsoleAliasA", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddConsoleAliasW", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddDllDirectory", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddIntegrityLabelToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddLocalAlternateComputerNameA", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddLocalAlternateComputerNameW", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddRefActCtx", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddRefActCtxWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddSecureMemoryCacheCallback", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AdjustCalendarDate", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AllocConsole", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="ApplicationRecoveryFinished", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="ApplicationRecoveryInProgress", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AreFileApisANSI", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AssignProcessToJobObject", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="AttachConsole", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BackupRead", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BackupSeek", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BackupWrite", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCheckAppcompatCacheExWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCheckAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseDestroyVDMEnvironment", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseDllReadWriteIniFile", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseDumpAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseElevationPostProcessing", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseFlushAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseFormatTimeOut", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.505] lstrcmpA (lpString1="BaseGenerateAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseInitAppcompatCacheSupportWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabledWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseIsDosApplication", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseQueryModuleData", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseReadAppCompatDataForProcessWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseSetLastNTError", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseThreadInitThunk", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseUpdateAppcompatCacheWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseUpdateVDMEntry", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseVerifyUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BaseWriteErrorElevationRequiredEvent", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="Basep8BitStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepAllocateActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepAnsiStringToDynamicUnicodeString", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepAppContainerEnvironmentExtension", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepCheckAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepCheckWebBladeHashes", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepCheckWinSaferRestrictions", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepConstructSxsCreateProcessMessage", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepCopyEncryption", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepFreeActivationContextActivationBlock", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepFreeAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepGetAppCompatData", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepGetComputerNameFromNtPath", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepGetExeArchType", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepIsProcessAllowed", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepMapModuleHandle", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepNotifyLoadStringResource", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepPostSuccessAppXExtension", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepProcessInvalidImage", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepQueryAppCompat", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepReleaseAppXContext", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepReleaseSxsCreateProcessUtilityStruct", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepReportFault", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BasepSetFileEncryptionCompression", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="Beep", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BeginUpdateResourceA", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BeginUpdateResourceW", lpString2="CreateProcessAsUserW") returned -1 [0262.506] lstrcmpA (lpString1="BindIoCompletionCallback", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="BuildCommDCBA", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsA", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="BuildCommDCBAndTimeoutsW", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="BuildCommDCBW", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CallNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CallNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelDeviceWakeupRequest", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelIo", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelIoEx", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckAllowDecryptedRemoteDestinationPolicy", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckElevation", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckElevationEnabled", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckForReadOnlyResource", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckForReadOnlyResourceFilter", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3A", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckNameLegalDOS8Dot3W", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckTokenCapability", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="ClearCommBreak", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="ClearCommError", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseConsoleHandle", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseHandle", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="ClosePackageInfo", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseProfileUserMapping", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseState", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpool", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CmdBatNotification", lpString2="CreateProcessAsUserW") returned -1 [0262.507] lstrcmpA (lpString1="CommConfigDialogA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CommConfigDialogW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CompareCalendarDates", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CompareFileTime", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CompareStringA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CompareStringEx", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CompareStringW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConsoleMenuControl", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertCalDateTimeToSystemTime", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertSystemTimeToCalDateTime", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyContext", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFile2", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFileA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFileExA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFileExW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyFileW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CopyLZFile", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateActCtxA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateActCtxW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateActCtxWWorker", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateBoundaryDescriptorA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateDirectoryA", lpString2="CreateProcessAsUserW") returned -1 [0262.508] lstrcmpA (lpString1="CreateDirectoryExA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateDirectoryTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateDirectoryTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateDirectoryW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateEventA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateEventExA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateEventExW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateEventW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFiber", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFiberEx", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFile2", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileMappingA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileMappingNumaA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileMappingW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateFileW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateHardLinkA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateHardLinkTransactedA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateHardLinkTransactedW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateHardLinkW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateJobObjectA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateJobObjectW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateJobSet", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMailslotA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMailslotW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMutexA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMutexExA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMutexExW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateMutexW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateNamedPipeA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreatePipe", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreatePrivateNamespaceA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateProcessA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserW") returned -1 [0262.509] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CreateProcessAsUserW") returned 0 [0262.509] VirtualProtect (in: lpAddress=0x7fff1f8db774, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x2) returned 1 [0262.510] VirtualProtect (in: lpAddress=0x7fff1f8c3a1c, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x20) returned 1 [0262.511] VirtualProtect (in: lpAddress=0x7fff1f8c3a1c, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x40) returned 1 [0262.511] VirtualProtect (in: lpAddress=0x7fff1f8db774, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x40) returned 1 [0262.511] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f660, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f660, ReturnLength=0x0) returned 0x0 [0262.511] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7fff1f7a0000 [0262.511] lstrcmpA (lpString1="A_SHAFinal", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="A_SHAInit", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="A_SHAUpdate", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AbortSystemShutdownA", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AbortSystemShutdownW", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AccessCheck", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AccessCheckAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AccessCheckByType", lpString2="CreateProcessAsUserA") returned -1 [0262.511] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmA", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddConditionalAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddMandatoryAce", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddUsersToEncryptedFile", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AddUsersToEncryptedFileEx", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditComputeEffectivePolicyBySid", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditComputeEffectivePolicyByToken", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditEnumerateCategories", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditEnumeratePerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditEnumerateSubCategories", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditFree", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditLookupCategoryGuidFromCategoryId", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditLookupCategoryIdFromCategoryGuid", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditLookupCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditLookupCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditLookupSubCategoryNameA", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditLookupSubCategoryNameW", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditQueryGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0262.512] lstrcmpA (lpString1="AuditQueryGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditQueryPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditQuerySecurity", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditQuerySystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditSetGlobalSaclA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditSetGlobalSaclW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditSetPerUserPolicy", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditSetSecurity", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="AuditSetSystemPolicy", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BackupEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BackupEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegCloseKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegCreateKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegDeleteKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegDeleteValue", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegFlushKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegGetVersion", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegOpenKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegRestoreKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegSaveKeyEx", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegSetKeySecurity", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegSetValue", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BaseRegUnLoadKey", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildImpersonateTrusteeA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildImpersonateTrusteeW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithNameA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithNameW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidA", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidW", lpString2="CreateProcessAsUserA") returned -1 [0262.513] lstrcmpA (lpString1="BuildTrusteeWithSidA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="BuildTrusteeWithSidW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CancelOverlappedAccess", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ChangeServiceConfig2A", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ChangeServiceConfig2W", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ChangeServiceConfigA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ChangeServiceConfigW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CheckForHiberboot", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CheckTokenMembership", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ClearEventLogA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ClearEventLogW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CloseCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CloseEncryptedFileRaw", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CloseEventLog", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CloseServiceHandle", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CloseThreadWaitChainSession", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CloseTrace", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="CommandLineFromMsiDescriptor", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ComputeAccessTokenFromCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ControlService", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ControlServiceExA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ControlServiceExW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ControlTraceA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ControlTraceW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSDToStringSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSidToStringSidA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertSidToStringSidW", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertStringSDToSDDomainA", lpString2="CreateProcessAsUserA") returned -1 [0262.514] lstrcmpA (lpString1="ConvertStringSDToSDDomainW", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainA", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainW", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertStringSidToSidA", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertStringSidToSidW", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="CopySid", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="CreateCodeAuthzLevel", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="CreateProcessAsUserA") returned -1 [0262.515] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CreateProcessAsUserA") returned 0 [0262.515] VirtualProtect (in: lpAddress=0x7fff1f82ba88, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x2) returned 1 [0262.515] VirtualProtect (in: lpAddress=0x7fff1f803800, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x20) returned 1 [0262.516] VirtualProtect (in: lpAddress=0x7fff1f803800, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x9b9f6c0 | out: lpflOldProtect=0x9b9f6c0*=0x40) returned 1 [0262.516] VirtualProtect (in: lpAddress=0x7fff1f82ba88, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x9b9f6c8 | out: lpflOldProtect=0x9b9f6c8*=0x40) returned 1 [0262.516] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f660, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f660, ReturnLength=0x0) returned 0x0 [0262.516] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x7fff1d3e0000 [0262.519] GetProcAddress (hModule=0x7fff1d3e0000, lpProcName="EnumProcessModules") returned 0x7fff1d3e1040 [0262.519] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xb55e480, cb=0x1000, lpcbNeeded=0x9b9f768 | out: lphModule=0xb55e480, lpcbNeeded=0x9b9f768) returned 1 [0262.521] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff6e4e10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7ff6e4e10000, AllocationBase=0x7ff6e4e10000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.521] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.522] lstrcmpiA (lpString1="wcschr", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="_get_errno", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_set_errno", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="memcpy_s", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="free", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="strchr", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="wcstombs", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="_wtoi", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_itow_s", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_wcsicmp", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="bsearch", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="wcsncpy_s", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="memset", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="ceil", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="floor", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="floorf", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="memcmp", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="sqrt", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="wcscspn", lpString2="CreateProcessW") returned 1 [0262.522] lstrcmpiA (lpString1="_wcstoui64", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_errno", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_onexit", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="__dllonexit", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_unlock", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_lock", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_commode", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_fmode", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_wcmdln", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="__C_specific_handler", lpString2="CreateProcessW") returned -1 [0262.522] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="__setusermatherr", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="_cexit", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="_exit", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="exit", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="__set_app_type", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="_snwprintf_s", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="_vsnwprintf_s", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="wcsspn", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="_amsg_exit", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="_XcptFilter", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="_CxxThrowException", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="realloc", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="wcsstr", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="memmove", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="malloc", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="_vsnwprintf", lpString2="CreateProcessW") returned -1 [0262.523] lstrcmpiA (lpString1="wcsrchr", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="wcscmp", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="FindResourceExW", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="LoadResource", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="LockResource", lpString2="CreateProcessW") returned 1 [0262.523] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="SizeofResource", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="GetModuleHandleA", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="LoadStringW", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="GetModuleFileNameW", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="LoadLibraryExA", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventEnabled", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventUnregister", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventSetInformation", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventRegister", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="EventWrite", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="OpenThreadToken", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="SetPriorityClass", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="SetProcessShutdownParameters", lpString2="CreateProcessW") returned 1 [0262.524] lstrcmpiA (lpString1="GetPriorityClass", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="TerminateThread", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="FlushInstructionCache", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="GetStartupInfoW", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="SetThreadPriority", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="OpenProcess", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="SetThreadPriorityBoost", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="GetCurrentThread", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="QueueUserAPC", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="TlsAlloc", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="GetThreadPriority", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="TlsSetValue", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="ResumeThread", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="TlsFree", lpString2="CreateProcessW") returned 1 [0262.525] lstrcmpiA (lpString1="CreateProcessW", lpString2="CreateProcessW") returned 0 [0262.525] VirtualProtect (in: lpAddress=0x7ff6e4fd88a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.526] VirtualProtect (in: lpAddress=0x7ff6e4fd88a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.526] lstrcmpiA (lpString1="wcschr", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="_get_errno", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="_set_errno", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="memcpy_s", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="free", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="strchr", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="wcstombs", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="_wtoi", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="_itow_s", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="_wcsicmp", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="bsearch", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="wcsncpy_s", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="memset", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="ceil", lpString2="CreateProcessA") returned -1 [0262.526] lstrcmpiA (lpString1="floor", lpString2="CreateProcessA") returned 1 [0262.526] lstrcmpiA (lpString1="floorf", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="memcmp", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="sqrt", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="wcscspn", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="_wcstoui64", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_errno", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_onexit", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="__dllonexit", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_unlock", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_lock", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_commode", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_fmode", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_wcmdln", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="__C_specific_handler", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_initterm", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="__setusermatherr", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_cexit", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_exit", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="exit", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="__set_app_type", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="__wgetmainargs", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_snwprintf_s", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_vsnwprintf_s", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="wcsspn", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="_amsg_exit", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_XcptFilter", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="memcpy", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="_CxxThrowException", lpString2="CreateProcessA") returned -1 [0262.527] lstrcmpiA (lpString1="realloc", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="wcsstr", lpString2="CreateProcessA") returned 1 [0262.527] lstrcmpiA (lpString1="memmove", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="malloc", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="_vsnwprintf", lpString2="CreateProcessA") returned -1 [0262.528] lstrcmpiA (lpString1="wcsrchr", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="wcscmp", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetProcAddress", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="FindResourceExW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="LoadResource", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="LockResource", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="SizeofResource", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetModuleHandleA", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="LoadStringW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="FreeLibrary", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetModuleFileNameW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="LoadLibraryExA", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventEnabled", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventUnregister", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventSetInformation", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventRegister", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="EventWrite", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="OpenThreadToken", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="SetPriorityClass", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="SetProcessShutdownParameters", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetPriorityClass", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="OpenProcessToken", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="TerminateThread", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="FlushInstructionCache", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="ExitProcess", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetStartupInfoW", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="SetThreadPriority", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="OpenProcess", lpString2="CreateProcessA") returned 1 [0262.528] lstrcmpiA (lpString1="SetThreadPriorityBoost", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetCurrentThread", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="QueueUserAPC", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="TlsAlloc", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetThreadPriority", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="TlsSetValue", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="ResumeThread", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="TlsFree", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CreateProcessW", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetExitCodeProcess", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="OpenThread", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CreateThread", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="TerminateProcess", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetProcessId", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="TlsGetValue", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="OutputDebugStringW", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="OutputDebugStringA", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetUserPreferredUILanguages", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetThreadUILanguage", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetUserGeoID", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetUserDefaultLangID", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="FormatMessageW", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="IsValidLocaleName", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="GetLocaleInfoW", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="PropVariantClear", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CoUninitialize", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="RoGetAgileReference", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CoSetProxyBlanket", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="IIDFromString", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CoCreateInstance", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="CoCreateGuid", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="CoGetStdMarshalEx", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="CreateStreamOnHGlobal", lpString2="CreateProcessA") returned 1 [0262.529] lstrcmpiA (lpString1="CoFreeUnusedLibraries", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="CoInitializeEx", lpString2="CreateProcessA") returned -1 [0262.529] lstrcmpiA (lpString1="CoGetApartmentType", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="StringFromIID", lpString2="CreateProcessA") returned 1 [0262.530] lstrcmpiA (lpString1="CoCreateFreeThreadedMarshaler", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoDisableCallCancellation", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoTaskMemAlloc", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoRevokeClassObject", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoTaskMemRealloc", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoRegisterClassObject", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoWaitForMultipleHandles", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoGetMalloc", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoTaskMemFree", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoMarshalInterThreadInterfaceInStream", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="StringFromGUID2", lpString2="CreateProcessA") returned 1 [0262.530] lstrcmpiA (lpString1="CoReleaseMarshalData", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoCancelCall", lpString2="CreateProcessA") returned -1 [0262.530] lstrcmpiA (lpString1="CoGetInterfaceAndReleaseStream", lpString2="CreateProcessA") returned -1 [0262.531] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f900000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f900000, AllocationBase=0x7fff1f900000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.531] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.531] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f850000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f850000, AllocationBase=0x7fff1f850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.531] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.531] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cdf0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1cdf0000, AllocationBase=0x7fff1cdf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.531] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.531] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a8f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a8f0000, AllocationBase=0x7fff1a8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.531] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.531] VirtualProtect (in: lpAddress=0x7fff1a92e1e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.531] VirtualProtect (in: lpAddress=0x7fff1a92e1e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.532] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f700000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f700000, AllocationBase=0x7fff1f700000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.532] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.532] VirtualProtect (in: lpAddress=0x7fff1f775428, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.533] VirtualProtect (in: lpAddress=0x7fff1f775428, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.533] VirtualProtect (in: lpAddress=0x7fff1f775420, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.533] VirtualProtect (in: lpAddress=0x7fff1f775420, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.533] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d540000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d540000, AllocationBase=0x7fff1d540000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.534] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.534] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d080000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d080000, AllocationBase=0x7fff1d080000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.534] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.535] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d8f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d8f0000, AllocationBase=0x7fff1d8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.535] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.535] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c350000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c350000, AllocationBase=0x7fff1c350000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.535] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.535] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1da90000, AllocationBase=0x7fff1da90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.535] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.535] VirtualProtect (in: lpAddress=0x7fff1db19728, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.536] VirtualProtect (in: lpAddress=0x7fff1db19728, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.536] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f500000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f500000, AllocationBase=0x7fff1f500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.536] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.537] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c420000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c420000, AllocationBase=0x7fff1c420000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.537] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.537] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f690000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f690000, AllocationBase=0x7fff1f690000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.537] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.538] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1df70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1df70000, AllocationBase=0x7fff1df70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.538] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.538] VirtualProtect (in: lpAddress=0x7fff1e5563b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.539] VirtualProtect (in: lpAddress=0x7fff1e5563b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.539] VirtualProtect (in: lpAddress=0x7fff1e5563e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.542] VirtualProtect (in: lpAddress=0x7fff1e5563e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.542] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c760000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c760000, AllocationBase=0x7fff1c760000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.542] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.543] VirtualProtect (in: lpAddress=0x7fff1cc02758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.543] VirtualProtect (in: lpAddress=0x7fff1cc02758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.543] VirtualProtect (in: lpAddress=0x7fff1cc026b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.544] VirtualProtect (in: lpAddress=0x7fff1cc026b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.544] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d600000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d600000, AllocationBase=0x7fff1d600000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.544] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.545] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c3c0000, AllocationBase=0x7fff1c3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.545] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.545] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c3a0000, AllocationBase=0x7fff1c3a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.545] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.545] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c4e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c4e0000, AllocationBase=0x7fff1c4e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.545] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.546] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c330000, AllocationBase=0x7fff1c330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.546] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.546] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18cd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18cd0000, AllocationBase=0x7fff18cd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.546] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.547] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ac00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ac00000, AllocationBase=0x7fff1ac00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.547] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.547] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a3a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a3a0000, AllocationBase=0x7fff1a3a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.547] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.547] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10640000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10640000, AllocationBase=0x7fff10640000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.547] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.548] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a0f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a0f0000, AllocationBase=0x7fff1a0f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.548] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.548] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a520000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a520000, AllocationBase=0x7fff1a520000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.548] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.549] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bf50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bf50000, AllocationBase=0x7fff1bf50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.549] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.549] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b940000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b940000, AllocationBase=0x7fff1b940000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.549] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.549] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ab10000, AllocationBase=0x7fff1ab10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.549] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.550] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a050000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a050000, AllocationBase=0x7fff1a050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.550] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.550] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aae0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aae0000, AllocationBase=0x7fff1aae0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.550] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.550] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d730000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d730000, AllocationBase=0x7fff1d730000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.550] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.551] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d790000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d790000, AllocationBase=0x7fff1d790000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.551] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.551] VirtualProtect (in: lpAddress=0x7fff1d871820, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.551] VirtualProtect (in: lpAddress=0x7fff1d871820, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.552] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c180000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c180000, AllocationBase=0x7fff1c180000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.552] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.552] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d3f0000, AllocationBase=0x7fff1d3f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.552] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.552] VirtualProtect (in: lpAddress=0x7fff1d4b3020, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.553] VirtualProtect (in: lpAddress=0x7fff1d4b3020, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.553] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cfd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1cfd0000, AllocationBase=0x7fff1cfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.553] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.553] VirtualProtect (in: lpAddress=0x7fff1d03a2a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.554] VirtualProtect (in: lpAddress=0x7fff1d03a2a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.555] VirtualProtect (in: lpAddress=0x7fff1d03a2b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.556] VirtualProtect (in: lpAddress=0x7fff1d03a2b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.556] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b4d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b4d0000, AllocationBase=0x7fff1b4d0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.556] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.556] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bc00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bc00000, AllocationBase=0x7fff1bc00000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.556] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.557] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c150000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c150000, AllocationBase=0x7fff1c150000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.557] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.557] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b850000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b850000, AllocationBase=0x7fff1b850000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.557] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.557] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bd70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bd70000, AllocationBase=0x7fff1bd70000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.557] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.558] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10c50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10c50000, AllocationBase=0x7fff10c50000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.558] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.558] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11ca0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11ca0000, AllocationBase=0x7fff11ca0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.558] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.558] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18980000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18980000, AllocationBase=0x7fff18980000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.558] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.559] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10620000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10620000, AllocationBase=0x7fff10620000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.559] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.559] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15d30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15d30000, AllocationBase=0x7fff15d30000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.559] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.559] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15c90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15c90000, AllocationBase=0x7fff15c90000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.560] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.560] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15ea0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15ea0000, AllocationBase=0x7fff15ea0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.560] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.560] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10530000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10530000, AllocationBase=0x7fff10530000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.560] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.560] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10460000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10460000, AllocationBase=0x7fff10460000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.561] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.561] VirtualProtect (in: lpAddress=0x7fff104e02a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.561] VirtualProtect (in: lpAddress=0x7fff104e02a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.562] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19360000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19360000, AllocationBase=0x7fff19360000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.562] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.562] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aa50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aa50000, AllocationBase=0x7fff1aa50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.562] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.562] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aa70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aa70000, AllocationBase=0x7fff1aa70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.562] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.562] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14a90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14a90000, AllocationBase=0x7fff14a90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.562] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.563] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff103f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff103f0000, AllocationBase=0x7fff103f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.563] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.563] VirtualProtect (in: lpAddress=0x7fff10400338, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.564] VirtualProtect (in: lpAddress=0x7fff10400338, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.564] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b380000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b380000, AllocationBase=0x7fff1b380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.564] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.564] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18e60000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18e60000, AllocationBase=0x7fff18e60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.564] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.564] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aca0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aca0000, AllocationBase=0x7fff1aca0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.564] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.565] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c3d0000, AllocationBase=0x7fff1c3d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.565] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.565] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10380000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10380000, AllocationBase=0x7fff10380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.565] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.565] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10330000, AllocationBase=0x7fff10330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.566] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.566] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff161b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff161b0000, AllocationBase=0x7fff161b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.566] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.566] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1acf0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1acf0000, AllocationBase=0x7fff1acf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.566] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.566] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0fea0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0fea0000, AllocationBase=0x7fff0fea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.566] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.569] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da20000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1da20000, AllocationBase=0x7fff1da20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.570] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f390000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f390000, AllocationBase=0x7fff0f390000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.570] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.572] VirtualProtect (in: lpAddress=0x7fff0f96c088, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.573] VirtualProtect (in: lpAddress=0x7fff0f96c088, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.573] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff16c20000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff16c20000, AllocationBase=0x7fff16c20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.573] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.575] VirtualProtect (in: lpAddress=0x7fff16ce9668, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.575] VirtualProtect (in: lpAddress=0x7fff16ce9668, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.576] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f340000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f340000, AllocationBase=0x7fff0f340000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.576] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.576] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f330000, AllocationBase=0x7fff0f330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.576] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.576] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cd90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1cd90000, AllocationBase=0x7fff1cd90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.576] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.576] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f120000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f120000, AllocationBase=0x7fff0f120000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.576] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.577] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a450000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a450000, AllocationBase=0x7fff1a450000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.577] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.577] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11100000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11100000, AllocationBase=0x7fff11100000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.577] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.577] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f000000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f000000, AllocationBase=0x7fff0f000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.577] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.578] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0efe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0efe0000, AllocationBase=0x7fff0efe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.578] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.578] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19c20000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19c20000, AllocationBase=0x7fff19c20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.578] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.578] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11b90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11b90000, AllocationBase=0x7fff11b90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.578] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.579] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ef00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ef00000, AllocationBase=0x7fff0ef00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.579] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.579] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b5f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b5f0000, AllocationBase=0x7fff1b5f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.579] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.579] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12910000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12910000, AllocationBase=0x7fff12910000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.579] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.579] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b5e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b5e0000, AllocationBase=0x7fff1b5e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.579] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.579] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0eeb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0eeb0000, AllocationBase=0x7fff0eeb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.579] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.580] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0eea0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0eea0000, AllocationBase=0x7fff0eea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.580] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.580] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18200000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18200000, AllocationBase=0x7fff18200000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.580] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.580] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff16de0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff16de0000, AllocationBase=0x7fff16de0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.580] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.580] VirtualProtect (in: lpAddress=0x7fff16e883e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.581] VirtualProtect (in: lpAddress=0x7fff16e883e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.581] VirtualProtect (in: lpAddress=0x7fff16e88390, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.582] VirtualProtect (in: lpAddress=0x7fff16e88390, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.582] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19120000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19120000, AllocationBase=0x7fff19120000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.582] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.582] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18160000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18160000, AllocationBase=0x7fff18160000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.582] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.582] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a3f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a3f0000, AllocationBase=0x7fff1a3f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.582] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.582] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ebe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ebe0000, AllocationBase=0x7fff0ebe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.583] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.583] VirtualProtect (in: lpAddress=0x7fff0ec78320, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.583] VirtualProtect (in: lpAddress=0x7fff0ec78320, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.583] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14470000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14470000, AllocationBase=0x7fff14470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.583] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.584] VirtualProtect (in: lpAddress=0x7fff146544c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.584] VirtualProtect (in: lpAddress=0x7fff146544c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.584] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14a80000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14a80000, AllocationBase=0x7fff14a80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.584] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.585] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e8c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e8c0000, AllocationBase=0x7fff0e8c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.585] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.585] VirtualProtect (in: lpAddress=0x7fff0ea3c498, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.585] VirtualProtect (in: lpAddress=0x7fff0ea3c498, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.585] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e8a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e8a0000, AllocationBase=0x7fff0e8a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.585] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.585] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e800000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e800000, AllocationBase=0x7fff0e800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.585] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.585] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff167a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff167a0000, AllocationBase=0x7fff167a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.585] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.585] VirtualProtect (in: lpAddress=0x7fff1684a398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.586] VirtualProtect (in: lpAddress=0x7fff1684a398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.586] VirtualProtect (in: lpAddress=0x7fff1684a3a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.587] VirtualProtect (in: lpAddress=0x7fff1684a3a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.587] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e650000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e650000, AllocationBase=0x7fff0e650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.587] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.587] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14d10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14d10000, AllocationBase=0x7fff14d10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.587] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.587] VirtualProtect (in: lpAddress=0x7fff14f7c190, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.588] VirtualProtect (in: lpAddress=0x7fff14f7c190, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.588] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x6830000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x6830000, AllocationBase=0x6830000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x883000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.588] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.588] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e610000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e610000, AllocationBase=0x7fff0e610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.588] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.588] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1dda0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1dda0000, AllocationBase=0x7fff1dda0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.588] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.588] VirtualProtect (in: lpAddress=0x7fff1de4f568, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.589] VirtualProtect (in: lpAddress=0x7fff1de4f568, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.589] VirtualProtect (in: lpAddress=0x7fff1de4f5c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.589] VirtualProtect (in: lpAddress=0x7fff1de4f5c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.590] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e590000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e590000, AllocationBase=0x7fff0e590000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.590] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.590] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d6c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d6c0000, AllocationBase=0x7fff1d6c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.590] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.590] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1dbe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1dbe0000, AllocationBase=0x7fff1dbe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.590] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.590] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e4b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e4b0000, AllocationBase=0x7fff0e4b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.590] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.590] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15470000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15470000, AllocationBase=0x7fff15470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.590] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.591] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e420000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e420000, AllocationBase=0x7fff0e420000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.591] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.591] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e3d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e3d0000, AllocationBase=0x7fff0e3d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.591] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.591] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14720000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14720000, AllocationBase=0x7fff14720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.591] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.591] VirtualProtect (in: lpAddress=0x7fff14814528, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.592] VirtualProtect (in: lpAddress=0x7fff14814528, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.592] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e250000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e250000, AllocationBase=0x7fff0e250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.592] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.592] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12580000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12580000, AllocationBase=0x7fff12580000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.592] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.592] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b6d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b6d0000, AllocationBase=0x7fff1b6d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.592] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.592] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10780000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10780000, AllocationBase=0x7fff10780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.592] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.593] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e0c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e0c0000, AllocationBase=0x7fff0e0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.593] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.593] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12330000, AllocationBase=0x7fff12330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.593] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.593] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e090000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e090000, AllocationBase=0x7fff0e090000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.593] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.593] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0dfd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0dfd0000, AllocationBase=0x7fff0dfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.593] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.593] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19a00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19a00000, AllocationBase=0x7fff19a00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.593] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.593] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff199e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff199e0000, AllocationBase=0x7fff199e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.593] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12dd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12dd0000, AllocationBase=0x7fff12dd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0de50000, AllocationBase=0x7fff0de50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19de0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19de0000, AllocationBase=0x7fff19de0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19bd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19bd0000, AllocationBase=0x7fff19bd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0de30000, AllocationBase=0x7fff0de30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b030000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b030000, AllocationBase=0x7fff1b030000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.594] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14410000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14410000, AllocationBase=0x7fff14410000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.594] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff125b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff125b0000, AllocationBase=0x7fff125b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bba0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bba0000, AllocationBase=0x7fff1bba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0de10000, AllocationBase=0x7fff0de10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b9a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b9a0000, AllocationBase=0x7fff1b9a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ddb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ddb0000, AllocationBase=0x7fff0ddb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d660000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d660000, AllocationBase=0x7fff1d660000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.595] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff194e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff194e0000, AllocationBase=0x7fff194e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.595] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.596] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1be40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1be40000, AllocationBase=0x7fff1be40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.596] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.596] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1be00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1be00000, AllocationBase=0x7fff1be00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.596] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.596] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b7b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b7b0000, AllocationBase=0x7fff1b7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.596] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.596] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff186e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff186e0000, AllocationBase=0x7fff186e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.596] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.596] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14320000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14320000, AllocationBase=0x7fff14320000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.596] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.596] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b6f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0b6f0000, AllocationBase=0x7fff0b6f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.596] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.597] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10ba0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10ba0000, AllocationBase=0x7fff10ba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.597] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.597] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15fe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15fe0000, AllocationBase=0x7fff15fe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.597] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.597] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15fb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15fb0000, AllocationBase=0x7fff15fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.597] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.597] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff189e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff189e0000, AllocationBase=0x7fff189e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.597] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.597] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b280000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0b280000, AllocationBase=0x7fff0b280000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.597] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.597] VirtualProtect (in: lpAddress=0x7fff0b2aa858, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.598] VirtualProtect (in: lpAddress=0x7fff0b2aa858, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.598] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b080000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0b080000, AllocationBase=0x7fff0b080000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.598] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.598] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19780000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19780000, AllocationBase=0x7fff19780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.598] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.598] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0db10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0db10000, AllocationBase=0x7fff0db10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.598] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.599] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0da70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0da70000, AllocationBase=0x7fff0da70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.599] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.599] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0da30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0da30000, AllocationBase=0x7fff0da30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.599] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.599] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c1f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c1f0000, AllocationBase=0x7fff1c1f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.599] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.599] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11b40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11b40000, AllocationBase=0x7fff11b40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.599] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.600] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0af40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0af40000, AllocationBase=0x7fff0af40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.600] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.600] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18310000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18310000, AllocationBase=0x7fff18310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.600] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.600] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18f50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18f50000, AllocationBase=0x7fff18f50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.600] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.600] VirtualProtect (in: lpAddress=0x7fff18f9a400, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.601] VirtualProtect (in: lpAddress=0x7fff18f9a400, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.601] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0aec0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0aec0000, AllocationBase=0x7fff0aec0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.601] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.602] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ae30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ae30000, AllocationBase=0x7fff0ae30000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.602] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.602] VirtualProtect (in: lpAddress=0x7fff0ae772d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.602] VirtualProtect (in: lpAddress=0x7fff0ae772d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.602] VirtualProtect (in: lpAddress=0x7fff0ae77298, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.603] VirtualProtect (in: lpAddress=0x7fff0ae77298, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.603] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0adb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0adb0000, AllocationBase=0x7fff0adb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.603] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ad60000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ad60000, AllocationBase=0x7fff0ad60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ad40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ad40000, AllocationBase=0x7fff0ad40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0d970000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0d970000, AllocationBase=0x7fff0d970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0acb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0acb0000, AllocationBase=0x7fff0acb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ac60000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ac60000, AllocationBase=0x7fff0ac60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19140000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19140000, AllocationBase=0x7fff19140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.604] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0aa10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0aa10000, AllocationBase=0x7fff0aa10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.604] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.605] VirtualProtect (in: lpAddress=0x7fff0aae58a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.605] VirtualProtect (in: lpAddress=0x7fff0aae58a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.607] VirtualProtect (in: lpAddress=0x7fff0aae5870, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.607] VirtualProtect (in: lpAddress=0x7fff0aae5870, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.608] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ceb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ceb0000, AllocationBase=0x7fff0ceb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.608] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.608] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ce80000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ce80000, AllocationBase=0x7fff0ce80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.608] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.608] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0a5e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0a5e0000, AllocationBase=0x7fff0a5e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.609] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.609] VirtualProtect (in: lpAddress=0x7fff0a613428, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x2) returned 1 [0262.610] VirtualProtect (in: lpAddress=0x7fff0a613428, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.610] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11c00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11c00000, AllocationBase=0x7fff11c00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.610] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.610] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08920000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08920000, AllocationBase=0x7fff08920000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.610] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.610] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12290000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12290000, AllocationBase=0x7fff12290000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.611] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.611] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18820000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18820000, AllocationBase=0x7fff18820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.611] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.611] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18800000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18800000, AllocationBase=0x7fff18800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.611] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.611] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14430000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14430000, AllocationBase=0x7fff14430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.611] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.611] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff088a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff088a0000, AllocationBase=0x7fff088a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.611] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.612] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08880000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08880000, AllocationBase=0x7fff08880000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.612] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.612] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08840000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08840000, AllocationBase=0x7fff08840000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.612] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.612] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18ff0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18ff0000, AllocationBase=0x7fff18ff0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.612] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.612] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08800000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08800000, AllocationBase=0x7fff08800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.612] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.613] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08730000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08730000, AllocationBase=0x7fff08730000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.613] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.613] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08720000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08720000, AllocationBase=0x7fff08720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.613] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.613] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff086d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff086d0000, AllocationBase=0x7fff086d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.613] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.614] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12100000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12100000, AllocationBase=0x7fff12100000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.614] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.614] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08380000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08380000, AllocationBase=0x7fff08380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.614] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.614] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12070000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12070000, AllocationBase=0x7fff12070000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.614] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.614] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff082e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff082e0000, AllocationBase=0x7fff082e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.614] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.615] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08240000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08240000, AllocationBase=0x7fff08240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.615] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.615] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff151d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff151d0000, AllocationBase=0x7fff151d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.615] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.615] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0c3d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0c3d0000, AllocationBase=0x7fff0c3d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.615] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.615] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ab70000, AllocationBase=0x7fff1ab70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.615] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.615] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ab40000, AllocationBase=0x7fff1ab40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.615] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.615] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12050000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12050000, AllocationBase=0x7fff12050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.615] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.616] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d3e0000, AllocationBase=0x7fff1d3e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.616] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6b0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6b0, ReturnLength=0x0) returned 0x0 [0262.616] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xb55e480, nSize=0x104 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0262.616] GetProcAddress (hModule=0x7fff1f690000, lpProcName="StrStrIW") returned 0x7fff1f69b260 [0262.616] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="electrum-") returned 0x0 [0262.616] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="bitcoin") returned 0x0 [0262.616] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="multibit-hd") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="bither") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="msigna.") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="Jaxx.") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="JEdudus.") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="armory-") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="veracrypt") returned 0x0 [0262.617] StrStrIW (lpFirst="C:\\Windows\\Explorer.EXE", lpSrch="truecrypt") returned 0x0 [0262.617] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x9b9f750 | out: phkResult=0x9b9f750*=0x1448) returned 0x0 [0262.617] RegQueryValueExA (in: hKey=0x1448, lpValueName="Install", lpReserved=0x0, lpType=0x9b9f6c0, lpData=0x0, lpcbData=0x9b9f740*=0x74 | out: lpType=0x9b9f6c0*=0x3, lpData=0x0, lpcbData=0x9b9f740*=0x76) returned 0x0 [0262.617] RegQueryValueExA (in: hKey=0x1448, lpValueName="Install", lpReserved=0x0, lpType=0x9b9f6c0, lpData=0xb55fe40, lpcbData=0x9b9f740*=0x76 | out: lpType=0x9b9f6c0*=0x3, lpData=0xb55fe40*, lpcbData=0x9b9f740*=0x76) returned 0x0 [0262.617] RegCloseKey (hKey=0x1448) returned 0x0 [0262.617] CreateFileW (lpFileName="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" (normalized: "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adsldraw\\autoclb.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1448 [0262.617] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x9b9f6b8 | out: phkResult=0x9b9f6b8*=0x140c) returned 0x0 [0262.618] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegEnumValueW") returned 0x7fff1f7b7220 [0262.618] RegEnumValueW (in: hKey=0x140c, dwIndex=0x0, lpValueName=0xb55e690, lpcchValueName=0x9b9f6b0, lpReserved=0x0, lpType=0x9b9f6b4, lpData=0xb55e898, lpcbData=0x9b9f708 | out: lpValueName="cabilipc", lpcchValueName=0x9b9f6b0, lpType=0x9b9f6b4, lpData=0xb55e898, lpcbData=0x9b9f708) returned 0x0 [0262.618] StrStrIW (lpFirst="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe", lpSrch="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe") returned="C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\adsldraw\\autoclb.exe" [0262.618] RegCloseKey (hKey=0x140c) returned 0x0 [0262.618] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", phkResult=0x9b9f7a0 | out: phkResult=0x9b9f7a0*=0x140c) returned 0x0 [0262.618] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegSetValueExA") returned 0x7fff1f7a2680 [0262.619] RegSetValueExA (in: hKey=0x140c, lpValueName="EnableSPDY3_0", Reserved=0x0, dwType=0x4, lpData=0x9b9f798*=0x0, cbData=0x4 | out: lpData=0x9b9f798*=0x0) returned 0x0 [0262.619] RegCloseKey (hKey=0x140c) returned 0x0 [0262.619] GetModuleHandleA (lpModuleName="kernelbase") returned 0x7fff1cdf0000 [0262.619] lstrcmpA (lpString1="AccessCheck", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AccessCheckByType", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AcquireSRWLockExclusive", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AcquireSRWLockShared", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AcquireStateLock", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="ActivateActCtx", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="RegGetValueW") returned -1 [0262.619] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddDllDirectory", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddMandatoryAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddRefActCtx", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddResourceAttributeAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddSIDToBoundaryDescriptor", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddScopedPolicyIDAce", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddVectoredContinueHandler", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AddVectoredExceptionHandler", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AllocConsole", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AllocateUserPhysicalPages", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AllocateUserPhysicalPagesNuma", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppContainerDeriveSidFromMoniker", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppContainerFreeMemory", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppContainerLookupDisplayNameMrtReference", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppContainerLookupMoniker", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppContainerRegisterSid", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppContainerUnregisterSid", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXFreeMemory", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXGetApplicationData", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXGetDevelopmentMode", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXGetOSMaxVersionTested", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXGetOSMinVersion", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXGetPackageCapabilities", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXGetPackageSid", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXLookupDisplayName", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXLookupMoniker", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXPostSuccessExtension", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXPreCreationExtension", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXReleaseAppXContext", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AppXUpdatePackageCapabilities", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="ApplicationUserModelIdFromProductId", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="RegGetValueW") returned -1 [0262.620] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="AreFileApisANSI", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="AreThereVisibleLogoffScriptsInternal", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="AreThereVisibleShutdownScriptsInternal", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="AttachConsole", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseCheckAppcompatCache", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseCheckAppcompatCacheEx", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseCleanupAppcompatCacheSupport", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseDllFreeResourceId", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseDllMapResourceIdW", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseDumpAppcompatCache", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseFlushAppcompatCache", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseFormatObjectAttributes", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseFreeAppCompatDataForProcess", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseGetNamedObjectDirectory", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseInitAppcompatCacheSupport", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseIsAppcompatInfrastructureDisabled", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseMarkFileForDelete", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseReadAppCompatDataForProcess", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BaseUpdateAppcompatCache", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BasepAdjustObjectAttributesForPrivateNamespace", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BasepCopyFileCallback", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BasepCopyFileExW", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="BasepNotifyTrackingService", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="Beep", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CLOSE_LOCAL_HANDLE_INTERNAL", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CallbackMayRunLong", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CalloutOnFiberStack", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CancelIo", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CancelIoEx", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CancelSynchronousIo", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CancelThreadpoolIo", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CancelWaitableTimer", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CeipIsOptedIn", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="ChangeTimerQueueTimer", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharLowerA", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharLowerBuffA", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharLowerBuffW", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharLowerW", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharNextA", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharNextExA", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharNextW", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharPrevA", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharPrevExA", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharPrevW", lpString2="RegGetValueW") returned -1 [0262.621] lstrcmpA (lpString1="CharUpperA", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CharUpperBuffA", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CharUpperBuffW", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CharUpperW", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CheckGroupPolicyEnabled", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CheckIfStateChangeNotificationExists", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CheckRemoteDebuggerPresent", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CheckTokenCapability", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CheckTokenMembership", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CheckTokenMembershipEx", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ChrCmpIA", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ChrCmpIW", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ClearCommBreak", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ClearCommError", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseGlobalizationUserSettingsKey", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseHandle", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ClosePackageInfo", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ClosePrivateNamespace", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseState", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseStateAtom", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseStateChangeNotification", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseStateContainer", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseStateLock", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpool", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpoolCleanupGroup", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpoolCleanupGroupMembers", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpoolIo", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpoolWait", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CloseThreadpoolWork", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CommitStateAtom", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CompareFileTime", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CompareObjectHandles", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CompareStringA", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CompareStringEx", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CompareStringOrdinal", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CompareStringW", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ConnectNamedPipe", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ContinueDebugEvent", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ConvertDefaultLocale", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ConvertFiberToThread", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ConvertThreadToFiber", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ConvertThreadToFiberEx", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CopyContext", lpString2="RegGetValueW") returned -1 [0262.622] lstrcmpA (lpString1="CopyFile2", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CopyFileExW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CopyFileW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CopySid", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateActCtxW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateAppContainerToken", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateBoundaryDescriptorW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateConsoleScreenBuffer", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateDirectoryA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateDirectoryExW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateDirectoryW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateEventA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateEventExA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateEventExW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateEventW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFiber", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFiberEx", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFile2", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFileA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFileMappingFromApp", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFileMappingNumaW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFileMappingW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateFileW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateHardLinkA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateHardLinkW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateIoCompletionPort", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateMemoryResourceNotification", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateMutexA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateMutexExA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateMutexExW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateMutexW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateNamedPipeW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreatePipe", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreatePrivateNamespaceW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateProcessA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateProcessInternalA", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateProcessInternalW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateProcessW", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateRemoteThread", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateRemoteThreadEx", lpString2="RegGetValueW") returned -1 [0262.623] lstrcmpA (lpString1="CreateRestrictedToken", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateSemaphoreExW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateSemaphoreW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateStateAtom", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateStateChangeNotification", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateStateContainer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateStateLock", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateStateSubcontainer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateSymbolicLinkW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThread", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThreadpool", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThreadpoolCleanupGroup", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThreadpoolIo", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThreadpoolWait", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateThreadpoolWork", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateTimerQueue", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateTimerQueueTimer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateWaitableTimerExW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateWaitableTimerW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CreateWellKnownSid", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="CtrlRoutine", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeactivateActCtx", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DebugActiveProcess", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DebugActiveProcessStop", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DebugBreak", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DecodePointer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DecodeRemotePointer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DecodeSystemPointer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DefineDosDeviceW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DelayLoadFailureHook", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DelayLoadFailureHookLookup", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteAce", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteBoundaryDescriptor", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteCriticalSection", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteFiber", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteFileA", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteFileW", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteProcThreadAttributeList", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteStateAtomValue", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteStateContainer", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteStateContainerValue", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteSynchronizationBarrier", lpString2="RegGetValueW") returned -1 [0262.624] lstrcmpA (lpString1="DeleteTimerQueueEx", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DeleteTimerQueueTimer", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DeleteVolumeMountPointW", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DestroyPrivateObjectSecurity", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DeviceIoControl", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DisablePredefinedHandleTableInternal", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DisableThreadLibraryCalls", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DisassociateCurrentThreadFromCallback", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DiscardVirtualMemory", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DisconnectNamedPipe", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DnsHostnameToComputerNameExW", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DsBindWithSpnExW", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DsCrackNamesW", lpString2="RegGetValueW") returned -1 [0262.625] lstrcmpA (lpString1="DsFreeDomainControllerInfoW", lpString2="RegGetValueW") returned -1 [0262.627] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xb461400, cb=0x1000, lpcbNeeded=0x9b9f6d8 | out: lphModule=0xb461400, lpcbNeeded=0x9b9f6d8) returned 1 [0262.629] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff6e4e10000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7ff6e4e10000, AllocationBase=0x7ff6e4e10000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.629] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.629] lstrcmpiA (lpString1="wcschr", lpString2="RegGetValueW") returned 1 [0262.629] lstrcmpiA (lpString1="_get_errno", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="_set_errno", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="memcpy_s", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="free", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="strchr", lpString2="RegGetValueW") returned 1 [0262.629] lstrcmpiA (lpString1="wcstombs", lpString2="RegGetValueW") returned 1 [0262.629] lstrcmpiA (lpString1="_wtoi", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="_itow_s", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="_wcsicmp", lpString2="RegGetValueW") returned -1 [0262.629] lstrcmpiA (lpString1="bsearch", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="wcsncpy_s", lpString2="RegGetValueW") returned 1 [0262.630] lstrcmpiA (lpString1="memset", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="ceil", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="floor", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="floorf", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="memcmp", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="sqrt", lpString2="RegGetValueW") returned 1 [0262.630] lstrcmpiA (lpString1="wcscspn", lpString2="RegGetValueW") returned 1 [0262.630] lstrcmpiA (lpString1="_wcstoui64", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_errno", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="??1type_info@@UEAA@XZ", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_onexit", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="__dllonexit", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_unlock", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_lock", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="?terminate@@YAXXZ", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_commode", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_fmode", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_wcmdln", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="__C_specific_handler", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_initterm", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="__setusermatherr", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_cexit", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_exit", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="exit", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="__set_app_type", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="__wgetmainargs", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_snwprintf_s", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_vsnwprintf_s", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="wcsspn", lpString2="RegGetValueW") returned 1 [0262.630] lstrcmpiA (lpString1="_amsg_exit", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_XcptFilter", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="?what@exception@@UEBAPEBDXZ", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="??1exception@@UEAA@XZ", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="??0exception@@QEAA@AEBV0@@Z", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBDH@Z", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="??0exception@@QEAA@AEBQEBD@Z", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="memcpy", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="__CxxFrameHandler3", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_CxxThrowException", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="realloc", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="wcsstr", lpString2="RegGetValueW") returned 1 [0262.630] lstrcmpiA (lpString1="memmove", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="malloc", lpString2="RegGetValueW") returned -1 [0262.630] lstrcmpiA (lpString1="_vsnwprintf", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="wcsrchr", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="wcscmp", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="GetModuleHandleExW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetModuleFileNameA", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetProcAddress", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="FindResourceExW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="LoadResource", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="LockResource", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetModuleHandleW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="SizeofResource", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="LoadLibraryExW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetModuleHandleA", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="LoadStringW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="FreeLibrary", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetModuleFileNameW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="LoadLibraryExA", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="FreeLibraryAndExitThread", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventEnabled", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventActivityIdControl", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventUnregister", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventSetInformation", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventWriteTransfer", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventRegister", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="EventWrite", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="OpenThreadToken", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="SetPriorityClass", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="SetProcessShutdownParameters", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="GetPriorityClass", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="OpenProcessToken", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="TerminateThread", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="FlushInstructionCache", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="ExitProcess", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetStartupInfoW", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetCurrentProcessId", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="SetThreadPriority", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="OpenProcess", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="SetThreadPriorityBoost", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="GetCurrentThread", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="QueueUserAPC", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="TlsAlloc", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="GetCurrentProcess", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="GetThreadPriority", lpString2="RegGetValueW") returned -1 [0262.631] lstrcmpiA (lpString1="TlsSetValue", lpString2="RegGetValueW") returned 1 [0262.631] lstrcmpiA (lpString1="ResumeThread", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="GetCurrentThreadId", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="TlsFree", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="CreateProcessW", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="GetExitCodeProcess", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="OpenThread", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CreateThread", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="TerminateProcess", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="GetProcessId", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="TlsGetValue", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="OutputDebugStringW", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="OutputDebugStringA", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="GetUserPreferredUILanguages", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="GetThreadUILanguage", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="GetUserGeoID", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="GetUserDefaultLangID", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="FormatMessageW", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="IsValidLocaleName", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="GetLocaleInfoW", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoInitializeSecurity", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="PropVariantClear", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoUninitialize", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="RoGetAgileReference", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="CoSetProxyBlanket", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="IIDFromString", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoCreateInstance", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoCreateGuid", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoGetStdMarshalEx", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CreateStreamOnHGlobal", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoFreeUnusedLibraries", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoInitializeEx", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoGetApartmentType", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="StringFromIID", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="CoCreateFreeThreadedMarshaler", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoDisableCallCancellation", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoTaskMemAlloc", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoRevokeClassObject", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoTaskMemRealloc", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoRegisterClassObject", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoWaitForMultipleHandles", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoGetMalloc", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoTaskMemFree", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="CoMarshalInterThreadInterfaceInStream", lpString2="RegGetValueW") returned -1 [0262.632] lstrcmpiA (lpString1="StringFromGUID2", lpString2="RegGetValueW") returned 1 [0262.632] lstrcmpiA (lpString1="CoReleaseMarshalData", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CoCancelCall", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CoGetInterfaceAndReleaseStream", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CoEnableCallCancellation", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CLSIDFromString", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CoGetCallContext", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="SetUnhandledExceptionFilter", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="SetLastError", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="SetErrorMode", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="GetLastError", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="RaiseException", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="UnhandledExceptionFilter", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="ReleaseSRWLockExclusive", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="AcquireSRWLockExclusive", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="OpenSemaphoreW", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="WaitForSingleObject", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="CreateEventExW", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="InitializeSRWLock", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="SetEvent", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="ReleaseSemaphore", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="Sleep", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="InitOnceBeginInitialize", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="InitOnceComplete", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="OpenEventW", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="InitOnceExecuteOnce", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="WaitForSingleObjectEx", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="LeaveCriticalSection", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="EnterCriticalSection", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CreateEventW", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="InitializeCriticalSectionEx", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="ReleaseSRWLockShared", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="SleepEx", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="ResetEvent", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="WaitForMultipleObjectsEx", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="OpenMutexW", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="ReleaseMutex", lpString2="RegGetValueW") returned 1 [0262.633] lstrcmpiA (lpString1="CreateMutexW", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="DeleteCriticalSection", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="AcquireSRWLockShared", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="InitializeCriticalSection", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CreateThreadpoolWait", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="CreateThreadpoolWork", lpString2="RegGetValueW") returned -1 [0262.633] lstrcmpiA (lpString1="SubmitThreadpoolWork", lpString2="RegGetValueW") returned 1 [0262.634] lstrcmpiA (lpString1="CreateThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="SetThreadpoolWait", lpString2="RegGetValueW") returned 1 [0262.634] lstrcmpiA (lpString1="TrySubmitThreadpoolCallback", lpString2="RegGetValueW") returned 1 [0262.634] lstrcmpiA (lpString1="SetThreadpoolTimer", lpString2="RegGetValueW") returned 1 [0262.634] lstrcmpiA (lpString1="WaitForThreadpoolTimerCallbacks", lpString2="RegGetValueW") returned 1 [0262.634] lstrcmpiA (lpString1="CloseThreadpoolTimer", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="CallbackMayRunLong", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="FreeLibraryWhenCallbackReturns", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="CloseHandle", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="DuplicateHandle", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetSystemTimeAsFileTime", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetOsSafeBootMode", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetSystemTime", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetWindowsDirectoryW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetTickCount64", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetVersionExW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetSystemDirectoryW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetProductInfo", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetTickCount", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="GetLocalTime", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="CreateSemaphoreW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegDeleteValueW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegCreateKeyExW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegEnumValueW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegDeleteTreeW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegEnumKeyExW", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegQueryInfoKeyW", lpString2="RegGetValueW") returned 1 [0262.634] lstrcmpiA (lpString1="RegCloseKey", lpString2="RegGetValueW") returned -1 [0262.634] lstrcmpiA (lpString1="RegGetValueW", lpString2="RegGetValueW") returned 0 [0262.634] VirtualProtect (in: lpAddress=0x7ff6e4fd8938, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.635] VirtualProtect (in: lpAddress=0x7ff6e4fd8938, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f900000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1f900000, AllocationBase=0x7fff1f900000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f850000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1f850000, AllocationBase=0x7fff1f850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cdf0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1cdf0000, AllocationBase=0x7fff1cdf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.635] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a8f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a8f0000, AllocationBase=0x7fff1a8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.635] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.635] lstrcmpiA (lpString1="RtlVirtualUnwind", lpString2="RegGetValueW") returned 1 [0262.635] lstrcmpiA (lpString1="RtlLookupFunctionEntry", lpString2="RegGetValueW") returned 1 [0262.635] lstrcmpiA (lpString1="RtlCaptureContext", lpString2="RegGetValueW") returned 1 [0262.635] lstrcmpiA (lpString1="RtlGUIDFromString", lpString2="RegGetValueW") returned 1 [0262.635] lstrcmpiA (lpString1="RtlInitString", lpString2="RegGetValueW") returned 1 [0262.635] lstrcmpiA (lpString1="NlsMbCodePageTag", lpString2="RegGetValueW") returned -1 [0262.635] lstrcmpiA (lpString1="RtlxAnsiStringToUnicodeSize", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlUpcaseUnicodeString", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlUpcaseUnicodeChar", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="toupper", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="wcschr", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlReAllocateHeap", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwClose", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="sprintf_s", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="strchr", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlInitAnsiString", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="strcpy_s", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlEqualString", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="wcscpy_s", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="wcscat_s", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlDosPathNameToNtPathName_U_WithStatus", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwCreateFile", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwQueryInformationFile", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwUnmapViewOfSection", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwMapViewOfSection", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwCreateSection", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlAppendUnicodeStringToString", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlDoesFileExists_U", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwQueryInformationToken", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwOpenKey", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwQueryValueKey", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwCreateKey", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="RtlGetFullPathName_UEx", lpString2="RegGetValueW") returned 1 [0262.636] lstrcmpiA (lpString1="ZwQueryInformationProcess", lpString2="RegGetValueW") returned 1 [0262.636] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f700000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1f700000, AllocationBase=0x7fff1f700000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.636] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.636] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d540000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d540000, AllocationBase=0x7fff1d540000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.636] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.636] VirtualProtect (in: lpAddress=0x7fff1d5cb398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.637] VirtualProtect (in: lpAddress=0x7fff1d5cb398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.637] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d080000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d080000, AllocationBase=0x7fff1d080000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.637] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.637] VirtualProtect (in: lpAddress=0x7fff1d22e6d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.638] VirtualProtect (in: lpAddress=0x7fff1d22e6d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.638] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d8f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d8f0000, AllocationBase=0x7fff1d8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.638] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.638] VirtualProtect (in: lpAddress=0x7fff1d9d4270, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.639] VirtualProtect (in: lpAddress=0x7fff1d9d4270, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.639] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c350000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c350000, AllocationBase=0x7fff1c350000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.639] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.639] VirtualProtect (in: lpAddress=0x7fff1c362188, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.639] VirtualProtect (in: lpAddress=0x7fff1c362188, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.639] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da90000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1da90000, AllocationBase=0x7fff1da90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.639] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.639] VirtualProtect (in: lpAddress=0x7fff1db19778, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.640] VirtualProtect (in: lpAddress=0x7fff1db19778, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.640] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f500000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1f500000, AllocationBase=0x7fff1f500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.640] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.640] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c420000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c420000, AllocationBase=0x7fff1c420000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.640] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.640] VirtualProtect (in: lpAddress=0x7fff1c499380, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.641] VirtualProtect (in: lpAddress=0x7fff1c499380, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.641] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f690000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1f690000, AllocationBase=0x7fff1f690000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.641] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.641] VirtualProtect (in: lpAddress=0x7fff1f6ba580, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.641] VirtualProtect (in: lpAddress=0x7fff1f6ba580, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.642] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1df70000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1df70000, AllocationBase=0x7fff1df70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.642] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.642] VirtualProtect (in: lpAddress=0x7fff1e5564d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.642] VirtualProtect (in: lpAddress=0x7fff1e5564d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.642] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c760000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c760000, AllocationBase=0x7fff1c760000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.642] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.642] VirtualProtect (in: lpAddress=0x7fff1cc027a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.643] VirtualProtect (in: lpAddress=0x7fff1cc027a0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.643] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f7a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1f7a0000, AllocationBase=0x7fff1f7a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.643] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.643] VirtualProtect (in: lpAddress=0x7fff1f804630, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.644] VirtualProtect (in: lpAddress=0x7fff1f804630, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d600000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d600000, AllocationBase=0x7fff1d600000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3c0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c3c0000, AllocationBase=0x7fff1c3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.644] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c3a0000, AllocationBase=0x7fff1c3a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.644] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.644] VirtualProtect (in: lpAddress=0x7fff1c3a91f8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.645] VirtualProtect (in: lpAddress=0x7fff1c3a91f8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.645] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c4e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c4e0000, AllocationBase=0x7fff1c4e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.645] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.645] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c330000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c330000, AllocationBase=0x7fff1c330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.645] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.645] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18cd0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18cd0000, AllocationBase=0x7fff18cd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.645] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.645] VirtualProtect (in: lpAddress=0x7fff18d5f720, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.645] VirtualProtect (in: lpAddress=0x7fff18d5f720, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.646] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ac00000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1ac00000, AllocationBase=0x7fff1ac00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.646] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.646] VirtualProtect (in: lpAddress=0x7fff1ac57990, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.646] VirtualProtect (in: lpAddress=0x7fff1ac57990, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.646] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a3a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a3a0000, AllocationBase=0x7fff1a3a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.646] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.646] VirtualProtect (in: lpAddress=0x7fff1a3b02d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.647] VirtualProtect (in: lpAddress=0x7fff1a3b02d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.647] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10640000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10640000, AllocationBase=0x7fff10640000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.647] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.647] VirtualProtect (in: lpAddress=0x7fff106bf398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.647] VirtualProtect (in: lpAddress=0x7fff106bf398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.647] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a0f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a0f0000, AllocationBase=0x7fff1a0f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.647] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.648] VirtualProtect (in: lpAddress=0x7fff1a2ea230, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.648] VirtualProtect (in: lpAddress=0x7fff1a2ea230, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a520000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a520000, AllocationBase=0x7fff1a520000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.648] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bf50000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1bf50000, AllocationBase=0x7fff1bf50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.648] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.648] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b940000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b940000, AllocationBase=0x7fff1b940000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.648] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.648] VirtualProtect (in: lpAddress=0x7fff1b9512e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.653] VirtualProtect (in: lpAddress=0x7fff1b9512e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.653] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab10000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1ab10000, AllocationBase=0x7fff1ab10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.653] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.653] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a050000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a050000, AllocationBase=0x7fff1a050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.653] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.653] VirtualProtect (in: lpAddress=0x7fff1a0ad330, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.654] VirtualProtect (in: lpAddress=0x7fff1a0ad330, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aae0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1aae0000, AllocationBase=0x7fff1aae0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d730000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d730000, AllocationBase=0x7fff1d730000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d790000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d790000, AllocationBase=0x7fff1d790000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c180000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c180000, AllocationBase=0x7fff1c180000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.654] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d3f0000, AllocationBase=0x7fff1d3f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.654] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.655] VirtualProtect (in: lpAddress=0x7fff1d4b3128, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.655] VirtualProtect (in: lpAddress=0x7fff1d4b3128, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.655] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cfd0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1cfd0000, AllocationBase=0x7fff1cfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.655] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.655] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b4d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b4d0000, AllocationBase=0x7fff1b4d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.655] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.655] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bc00000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1bc00000, AllocationBase=0x7fff1bc00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.655] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.655] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c150000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c150000, AllocationBase=0x7fff1c150000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.655] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b850000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b850000, AllocationBase=0x7fff1b850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bd70000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1bd70000, AllocationBase=0x7fff1bd70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10c50000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10c50000, AllocationBase=0x7fff10c50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11ca0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff11ca0000, AllocationBase=0x7fff11ca0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.656] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18980000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18980000, AllocationBase=0x7fff18980000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.656] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.656] VirtualProtect (in: lpAddress=0x7fff1898c0e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.657] VirtualProtect (in: lpAddress=0x7fff1898c0e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.657] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10620000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10620000, AllocationBase=0x7fff10620000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.657] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.657] VirtualProtect (in: lpAddress=0x7fff10629170, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.657] VirtualProtect (in: lpAddress=0x7fff10629170, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.657] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15d30000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff15d30000, AllocationBase=0x7fff15d30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.657] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.657] VirtualProtect (in: lpAddress=0x7fff15d54298, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.658] VirtualProtect (in: lpAddress=0x7fff15d54298, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.658] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15c90000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff15c90000, AllocationBase=0x7fff15c90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.658] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.658] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15ea0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff15ea0000, AllocationBase=0x7fff15ea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.658] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.658] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10530000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10530000, AllocationBase=0x7fff10530000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.658] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.658] VirtualProtect (in: lpAddress=0x7fff105be308, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.659] VirtualProtect (in: lpAddress=0x7fff105be308, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.659] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10460000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10460000, AllocationBase=0x7fff10460000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.659] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.659] VirtualProtect (in: lpAddress=0x7fff104e0308, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.659] VirtualProtect (in: lpAddress=0x7fff104e0308, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.659] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19360000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19360000, AllocationBase=0x7fff19360000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.660] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.660] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aa50000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1aa50000, AllocationBase=0x7fff1aa50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.660] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.660] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aa70000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1aa70000, AllocationBase=0x7fff1aa70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.660] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.660] VirtualProtect (in: lpAddress=0x7fff1aaab1a8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.660] VirtualProtect (in: lpAddress=0x7fff1aaab1a8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.660] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14a90000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14a90000, AllocationBase=0x7fff14a90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.660] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.661] VirtualProtect (in: lpAddress=0x7fff14c55f40, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.661] VirtualProtect (in: lpAddress=0x7fff14c55f40, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.661] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff103f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff103f0000, AllocationBase=0x7fff103f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.661] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.661] VirtualProtect (in: lpAddress=0x7fff10400378, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.662] VirtualProtect (in: lpAddress=0x7fff10400378, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.662] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b380000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b380000, AllocationBase=0x7fff1b380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.662] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.662] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18e60000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18e60000, AllocationBase=0x7fff18e60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.662] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.662] VirtualProtect (in: lpAddress=0x7fff18eb12b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.662] VirtualProtect (in: lpAddress=0x7fff18eb12b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.662] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aca0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1aca0000, AllocationBase=0x7fff1aca0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.663] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.663] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c3d0000, AllocationBase=0x7fff1c3d0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.663] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.663] VirtualProtect (in: lpAddress=0x7fff1c4002c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.663] VirtualProtect (in: lpAddress=0x7fff1c4002c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.663] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10380000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10380000, AllocationBase=0x7fff10380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.663] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.663] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10330000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10330000, AllocationBase=0x7fff10330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.663] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.664] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff161b0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff161b0000, AllocationBase=0x7fff161b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.664] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.664] VirtualProtect (in: lpAddress=0x7fff164361b0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.664] VirtualProtect (in: lpAddress=0x7fff164361b0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.664] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1acf0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1acf0000, AllocationBase=0x7fff1acf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.664] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.664] VirtualProtect (in: lpAddress=0x7fff1ad923e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.665] VirtualProtect (in: lpAddress=0x7fff1ad923e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.665] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0fea0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0fea0000, AllocationBase=0x7fff0fea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.665] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.665] VirtualProtect (in: lpAddress=0x7fff1002e540, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.665] VirtualProtect (in: lpAddress=0x7fff1002e540, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.665] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da20000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1da20000, AllocationBase=0x7fff1da20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.666] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.666] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f390000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0f390000, AllocationBase=0x7fff0f390000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.666] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.666] VirtualProtect (in: lpAddress=0x7fff0f96c1c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.667] VirtualProtect (in: lpAddress=0x7fff0f96c1c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.667] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff16c20000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff16c20000, AllocationBase=0x7fff16c20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.667] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.667] VirtualProtect (in: lpAddress=0x7fff16ce9758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.668] VirtualProtect (in: lpAddress=0x7fff16ce9758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.668] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f340000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0f340000, AllocationBase=0x7fff0f340000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.668] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.668] VirtualProtect (in: lpAddress=0x7fff0f371318, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.669] VirtualProtect (in: lpAddress=0x7fff0f371318, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.669] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f330000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0f330000, AllocationBase=0x7fff0f330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.669] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.669] VirtualProtect (in: lpAddress=0x7fff0f338218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.670] VirtualProtect (in: lpAddress=0x7fff0f338218, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.670] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cd90000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1cd90000, AllocationBase=0x7fff1cd90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.670] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.670] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f120000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0f120000, AllocationBase=0x7fff0f120000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.670] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.670] VirtualProtect (in: lpAddress=0x7fff0f2604c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.671] VirtualProtect (in: lpAddress=0x7fff0f2604c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.671] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a450000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a450000, AllocationBase=0x7fff1a450000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.671] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.671] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11100000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff11100000, AllocationBase=0x7fff11100000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.671] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.671] VirtualProtect (in: lpAddress=0x7fff1123a368, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.672] VirtualProtect (in: lpAddress=0x7fff1123a368, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.672] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f000000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0f000000, AllocationBase=0x7fff0f000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.672] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.672] VirtualProtect (in: lpAddress=0x7fff0f063778, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.672] VirtualProtect (in: lpAddress=0x7fff0f063778, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.672] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0efe0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0efe0000, AllocationBase=0x7fff0efe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.672] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.672] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19c20000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19c20000, AllocationBase=0x7fff19c20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.673] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.673] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11b90000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff11b90000, AllocationBase=0x7fff11b90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.673] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.673] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ef00000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ef00000, AllocationBase=0x7fff0ef00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.673] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.673] VirtualProtect (in: lpAddress=0x7fff0ef598d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.673] VirtualProtect (in: lpAddress=0x7fff0ef598d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.673] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b5f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b5f0000, AllocationBase=0x7fff1b5f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.673] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.673] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12910000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12910000, AllocationBase=0x7fff12910000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.674] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.674] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b5e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b5e0000, AllocationBase=0x7fff1b5e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.674] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.674] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0eeb0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0eeb0000, AllocationBase=0x7fff0eeb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.674] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.674] VirtualProtect (in: lpAddress=0x7fff0eee23c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.674] VirtualProtect (in: lpAddress=0x7fff0eee23c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.674] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0eea0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0eea0000, AllocationBase=0x7fff0eea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.674] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.674] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18200000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18200000, AllocationBase=0x7fff18200000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.674] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.675] VirtualProtect (in: lpAddress=0x7fff182b3430, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.675] VirtualProtect (in: lpAddress=0x7fff182b3430, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.675] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff16de0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff16de0000, AllocationBase=0x7fff16de0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.675] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.675] VirtualProtect (in: lpAddress=0x7fff16e88470, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.676] VirtualProtect (in: lpAddress=0x7fff16e88470, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.676] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19120000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19120000, AllocationBase=0x7fff19120000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.676] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.676] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18160000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18160000, AllocationBase=0x7fff18160000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.676] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.676] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a3f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1a3f0000, AllocationBase=0x7fff1a3f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.676] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.676] VirtualProtect (in: lpAddress=0x7fff1a432130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.677] VirtualProtect (in: lpAddress=0x7fff1a432130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.677] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ebe0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ebe0000, AllocationBase=0x7fff0ebe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.677] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.677] VirtualProtect (in: lpAddress=0x7fff0ec78040, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.677] VirtualProtect (in: lpAddress=0x7fff0ec78040, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.677] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14470000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14470000, AllocationBase=0x7fff14470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.677] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.678] VirtualProtect (in: lpAddress=0x7fff14654528, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.678] VirtualProtect (in: lpAddress=0x7fff14654528, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.678] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14a80000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14a80000, AllocationBase=0x7fff14a80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.678] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.678] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e8c0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e8c0000, AllocationBase=0x7fff0e8c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.678] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.678] VirtualProtect (in: lpAddress=0x7fff0ea3c080, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.678] VirtualProtect (in: lpAddress=0x7fff0ea3c080, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.678] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e8a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e8a0000, AllocationBase=0x7fff0e8a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.678] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e800000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e800000, AllocationBase=0x7fff0e800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff167a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff167a0000, AllocationBase=0x7fff167a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e650000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e650000, AllocationBase=0x7fff0e650000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14d10000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14d10000, AllocationBase=0x7fff14d10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x6830000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x6830000, AllocationBase=0x6830000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x883000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e610000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e610000, AllocationBase=0x7fff0e610000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1dda0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1dda0000, AllocationBase=0x7fff1dda0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e590000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e590000, AllocationBase=0x7fff0e590000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.679] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.679] VirtualProtect (in: lpAddress=0x7fff0e5e9218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.680] VirtualProtect (in: lpAddress=0x7fff0e5e9218, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.680] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d6c0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d6c0000, AllocationBase=0x7fff1d6c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.680] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.681] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1dbe0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1dbe0000, AllocationBase=0x7fff1dbe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.681] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.681] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e4b0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e4b0000, AllocationBase=0x7fff0e4b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.681] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.681] VirtualProtect (in: lpAddress=0x7fff0e53e398, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.681] VirtualProtect (in: lpAddress=0x7fff0e53e398, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.681] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15470000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff15470000, AllocationBase=0x7fff15470000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.681] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.681] VirtualProtect (in: lpAddress=0x7fff155132e0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.682] VirtualProtect (in: lpAddress=0x7fff155132e0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.682] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e420000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e420000, AllocationBase=0x7fff0e420000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.682] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.682] VirtualProtect (in: lpAddress=0x7fff0e479310, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.683] VirtualProtect (in: lpAddress=0x7fff0e479310, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.683] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e3d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e3d0000, AllocationBase=0x7fff0e3d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.683] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.683] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14720000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14720000, AllocationBase=0x7fff14720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.683] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.683] VirtualProtect (in: lpAddress=0x7fff148145d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.683] VirtualProtect (in: lpAddress=0x7fff148145d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.683] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e250000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e250000, AllocationBase=0x7fff0e250000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.683] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.684] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12580000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12580000, AllocationBase=0x7fff12580000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.684] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.684] VirtualProtect (in: lpAddress=0x7fff1258b270, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.684] VirtualProtect (in: lpAddress=0x7fff1258b270, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.684] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b6d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b6d0000, AllocationBase=0x7fff1b6d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.684] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.684] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10780000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10780000, AllocationBase=0x7fff10780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.684] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.684] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e0c0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e0c0000, AllocationBase=0x7fff0e0c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.684] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.684] VirtualProtect (in: lpAddress=0x7fff0e1213c0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.685] VirtualProtect (in: lpAddress=0x7fff0e1213c0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.685] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12330000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12330000, AllocationBase=0x7fff12330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.685] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.685] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e090000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0e090000, AllocationBase=0x7fff0e090000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.685] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.685] VirtualProtect (in: lpAddress=0x7fff0e0a9378, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.686] VirtualProtect (in: lpAddress=0x7fff0e0a9378, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.686] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0dfd0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0dfd0000, AllocationBase=0x7fff0dfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.686] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.686] VirtualProtect (in: lpAddress=0x7fff0e022490, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.686] VirtualProtect (in: lpAddress=0x7fff0e022490, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.686] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19a00000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19a00000, AllocationBase=0x7fff19a00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.686] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.686] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff199e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff199e0000, AllocationBase=0x7fff199e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.687] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.687] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12dd0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12dd0000, AllocationBase=0x7fff12dd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.687] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.687] VirtualProtect (in: lpAddress=0x7fff12e0f1b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.687] VirtualProtect (in: lpAddress=0x7fff12e0f1b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.687] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de50000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0de50000, AllocationBase=0x7fff0de50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.687] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.687] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19de0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19de0000, AllocationBase=0x7fff19de0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.687] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.687] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19bd0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19bd0000, AllocationBase=0x7fff19bd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.687] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.688] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de30000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0de30000, AllocationBase=0x7fff0de30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.688] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.688] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b030000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b030000, AllocationBase=0x7fff1b030000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.688] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.688] VirtualProtect (in: lpAddress=0x7fff1b045130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.688] VirtualProtect (in: lpAddress=0x7fff1b045130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.688] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14410000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14410000, AllocationBase=0x7fff14410000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.688] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.688] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff125b0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff125b0000, AllocationBase=0x7fff125b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.688] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.689] VirtualProtect (in: lpAddress=0x7fff12607220, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.689] VirtualProtect (in: lpAddress=0x7fff12607220, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.689] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bba0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1bba0000, AllocationBase=0x7fff1bba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.689] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.689] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de10000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0de10000, AllocationBase=0x7fff0de10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.689] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.689] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b9a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b9a0000, AllocationBase=0x7fff1b9a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.689] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.689] VirtualProtect (in: lpAddress=0x7fff1ba183d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.690] VirtualProtect (in: lpAddress=0x7fff1ba183d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.690] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ddb0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ddb0000, AllocationBase=0x7fff0ddb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.690] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.690] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d660000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d660000, AllocationBase=0x7fff1d660000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.690] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.690] VirtualProtect (in: lpAddress=0x7fff1d69f140, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.691] VirtualProtect (in: lpAddress=0x7fff1d69f140, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff194e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff194e0000, AllocationBase=0x7fff194e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1be40000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1be40000, AllocationBase=0x7fff1be40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1be00000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1be00000, AllocationBase=0x7fff1be00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b7b0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1b7b0000, AllocationBase=0x7fff1b7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff186e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff186e0000, AllocationBase=0x7fff186e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14320000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14320000, AllocationBase=0x7fff14320000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b6f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0b6f0000, AllocationBase=0x7fff0b6f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.691] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10ba0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff10ba0000, AllocationBase=0x7fff10ba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.691] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.692] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15fe0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff15fe0000, AllocationBase=0x7fff15fe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.692] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.692] VirtualProtect (in: lpAddress=0x7fff16094288, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.692] VirtualProtect (in: lpAddress=0x7fff16094288, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.692] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15fb0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff15fb0000, AllocationBase=0x7fff15fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.692] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.692] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff189e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff189e0000, AllocationBase=0x7fff189e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.692] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.692] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b280000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0b280000, AllocationBase=0x7fff0b280000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.692] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.693] VirtualProtect (in: lpAddress=0x7fff0b2aa8c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.693] VirtualProtect (in: lpAddress=0x7fff0b2aa8c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.693] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b080000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0b080000, AllocationBase=0x7fff0b080000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.693] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.693] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19780000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19780000, AllocationBase=0x7fff19780000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.693] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.693] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0db10000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0db10000, AllocationBase=0x7fff0db10000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.693] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.693] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0da70000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0da70000, AllocationBase=0x7fff0da70000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.693] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.693] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0da30000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0da30000, AllocationBase=0x7fff0da30000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.694] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.694] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c1f0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1c1f0000, AllocationBase=0x7fff1c1f0000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.694] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.694] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11b40000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff11b40000, AllocationBase=0x7fff11b40000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.694] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.694] VirtualProtect (in: lpAddress=0x7fff11b674f8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.694] VirtualProtect (in: lpAddress=0x7fff11b674f8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.694] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0af40000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0af40000, AllocationBase=0x7fff0af40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.694] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.694] VirtualProtect (in: lpAddress=0x7fff0b00c4d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.695] VirtualProtect (in: lpAddress=0x7fff0b00c4d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.695] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18310000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18310000, AllocationBase=0x7fff18310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.695] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.695] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18f50000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18f50000, AllocationBase=0x7fff18f50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.695] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.695] VirtualProtect (in: lpAddress=0x7fff18f9a4c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.696] VirtualProtect (in: lpAddress=0x7fff18f9a4c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.696] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0aec0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0aec0000, AllocationBase=0x7fff0aec0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.696] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.696] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ae30000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ae30000, AllocationBase=0x7fff0ae30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.696] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.696] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0adb0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0adb0000, AllocationBase=0x7fff0adb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.696] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.696] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ad60000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ad60000, AllocationBase=0x7fff0ad60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.696] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.696] VirtualProtect (in: lpAddress=0x7fff0ad745d0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.697] VirtualProtect (in: lpAddress=0x7fff0ad745d0, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.697] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ad40000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ad40000, AllocationBase=0x7fff0ad40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.697] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.697] VirtualProtect (in: lpAddress=0x7fff0ad4f008, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.698] VirtualProtect (in: lpAddress=0x7fff0ad4f008, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.698] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0d970000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0d970000, AllocationBase=0x7fff0d970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.698] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.698] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0acb0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0acb0000, AllocationBase=0x7fff0acb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.698] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.698] VirtualProtect (in: lpAddress=0x7fff0acf64c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.698] VirtualProtect (in: lpAddress=0x7fff0acf64c8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.699] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ac60000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ac60000, AllocationBase=0x7fff0ac60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.699] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.699] VirtualProtect (in: lpAddress=0x7fff0ac86450, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.699] VirtualProtect (in: lpAddress=0x7fff0ac86450, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.699] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19140000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff19140000, AllocationBase=0x7fff19140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.699] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.699] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0aa10000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0aa10000, AllocationBase=0x7fff0aa10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.699] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.699] VirtualProtect (in: lpAddress=0x7fff0aae5968, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.700] VirtualProtect (in: lpAddress=0x7fff0aae5968, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.700] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ceb0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ceb0000, AllocationBase=0x7fff0ceb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.700] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.700] VirtualProtect (in: lpAddress=0x7fff0cec1368, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.700] VirtualProtect (in: lpAddress=0x7fff0cec1368, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.701] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ce80000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0ce80000, AllocationBase=0x7fff0ce80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.701] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.701] VirtualProtect (in: lpAddress=0x7fff0ce9d280, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.701] VirtualProtect (in: lpAddress=0x7fff0ce9d280, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.701] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0a5e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0a5e0000, AllocationBase=0x7fff0a5e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.701] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.701] VirtualProtect (in: lpAddress=0x7fff0a613468, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.702] VirtualProtect (in: lpAddress=0x7fff0a613468, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.702] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11c00000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff11c00000, AllocationBase=0x7fff11c00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.702] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.702] VirtualProtect (in: lpAddress=0x7fff11c13130, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.702] VirtualProtect (in: lpAddress=0x7fff11c13130, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.702] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08920000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08920000, AllocationBase=0x7fff08920000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.702] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.703] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12290000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12290000, AllocationBase=0x7fff12290000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.703] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.703] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18820000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18820000, AllocationBase=0x7fff18820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.703] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.703] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18800000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18800000, AllocationBase=0x7fff18800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.703] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.703] VirtualProtect (in: lpAddress=0x7fff1880d1e8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.703] VirtualProtect (in: lpAddress=0x7fff1880d1e8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.703] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14430000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff14430000, AllocationBase=0x7fff14430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.703] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.704] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff088a0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff088a0000, AllocationBase=0x7fff088a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.704] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.704] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08880000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08880000, AllocationBase=0x7fff08880000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.704] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.704] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08840000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08840000, AllocationBase=0x7fff08840000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.704] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.704] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18ff0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff18ff0000, AllocationBase=0x7fff18ff0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.704] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.704] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08800000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08800000, AllocationBase=0x7fff08800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.704] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.704] VirtualProtect (in: lpAddress=0x7fff088292d8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.705] VirtualProtect (in: lpAddress=0x7fff088292d8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.705] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08730000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08730000, AllocationBase=0x7fff08730000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.705] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.705] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08720000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08720000, AllocationBase=0x7fff08720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.705] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.705] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff086d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff086d0000, AllocationBase=0x7fff086d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.705] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.705] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12100000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12100000, AllocationBase=0x7fff12100000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.705] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.705] VirtualProtect (in: lpAddress=0x7fff12124758, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.706] VirtualProtect (in: lpAddress=0x7fff12124758, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.706] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08380000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08380000, AllocationBase=0x7fff08380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.706] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.706] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12070000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12070000, AllocationBase=0x7fff12070000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.706] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.706] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff082e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff082e0000, AllocationBase=0x7fff082e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.706] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.706] VirtualProtect (in: lpAddress=0x7fff0833b750, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.706] VirtualProtect (in: lpAddress=0x7fff0833b750, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.706] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08240000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff08240000, AllocationBase=0x7fff08240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.706] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.707] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff151d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff151d0000, AllocationBase=0x7fff151d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.707] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.707] VirtualProtect (in: lpAddress=0x7fff151ee1b8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x2) returned 1 [0262.707] VirtualProtect (in: lpAddress=0x7fff151ee1b8, dwSize=0x8, flNewProtect=0x2, lpflOldProtect=0x9b9f620 | out: lpflOldProtect=0x9b9f620*=0x40) returned 1 [0262.707] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0c3d0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff0c3d0000, AllocationBase=0x7fff0c3d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.707] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.707] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab70000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1ab70000, AllocationBase=0x7fff1ab70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.707] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.707] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab40000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1ab40000, AllocationBase=0x7fff1ab40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.707] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.707] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12050000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff12050000, AllocationBase=0x7fff12050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.708] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.708] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3e0000, lpBuffer=0x9b9f6f0, dwLength=0x30 | out: lpBuffer=0x9b9f6f0*(BaseAddress=0x7fff1d3e0000, AllocationBase=0x7fff1d3e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.708] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f620, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f620, ReturnLength=0x0) returned 0x0 [0262.708] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="System", AllocateDestinationString=1) returned 0x0 [0262.708] RtlFreeAnsiString (AnsiString="S") [0262.708] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="smss.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="C") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="wininit.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="W") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="csrss.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="C") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="winlogon.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="W") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="services.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="lsass.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="L") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="dwm.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="D") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="spoolsv.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="OfficeClickToRun.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="O") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="sihost.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="S") [0262.709] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="taskhostw.exe", AllocateDestinationString=1) returned 0x0 [0262.709] RtlFreeAnsiString (AnsiString="T") [0262.710] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="explorer.exe", AllocateDestinationString=1) returned 0x0 [0262.710] RtlFreeAnsiString (AnsiString="E") [0262.710] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="RuntimeBroker.exe", AllocateDestinationString=1) returned 0x0 [0262.710] RtlFreeAnsiString (AnsiString="R") [0262.710] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="ShellExperienceHost.exe", AllocateDestinationString=1) returned 0x0 [0262.710] RtlFreeAnsiString (AnsiString="S") [0262.710] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="SearchUI.exe", AllocateDestinationString=1) returned 0x0 [0262.710] RtlFreeAnsiString (AnsiString="S") [0262.710] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="audiodg.exe", AllocateDestinationString=1) returned 0x0 [0262.710] RtlFreeAnsiString (AnsiString="A") [0262.710] RtlUpcaseUnicodeString (DestinationString=0x9b9f720, SourceString="svchost.exe", AllocateDestinationString=1) returned 0x0 [0262.710] RtlFreeAnsiString (AnsiString="S") [0262.710] RtlNtStatusToDosError (Status=0x0) returned 0x0 [0262.710] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegCreateKeyA") returned 0x7fff1f7e6dc0 [0262.710] RegCreateKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x9b9f7d0 | out: phkResult=0x9b9f7d0*=0x140c) returned 0x0 [0262.711] RegQueryValueExA (in: hKey=0x140c, lpValueName="Client", lpReserved=0x0, lpType=0x9b9f7c8, lpData=0xb086ba0, lpcbData=0x9b9f7c0*=0x28 | out: lpType=0x9b9f7c8*=0x3, lpData=0xb086ba0*, lpcbData=0x9b9f7c0*=0x28) returned 0x0 [0262.711] RegCloseKey (hKey=0x140c) returned 0x0 [0262.711] wsprintfA (in: param_1=0xb55fec0, param_2="%08x%08x%08x%08x" | out: param_1="c5449c7a8bfcc0923b720af430d5cede") returned 32 [0262.711] GetComputerNameA (in: lpBuffer=0x9b9f6b0, nSize=0x9b9f7c0 | out: lpBuffer="LHNIWSJ", nSize=0x9b9f7c0) returned 1 [0262.711] lstrlenA (lpString="LHNIWSJ") returned 7 [0262.711] GetProcAddress (hModule=0x7fff1f7a0000, lpProcName="RegOpenKeyExA") returned 0x7fff1f7b7d70 [0262.711] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x9b9f6a0 | out: phkResult=0x9b9f6a0*=0x140c) returned 0x0 [0262.712] RegQueryValueExA (in: hKey=0x140c, lpValueName="ProductID", lpReserved=0x0, lpType=0x0, lpData=0x9b9f6b0, lpcbData=0x9b9f7c0*=0x100 | out: lpType=0x0, lpData=0x9b9f6b0*=0x30, lpcbData=0x9b9f7c0*=0x18) returned 0x0 [0262.712] lstrlenA (lpString="00330-80107-01105-AA992") returned 23 [0262.712] RegQueryValueExA (in: hKey=0x140c, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x9b9f6b0, lpcbData=0x9b9f7c0*=0x100 | out: lpType=0x0, lpData=0x9b9f6b0*=0x57, lpcbData=0x9b9f7c0*=0xf) returned 0x0 [0262.712] lstrlenA (lpString="Windows 10 Pro") returned 14 [0262.712] RegQueryValueExA (in: hKey=0x140c, lpValueName="CurrentVersion", lpReserved=0x0, lpType=0x0, lpData=0x9b9f6b0, lpcbData=0x9b9f7c0*=0x100 | out: lpType=0x0, lpData=0x9b9f6b0*=0x36, lpcbData=0x9b9f7c0*=0x4) returned 0x0 [0262.712] lstrlenA (lpString="6.3") returned 3 [0262.712] RegQueryValueExA (in: hKey=0x140c, lpValueName="InstallDate", lpReserved=0x0, lpType=0x0, lpData=0x9b9f6a8, lpcbData=0x9b9f7c0*=0x4 | out: lpType=0x0, lpData=0x9b9f6a8*=0x41, lpcbData=0x9b9f7c0*=0x4) returned 0x0 [0262.712] RegCloseKey (hKey=0x140c) returned 0x0 [0262.712] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x9b9f7d8, lpMaximumComponentLength=0x9b9f7c0, lpFileSystemFlags=0x9b9f7d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x9b9f7d8*=0xd2ca4def, lpMaximumComponentLength=0x9b9f7c0*=0xff, lpFileSystemFlags=0x9b9f7d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1 [0262.712] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xb03c5b8, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x9b9f898 | out: lpThreadId=0x9b9f898*=0x904) returned 0x140c [0262.712] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x7fff1d3f0000 [0262.713] GetProcAddress (hModule=0x7fff1d3f0000, lpProcName="CreateStreamOnHGlobal") returned 0x7fff1d0a70a0 [0262.713] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0xb0876a8 | out: ppstm=0xb0876a8*=0xa7f18a0) returned 0x0 [0262.714] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x18bc [0262.714] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xb0507f0, lpParameter=0xb087880, dwCreationFlags=0x0, lpThreadId=0xb087888 | out: lpThreadId=0xb087888*=0x7a8) returned 0x10f0 [0262.714] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xb03eb80, lpParameter=0xb087710, dwCreationFlags=0x0, lpThreadId=0xb087718 | out: lpThreadId=0xb087718*=0x8bc) returned 0x10f4 [0262.714] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 0x0 [0262.715] CreateWaitableTimerA (lpTimerAttributes=0xb0877b0, bManualReset=1, lpTimerName="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 0x1424 [0262.715] GetLastError () returned 0x0 [0262.716] GetProcAddress (hModule=0x7fff1f690000, lpProcName="PathFindFileNameA") returned 0x7fff1f69cf30 [0262.716] PathFindFileNameA (pszPath="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}" [0262.716] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\AppDataLow\\Software\\Microsoft\\667F6611-8D0F-88EB-47FA-113C6BCED530", phkResult=0x9b9f760 | out: phkResult=0x9b9f760*=0x1434) returned 0x0 [0262.716] RegQueryValueExA (in: hKey=0x1434, lpValueName="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}", lpReserved=0x0, lpType=0x9b9f700, lpData=0x0, lpcbData=0x9b9f7a8*=0xb087718 | out: lpType=0x9b9f700*=0x3, lpData=0x0, lpcbData=0x9b9f7a8*=0x8) returned 0x0 [0262.716] RegQueryValueExA (in: hKey=0x1434, lpValueName="{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}", lpReserved=0x0, lpType=0x9b9f700, lpData=0xb55ff30, lpcbData=0x9b9f7a8*=0x8 | out: lpType=0x9b9f700*=0x3, lpData=0xb55ff30*, lpcbData=0x9b9f7a8*=0x8) returned 0x0 [0262.716] RegCloseKey (hKey=0x1434) returned 0x0 [0262.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x9b9f768 | out: lpSystemTimeAsFileTime=0x9b9f768*(dwLowDateTime=0x9927cdd6, dwHighDateTime=0x1d4716d)) [0262.716] SetWaitableTimer (hTimer=0x1424, lpDueTime=0xb55ff30, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0262.716] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 0x0 [0262.716] CreateWaitableTimerA (lpTimerAttributes=0xb0877b0, bManualReset=1, lpTimerName="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 0x1434 [0262.716] GetLastError () returned 0x0 [0262.716] SetWaitableTimer (hTimer=0x1434, lpDueTime=0x9b9f7a8, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0262.716] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 0x0 [0262.716] CreateMutexA (lpMutexAttributes=0xb0877b0, bInitialOwner=0, lpName="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 0x1440 [0262.716] CreateEventA (lpEventAttributes=0xb0877b0, bManualReset=1, bInitialState=0, lpName="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 0x1428 [0262.716] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 0x0 [0262.716] CreateWaitableTimerA (lpTimerAttributes=0xb0877b0, bManualReset=1, lpTimerName="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 0x1420 [0262.716] GetLastError () returned 0x0 [0262.716] SetWaitableTimer (hTimer=0x1420, lpDueTime=0x9b9f7a8, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0262.716] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned 0x0 [0262.716] CreateMutexA (lpMutexAttributes=0xb0877b0, bInitialOwner=0, lpName="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned 0x1430 [0262.717] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 0x0 [0262.717] CreateWaitableTimerA (lpTimerAttributes=0xb0877b0, bManualReset=1, lpTimerName="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 0x13fc [0262.717] GetLastError () returned 0x0 [0262.717] SetWaitableTimer (hTimer=0x13fc, lpDueTime=0x9b9f7a8, lPeriod=0, pfnCompletionRoutine=0x0, lpArgToCompletionRoutine=0x0, fResume=0) returned 1 [0262.717] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 0x0 [0262.717] CreateMutexA (lpMutexAttributes=0xb0877b0, bInitialOwner=0, lpName="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 0x143c [0262.717] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x7fff1f7a0000 [0262.718] GetModuleHandleA (lpModuleName="ADVAPI32.DLL") returned 0x7fff1f7a0000 [0262.718] lstrcmpA (lpString1="A_SHAFinal", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="A_SHAInit", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="A_SHAUpdate", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AbortSystemShutdownA", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AbortSystemShutdownW", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheck", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckAndAuditAlarmA", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckAndAuditAlarmW", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByType", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmA", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeAndAuditAlarmW", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeResultList", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmA", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AccessCheckByTypeResultListAndAuditAlarmW", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAccessAllowedAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAccessAllowedAceEx", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAccessAllowedObjectAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAccessDeniedAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAccessDeniedAceEx", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAccessDeniedObjectAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAuditAccessAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAuditAccessAceEx", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddAuditAccessObjectAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddConditionalAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddMandatoryAce", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddUsersToEncryptedFile", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AddUsersToEncryptedFileEx", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AdjustTokenGroups", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AdjustTokenPrivileges", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AllocateAndInitializeSid", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AllocateLocallyUniqueId", lpString2="CryptGetUserKey") returned -1 [0262.718] lstrcmpA (lpString1="AreAllAccessesGranted", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AreAnyAccessesGranted", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditComputeEffectivePolicyBySid", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditComputeEffectivePolicyByToken", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditEnumerateCategories", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditEnumeratePerUserPolicy", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditEnumerateSubCategories", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditFree", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditLookupCategoryGuidFromCategoryId", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditLookupCategoryIdFromCategoryGuid", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditLookupCategoryNameA", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditLookupCategoryNameW", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditLookupSubCategoryNameA", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditLookupSubCategoryNameW", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditQueryGlobalSaclA", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditQueryGlobalSaclW", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditQueryPerUserPolicy", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditQuerySecurity", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditQuerySystemPolicy", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditSetGlobalSaclA", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditSetGlobalSaclW", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditSetPerUserPolicy", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditSetSecurity", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="AuditSetSystemPolicy", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BackupEventLogA", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BackupEventLogW", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegCloseKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegCreateKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegDeleteKeyEx", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegDeleteValue", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegFlushKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegGetVersion", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegLoadKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegOpenKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegRestoreKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegSaveKeyEx", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegSetKeySecurity", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegSetValue", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BaseRegUnLoadKey", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BuildExplicitAccessWithNameA", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BuildExplicitAccessWithNameW", lpString2="CryptGetUserKey") returned -1 [0262.719] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildImpersonateExplicitAccessWithNameW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildImpersonateTrusteeA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildImpersonateTrusteeW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithNameA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithNameW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndNameW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithObjectsAndSidW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithSidA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="BuildTrusteeWithSidW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CancelOverlappedAccess", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ChangeServiceConfig2A", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ChangeServiceConfig2W", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ChangeServiceConfigA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ChangeServiceConfigW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CheckForHiberboot", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CheckTokenMembership", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ClearEventLogA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ClearEventLogW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CloseCodeAuthzLevel", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CloseEncryptedFileRaw", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CloseEventLog", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CloseServiceHandle", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CloseThreadWaitChainSession", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CloseTrace", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="CommandLineFromMsiDescriptor", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ComputeAccessTokenFromCodeAuthzLevel", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ControlService", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ControlServiceExA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ControlServiceExW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ControlTraceA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ControlTraceW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ConvertAccessToSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ConvertSDToStringSDDomainW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainA", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ConvertSDToStringSDRootDomainW", lpString2="CryptGetUserKey") returned -1 [0262.720] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessNamedW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSecurityDescriptorToAccessW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSidToStringSidA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertSidToStringSidW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSDToSDDomainA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSDToSDDomainW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSDToSDRootDomainW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSidToSidA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertStringSidToSidW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="ConvertToAutoInheritPrivateObjectSecurity", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CopySid", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateCodeAuthzLevel", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreatePrivateObjectSecurity", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreatePrivateObjectSecurityEx", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreatePrivateObjectSecurityWithMultipleInheritance", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateProcessAsUserA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateProcessAsUserW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateProcessWithLogonW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateProcessWithTokenW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateRestrictedToken", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateServiceA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateServiceW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateTraceInstanceId", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CreateWellKnownSid", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredBackupCredentials", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredDeleteA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredDeleteW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredEncryptAndMarshalBinaryBlob", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredEnumerateA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredEnumerateW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredFindBestCredentialA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredFindBestCredentialW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredFree", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredGetSessionTypes", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredGetTargetInfoA", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredGetTargetInfoW", lpString2="CryptGetUserKey") returned -1 [0262.721] lstrcmpA (lpString1="CredIsMarshaledCredentialA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredIsMarshaledCredentialW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredIsProtectedA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredIsProtectedW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredMarshalCredentialA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredMarshalCredentialW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredProfileLoaded", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredProfileLoadedEx", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredProfileUnloaded", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredProtectA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredProtectW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredReadA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredReadByTokenHandle", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredReadDomainCredentialsA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredReadDomainCredentialsW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredReadW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredRenameA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredRenameW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredRestoreCredentials", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredUnmarshalCredentialA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredUnmarshalCredentialW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredUnprotectA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredUnprotectW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredWriteA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredWriteDomainCredentialsA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredWriteDomainCredentialsW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredWriteW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredpConvertCredential", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredpConvertOneCredentialSize", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredpConvertTargetInfo", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredpDecodeCredential", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredpEncodeCredential", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CredpEncodeSecret", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptAcquireContextA", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptAcquireContextW", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptContextAddRef", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptCreateHash", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptDecrypt", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptDeriveKey", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptDestroyHash", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptDestroyKey", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptDuplicateHash", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptDuplicateKey", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptEncrypt", lpString2="CryptGetUserKey") returned -1 [0262.722] lstrcmpA (lpString1="CryptEnumProviderTypesA", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptEnumProviderTypesW", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptEnumProvidersA", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptEnumProvidersW", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptExportKey", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGenKey", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGenRandom", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGetDefaultProviderA", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGetDefaultProviderW", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGetHashParam", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGetKeyParam", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGetProvParam", lpString2="CryptGetUserKey") returned -1 [0262.723] lstrcmpA (lpString1="CryptGetUserKey", lpString2="CryptGetUserKey") returned 0 [0262.723] VirtualProtect (in: lpAddress=0x7fff1f82bbbc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x9b9f6b8 | out: lpflOldProtect=0x9b9f6b8*=0x2) returned 1 [0262.723] VirtualProtect (in: lpAddress=0x7fff1f80380e, dwSize=0xe, flNewProtect=0x40, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x20) returned 1 [0262.724] VirtualProtect (in: lpAddress=0x7fff1f80380e, dwSize=0xe, flNewProtect=0x20, lpflOldProtect=0x9b9f6b0 | out: lpflOldProtect=0x9b9f6b0*=0x40) returned 1 [0262.724] VirtualProtect (in: lpAddress=0x7fff1f82bbbc, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x9b9f6b8 | out: lpflOldProtect=0x9b9f6b8*=0x40) returned 1 [0262.724] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f650, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f650, ReturnLength=0x0) returned 0x0 [0262.724] EnumProcessModules (in: hProcess=0xffffffffffffffff, lphModule=0xb461400, cb=0x1000, lpcbNeeded=0x9b9f758 | out: lphModule=0xb461400, lpcbNeeded=0x9b9f758) returned 1 [0262.727] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7ff6e4e10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7ff6e4e10000, AllocationBase=0x7ff6e4e10000, AllocationProtect=0x80, __alignment1=0xffffe001, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0x0)) returned 0x30 [0262.727] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.727] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="OLEAUT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-com-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.727] lstrcmpiA (lpString1="api-ms-win-core-winrt-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-eventing-classicprovider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-power-base-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-string-l2-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-path-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-timezone-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-winrt-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-datetime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-util-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-interlocked-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-rtlsupport-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-job-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-kernel32-private-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-registryuserspecific-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-com-private-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-atoms-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-url-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="KERNEL32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="USER32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="GDI32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="SHCORE.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="SHLWAPI.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="SHELL32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="PROPSYS.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="UxTheme.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="dwmapi.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="TWINAPI.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="combase.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="d3d11.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="dcomp.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-string-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-core-psapi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="SspiCli.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.728] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l2-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-winrt-error-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-io-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-eventing-controller-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-3.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="USERENV.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-file-l2-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-service-management-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="CRYPT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-sidebyside-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="SLC.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="profapi.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="netutils.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="wkscli.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="api-ms-win-security-sddl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="CRYPTSP.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="ole32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="CFGMGR32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="WINTRUST.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.729] lstrcmpiA (lpString1="Bcp47Langs.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="WINSTA.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="OLEACC.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="DUser.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="DUI70.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="SndVolSSO.DLL", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="WinLangdb.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="MFPlat.DLL", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="MF.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="SETTINGSYNCPOLICY.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="wlanapi.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="AppXAllUserStore.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="api-ms-win-appmodel-state-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="ext-ms-win-ntuser-draw-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="ext-ms-win-ntuser-draw-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.731] lstrcmpiA (lpString1="api-ms-win-core-winrt-propertysetprivate-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-biptcltapi-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-biptcltapi-l1-1-3.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-biplmapi-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="dsreg.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="ext-ms-onecore-appmodel-veventdispatcher-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="SystemEventsBrokerClient.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-service-management-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-service-winsvc-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="WINMM.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="UIAutomationCore.DLL", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="XmlLite.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f900000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f900000, AllocationBase=0x7fff1f900000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.732] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.732] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f850000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f850000, AllocationBase=0x7fff1f850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.732] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.732] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cdf0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1cdf0000, AllocationBase=0x7fff1cdf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.732] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.732] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a8f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a8f0000, AllocationBase=0x7fff1a8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.732] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.732] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-appcompat-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="KERNEL32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.732] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-localization-obsolete-l1-3-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f700000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f700000, AllocationBase=0x7fff1f700000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.733] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.733] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-console-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-datetime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-fibers-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-namedpipe-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="api-ms-win-core-util-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] lstrcmpiA (lpString1="KERNELBASE.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.733] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d540000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d540000, AllocationBase=0x7fff1d540000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.733] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.734] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="combase.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-com-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-localization-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-datetime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-kernel32-private-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-localization-private-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="KERNELBASE.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="ext-ms-win-ole32-oleautomation-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] lstrcmpiA (lpString1="ext-ms-win-sxs-oleautomation-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.734] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d080000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d080000, AllocationBase=0x7fff1d080000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.735] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.735] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-debug-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-3.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-fibers-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-interlocked-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-heap-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-privateprofile-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-sidebyside-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.735] lstrcmpiA (lpString1="api-ms-win-core-string-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-core-windowserrorreporting-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-core-quirks-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-core-util-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="bcrypt.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="CRYPT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="OLEAUT32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-security-sddl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-service-core-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-service-winsvc-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-security-cryptoapi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-rtcore-ntuser-synch-ext-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-ntuser-misc-l1-5-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-ntuser-private-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-ntuser-windowstation-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-gdi-dc-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-gdi-draw-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-gdi-metafile-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-rtcore-gdi-object-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-com-clbcatq-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-com-ole32-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-com-coml2-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-advapi32-msi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-kernel32-package-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-kernel32-package-current-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-advapi32-psm-app-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-com-psmregister-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-core-winrt-remote-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-com-suspendresiliency-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ole32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="ext-ms-win-appmodel-state-ext-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d8f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d8f0000, AllocationBase=0x7fff1d8f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.736] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.736] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.736] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-interlocked-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-io-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-string-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-heap-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-namedpipe-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-timezone-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-threadpool-legacy-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-apiquery-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="KERNELBASE.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="ext-ms-win-core-winrt-remote-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="ext-ms-win-rpc-ssl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-security-lsalookup-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="SspiCli.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="WS2_32.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="IPHLPAPI.DLL", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="ext-ms-win-authz-context-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-security-sddl-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="bcryptPrimitives.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c350000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c350000, AllocationBase=0x7fff1c350000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.737] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.737] lstrcmpiA (lpString1="msvcrt.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.737] lstrcmpiA (lpString1="RPCRT4.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-localization-private-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-threadpool-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-heap-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-realtime-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-delayload-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="WMICLNT.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-devices-query-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-service-private-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1da90000, AllocationBase=0x7fff1da90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.738] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.738] lstrcmpiA (lpString1="ntdll.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-localization-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-registry-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-heap-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-string-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-synch-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-file-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-errorhandling-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-processthreads-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-eventing-provider-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-libraryloader-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-sysinfo-l1-2-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-processenvironment-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-security-base-l1-2-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-string-l2-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-handle-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-memory-l1-1-2.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-profile-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-privateprofile-l1-1-1.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-atoms-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.738] lstrcmpiA (lpString1="api-ms-win-core-heap-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.739] lstrcmpiA (lpString1="api-ms-win-core-string-obsolete-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.739] lstrcmpiA (lpString1="api-ms-win-core-localization-obsolete-l1-3-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.739] lstrcmpiA (lpString1="api-ms-win-core-stringansi-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.739] lstrcmpiA (lpString1="api-ms-win-core-sidebyside-l1-1-0.dll", lpString2="ADVAPI32.DLL") returned 1 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f500000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f500000, AllocationBase=0x7fff1f500000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c420000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c420000, AllocationBase=0x7fff1c420000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f690000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f690000, AllocationBase=0x7fff1f690000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1df70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1df70000, AllocationBase=0x7fff1df70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c760000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c760000, AllocationBase=0x7fff1c760000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1f7a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1f7a0000, AllocationBase=0x7fff1f7a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d600000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d600000, AllocationBase=0x7fff1d600000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c3c0000, AllocationBase=0x7fff1c3c0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.739] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c3a0000, AllocationBase=0x7fff1c3a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.739] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c4e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c4e0000, AllocationBase=0x7fff1c4e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c330000, AllocationBase=0x7fff1c330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18cd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18cd0000, AllocationBase=0x7fff18cd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ac00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ac00000, AllocationBase=0x7fff1ac00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a3a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a3a0000, AllocationBase=0x7fff1a3a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10640000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10640000, AllocationBase=0x7fff10640000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a0f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a0f0000, AllocationBase=0x7fff1a0f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a520000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a520000, AllocationBase=0x7fff1a520000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bf50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bf50000, AllocationBase=0x7fff1bf50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b940000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b940000, AllocationBase=0x7fff1b940000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ab10000, AllocationBase=0x7fff1ab10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.740] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.740] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a050000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a050000, AllocationBase=0x7fff1a050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aae0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aae0000, AllocationBase=0x7fff1aae0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d730000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d730000, AllocationBase=0x7fff1d730000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d790000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d790000, AllocationBase=0x7fff1d790000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c180000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c180000, AllocationBase=0x7fff1c180000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d3f0000, AllocationBase=0x7fff1d3f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cfd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1cfd0000, AllocationBase=0x7fff1cfd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b4d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b4d0000, AllocationBase=0x7fff1b4d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bc00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bc00000, AllocationBase=0x7fff1bc00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c150000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c150000, AllocationBase=0x7fff1c150000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b850000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b850000, AllocationBase=0x7fff1b850000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.741] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bd70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bd70000, AllocationBase=0x7fff1bd70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.741] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10c50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10c50000, AllocationBase=0x7fff10c50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11ca0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11ca0000, AllocationBase=0x7fff11ca0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18980000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18980000, AllocationBase=0x7fff18980000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10620000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10620000, AllocationBase=0x7fff10620000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15d30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15d30000, AllocationBase=0x7fff15d30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15c90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15c90000, AllocationBase=0x7fff15c90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15ea0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15ea0000, AllocationBase=0x7fff15ea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10530000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10530000, AllocationBase=0x7fff10530000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10460000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10460000, AllocationBase=0x7fff10460000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19360000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19360000, AllocationBase=0x7fff19360000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aa50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aa50000, AllocationBase=0x7fff1aa50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.742] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aa70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aa70000, AllocationBase=0x7fff1aa70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.742] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14a90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14a90000, AllocationBase=0x7fff14a90000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff103f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff103f0000, AllocationBase=0x7fff103f0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b380000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b380000, AllocationBase=0x7fff1b380000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18e60000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18e60000, AllocationBase=0x7fff18e60000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1aca0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1aca0000, AllocationBase=0x7fff1aca0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c3d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c3d0000, AllocationBase=0x7fff1c3d0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10380000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10380000, AllocationBase=0x7fff10380000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10330000, AllocationBase=0x7fff10330000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.743] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff161b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff161b0000, AllocationBase=0x7fff161b0000, AllocationProtect=0x80, __alignment1=0x7fff, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.743] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1acf0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1acf0000, AllocationBase=0x7fff1acf0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0fea0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0fea0000, AllocationBase=0x7fff0fea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1da20000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1da20000, AllocationBase=0x7fff1da20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f390000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f390000, AllocationBase=0x7fff0f390000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff16c20000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff16c20000, AllocationBase=0x7fff16c20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f340000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f340000, AllocationBase=0x7fff0f340000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f330000, AllocationBase=0x7fff0f330000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1cd90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1cd90000, AllocationBase=0x7fff1cd90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f120000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f120000, AllocationBase=0x7fff0f120000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.744] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a450000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a450000, AllocationBase=0x7fff1a450000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.744] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11100000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11100000, AllocationBase=0x7fff11100000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0f000000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0f000000, AllocationBase=0x7fff0f000000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0efe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0efe0000, AllocationBase=0x7fff0efe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19c20000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19c20000, AllocationBase=0x7fff19c20000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11b90000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11b90000, AllocationBase=0x7fff11b90000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ef00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ef00000, AllocationBase=0x7fff0ef00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b5f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b5f0000, AllocationBase=0x7fff1b5f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12910000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12910000, AllocationBase=0x7fff12910000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b5e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b5e0000, AllocationBase=0x7fff1b5e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0eeb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0eeb0000, AllocationBase=0x7fff0eeb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.745] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.745] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0eea0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0eea0000, AllocationBase=0x7fff0eea0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.746] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.746] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18200000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18200000, AllocationBase=0x7fff18200000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.746] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.746] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff16de0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff16de0000, AllocationBase=0x7fff16de0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.746] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19120000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19120000, AllocationBase=0x7fff19120000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18160000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18160000, AllocationBase=0x7fff18160000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1a3f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1a3f0000, AllocationBase=0x7fff1a3f0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ebe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ebe0000, AllocationBase=0x7fff0ebe0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14470000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14470000, AllocationBase=0x7fff14470000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14a80000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14a80000, AllocationBase=0x7fff14a80000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e8c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e8c0000, AllocationBase=0x7fff0e8c0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e8a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e8a0000, AllocationBase=0x7fff0e8a0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e800000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e800000, AllocationBase=0x7fff0e800000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff167a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff167a0000, AllocationBase=0x7fff167a0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.747] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e650000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e650000, AllocationBase=0x7fff0e650000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.747] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14d10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14d10000, AllocationBase=0x7fff14d10000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x6830000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x6830000, AllocationBase=0x6830000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x883000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e610000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e610000, AllocationBase=0x7fff0e610000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1dda0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1dda0000, AllocationBase=0x7fff1dda0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e590000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e590000, AllocationBase=0x7fff0e590000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d6c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d6c0000, AllocationBase=0x7fff1d6c0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1dbe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1dbe0000, AllocationBase=0x7fff1dbe0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e4b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e4b0000, AllocationBase=0x7fff0e4b0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15470000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15470000, AllocationBase=0x7fff15470000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.748] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e420000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e420000, AllocationBase=0x7fff0e420000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.748] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e3d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e3d0000, AllocationBase=0x7fff0e3d0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14720000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14720000, AllocationBase=0x7fff14720000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e250000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e250000, AllocationBase=0x7fff0e250000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12580000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12580000, AllocationBase=0x7fff12580000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b6d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b6d0000, AllocationBase=0x7fff1b6d0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10780000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10780000, AllocationBase=0x7fff10780000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e0c0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e0c0000, AllocationBase=0x7fff0e0c0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12330000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12330000, AllocationBase=0x7fff12330000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0e090000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0e090000, AllocationBase=0x7fff0e090000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0dfd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0dfd0000, AllocationBase=0x7fff0dfd0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19a00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19a00000, AllocationBase=0x7fff19a00000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.749] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.749] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff199e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff199e0000, AllocationBase=0x7fff199e0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12dd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12dd0000, AllocationBase=0x7fff12dd0000, AllocationProtect=0x80, __alignment1=0xffffd000, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0de50000, AllocationBase=0x7fff0de50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19de0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19de0000, AllocationBase=0x7fff19de0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19bd0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19bd0000, AllocationBase=0x7fff19bd0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0de30000, AllocationBase=0x7fff0de30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b030000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b030000, AllocationBase=0x7fff1b030000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14410000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14410000, AllocationBase=0x7fff14410000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff125b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff125b0000, AllocationBase=0x7fff125b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1bba0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1bba0000, AllocationBase=0x7fff1bba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.750] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0de10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0de10000, AllocationBase=0x7fff0de10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.750] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b9a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b9a0000, AllocationBase=0x7fff1b9a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ddb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ddb0000, AllocationBase=0x7fff0ddb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d660000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d660000, AllocationBase=0x7fff1d660000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff194e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff194e0000, AllocationBase=0x7fff194e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1be40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1be40000, AllocationBase=0x7fff1be40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1be00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1be00000, AllocationBase=0x7fff1be00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1b7b0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1b7b0000, AllocationBase=0x7fff1b7b0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff186e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff186e0000, AllocationBase=0x7fff186e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14320000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14320000, AllocationBase=0x7fff14320000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b6f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0b6f0000, AllocationBase=0x7fff0b6f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.751] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff10ba0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff10ba0000, AllocationBase=0x7fff10ba0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.751] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15fe0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15fe0000, AllocationBase=0x7fff15fe0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff15fb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff15fb0000, AllocationBase=0x7fff15fb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff189e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff189e0000, AllocationBase=0x7fff189e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b280000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0b280000, AllocationBase=0x7fff0b280000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0b080000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0b080000, AllocationBase=0x7fff0b080000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19780000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19780000, AllocationBase=0x7fff19780000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0db10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0db10000, AllocationBase=0x7fff0db10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0da70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0da70000, AllocationBase=0x7fff0da70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0da30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0da30000, AllocationBase=0x7fff0da30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1c1f0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1c1f0000, AllocationBase=0x7fff1c1f0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11b40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11b40000, AllocationBase=0x7fff11b40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.752] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.752] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0af40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0af40000, AllocationBase=0x7fff0af40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18310000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18310000, AllocationBase=0x7fff18310000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18f50000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18f50000, AllocationBase=0x7fff18f50000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0aec0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0aec0000, AllocationBase=0x7fff0aec0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ae30000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ae30000, AllocationBase=0x7fff0ae30000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0adb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0adb0000, AllocationBase=0x7fff0adb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ad60000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ad60000, AllocationBase=0x7fff0ad60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ad40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ad40000, AllocationBase=0x7fff0ad40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0d970000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0d970000, AllocationBase=0x7fff0d970000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0acb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0acb0000, AllocationBase=0x7fff0acb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ac60000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ac60000, AllocationBase=0x7fff0ac60000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.753] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff19140000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff19140000, AllocationBase=0x7fff19140000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.753] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0aa10000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0aa10000, AllocationBase=0x7fff0aa10000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ceb0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ceb0000, AllocationBase=0x7fff0ceb0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0ce80000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0ce80000, AllocationBase=0x7fff0ce80000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0a5e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0a5e0000, AllocationBase=0x7fff0a5e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff11c00000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff11c00000, AllocationBase=0x7fff11c00000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08920000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08920000, AllocationBase=0x7fff08920000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12290000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12290000, AllocationBase=0x7fff12290000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18820000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18820000, AllocationBase=0x7fff18820000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18800000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18800000, AllocationBase=0x7fff18800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff14430000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff14430000, AllocationBase=0x7fff14430000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.754] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.754] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff088a0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff088a0000, AllocationBase=0x7fff088a0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08880000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08880000, AllocationBase=0x7fff08880000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08840000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08840000, AllocationBase=0x7fff08840000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff18ff0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff18ff0000, AllocationBase=0x7fff18ff0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08800000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08800000, AllocationBase=0x7fff08800000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08730000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08730000, AllocationBase=0x7fff08730000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08720000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08720000, AllocationBase=0x7fff08720000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff086d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff086d0000, AllocationBase=0x7fff086d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12100000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12100000, AllocationBase=0x7fff12100000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08380000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08380000, AllocationBase=0x7fff08380000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12070000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12070000, AllocationBase=0x7fff12070000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.755] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff082e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff082e0000, AllocationBase=0x7fff082e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.755] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff08240000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff08240000, AllocationBase=0x7fff08240000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff151d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff151d0000, AllocationBase=0x7fff151d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff0c3d0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff0c3d0000, AllocationBase=0x7fff0c3d0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab70000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ab70000, AllocationBase=0x7fff1ab70000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1ab40000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1ab40000, AllocationBase=0x7fff1ab40000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff12050000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff12050000, AllocationBase=0x7fff12050000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.756] VirtualQueryEx (in: hProcess=0xffffffffffffffff, lpAddress=0x7fff1d3e0000, lpBuffer=0x9b9f770, dwLength=0x30 | out: lpBuffer=0x9b9f770*(BaseAddress=0x7fff1d3e0000, AllocationBase=0x7fff1d3e0000, AllocationProtect=0x80, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000, __alignment2=0xffffd000)) returned 0x30 [0262.756] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x9b9f6a0, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x9b9f6a0, ReturnLength=0x0) returned 0x0 [0262.759] CreateNamedPipeA (lpName="\\\\.\\pipe\\{072BB6F5-BAEC-D114-FC2B-8E95F08FA299}" (normalized: "pipe\\{072bb6f5-baec-d114-fc2b-8e95f08fa299}"), dwOpenMode=0x40000003, dwPipeMode=0x4, nMaxInstances=0xff, nOutBufferSize=0x100, nInBufferSize=0x100, nDefaultTimeOut=0x0, lpSecurityAttributes=0xb0877b0) returned 0x1860 [0262.787] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xb038930, lpParameter=0x1860, dwCreationFlags=0x0, lpThreadId=0x9b9f808 | out: lpThreadId=0x9b9f808*=0xa9c) returned 0x185c [0262.787] wsprintfA (in: param_1=0xb55ff30, param_2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT %u.%u%s)" | out: param_1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0; Win64; x64)") returned 63 [0262.787] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xb027ea4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x9b9f898 | out: lpThreadId=0x9b9f898*=0x974) returned 0x1874 Thread: id = 166 os_tid = 0x904 [0262.769] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x0 [0262.769] CreateEventA (lpEventAttributes=0xb0877b0, bManualReset=1, bInitialState=0, lpName="Local\\{2F87B751-C28A-394B-44D3-167DB8B7AA01}") returned 0x1414 [0262.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0xb5ef830*=0xb18, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 167 os_tid = 0x7a8 [0262.770] GetProcAddress (hModule=0x7fff1da90000, lpProcName="SetWindowsHookExA") returned 0x7fff1da927a0 [0262.770] SetWindowsHookExA (idHook=13, lpfn=0xb05045c, hmod=0x7ff6e4e10000, dwThreadId=0x0) returned 0x3100c3 [0262.770] GetTickCount () returned 0xff5f [0262.770] wsprintfA (in: param_1=0xb0878a0, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{567523B2-AF69-B1B4-0683-9A6728ADDC31}") returned 38 [0262.771] GetProcAddress (hModule=0x7fff1da90000, lpProcName="RegisterClassA") returned 0x7fff1dab1310 [0262.771] RegisterClassA (lpWndClass=0xb66fc70) returned 0xc150 [0262.771] GetProcAddress (hModule=0x7fff1da90000, lpProcName="CreateWindowExA") returned 0x7fff1dab4df0 [0262.771] CreateWindowExA (dwExStyle=0x0, lpClassName="{567523B2-AF69-B1B4-0683-9A6728ADDC31}", lpWindowName=0x0, dwStyle=0x0, X=1, Y=1, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x7ff6e4e10000, lpParam=0xb087880) returned 0x50086 [0262.772] GetProcAddress (hModule=0x7fff1da90000, lpProcName="GetWindowLongPtrA") returned 0x7fff1da9cae0 [0262.772] GetWindowLongPtrA (hWnd=0x50086, nIndex=-21) returned 0x0 [0262.773] GetProcAddress (hModule=0x7fff1da90000, lpProcName="DefWindowProcA") returned 0x7fff1f993230 [0262.773] NtdllDefWindowProc_A (hWnd=0x50086, Msg=0x24, wParam=0x0, lParam=0xb66f610) returned 0x0 [0262.773] GetWindowLongPtrA (hWnd=0x50086, nIndex=-21) returned 0x0 [0262.773] NtdllDefWindowProc_A (hWnd=0x50086, Msg=0x81, wParam=0x0, lParam=0xb66f5b0) returned 0x1 [0262.775] GetWindowLongPtrA (hWnd=0x50086, nIndex=-21) returned 0x0 [0262.775] NtdllDefWindowProc_A (hWnd=0x50086, Msg=0x83, wParam=0x0, lParam=0xb66f630) returned 0x0 [0262.776] GetWindowLongPtrA (hWnd=0x50086, nIndex=-21) returned 0x0 [0262.776] GetProcAddress (hModule=0x7fff1da90000, lpProcName="SetWindowLongPtrA") returned 0x7fff1daa61f0 [0262.776] SetWindowLongPtrA (hWnd=0x50086, nIndex=-21, dwNewLong=0xb087880) returned 0x0 [0262.777] SetEvent (hEvent=0x18bc) returned 1 [0262.777] GetProcAddress (hModule=0x7fff1da90000, lpProcName="GetMessageA") returned 0x7fff1daaaa50 [0262.777] GetMessageA (in: lpMsg=0xb66fc40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb66fc40) returned 1 [0262.778] GetProcAddress (hModule=0x7fff1da90000, lpProcName="TranslateMessage") returned 0x7fff1daa36a0 [0262.778] TranslateMessage (lpMsg=0xb66fc40) returned 0 [0262.778] GetProcAddress (hModule=0x7fff1da90000, lpProcName="DispatchMessageA") returned 0x7fff1dab61e0 [0262.778] DispatchMessageA (lpMsg=0xb66fc40) returned 0x0 [0262.778] GetWindowLongPtrA (hWnd=0x50086, nIndex=-21) returned 0xb087880 [0262.778] NtdllDefWindowProc_A (hWnd=0x50086, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0262.778] GetMessageA (lpMsg=0xb66fc40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 168 os_tid = 0x8bc [0262.779] GetTickCount () returned 0xff5f [0262.779] wsprintfA (in: param_1=0xb087720, param_2="{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="{841853B2-1F69-61B4-0683-9A6728ADDC31}") returned 38 [0262.779] RegisterClassA (lpWndClass=0xb6efed0) returned 0xc151 [0262.779] CreateWindowExA (dwExStyle=0x0, lpClassName="{841853B2-1F69-61B4-0683-9A6728ADDC31}", lpWindowName=0x0, dwStyle=0x0, X=1, Y=1, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x7ff6e4e10000, lpParam=0xb087710) returned 0x401be [0262.780] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0x0 [0262.780] NtdllDefWindowProc_A (hWnd=0x401be, Msg=0x24, wParam=0x0, lParam=0xb6ef870) returned 0x0 [0262.780] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0x0 [0262.780] NtdllDefWindowProc_A (hWnd=0x401be, Msg=0x81, wParam=0x0, lParam=0xb6ef810) returned 0x1 [0262.782] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0x0 [0262.782] NtdllDefWindowProc_A (hWnd=0x401be, Msg=0x83, wParam=0x0, lParam=0xb6ef890) returned 0x0 [0262.783] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0x0 [0262.783] GetProcAddress (hModule=0x7fff1da90000, lpProcName="SetClipboardViewer") returned 0x7fff1dac0de0 [0262.783] SetClipboardViewer (hWndNewViewer=0x401be) returned 0x0 [0262.784] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0x0 [0262.784] GetProcAddress (hModule=0x7fff1da90000, lpProcName="PostMessageA") returned 0x7fff1dab4900 [0262.784] PostMessageA (hWnd=0x401be, Msg=0x8001, wParam=0x0, lParam=0x0) returned 1 [0262.784] SetWindowLongPtrA (hWnd=0x401be, nIndex=-21, dwNewLong=0xb087710) returned 0x0 [0262.785] GetMessageA (in: lpMsg=0xb6efea0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb6efea0) returned 1 [0262.785] TranslateMessage (lpMsg=0xb6efea0) returned 0 [0262.785] DispatchMessageA (lpMsg=0xb6efea0) returned 0x0 [0262.785] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0xb087710 [0262.785] NtdllDefWindowProc_A (hWnd=0x401be, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0262.785] GetMessageA (in: lpMsg=0xb6efea0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xb6efea0) returned 1 [0262.785] TranslateMessage (lpMsg=0xb6efea0) returned 0 [0262.785] DispatchMessageA (lpMsg=0xb6efea0) returned 0x0 [0262.785] GetWindowLongPtrA (hWnd=0x401be, nIndex=-21) returned 0xb087710 [0262.785] GetProcAddress (hModule=0x7fff1da90000, lpProcName="OpenClipboard") returned 0x7fff1dabb6c0 [0262.786] OpenClipboard (hWndNewOwner=0x0) returned 1 [0262.786] GetProcAddress (hModule=0x7fff1da90000, lpProcName="GetClipboardData") returned 0x7fff1dababa0 [0262.786] GetClipboardData (uFormat=0x1) returned 0x0 [0262.787] GetProcAddress (hModule=0x7fff1da90000, lpProcName="CloseClipboard") returned 0x7fff1dac0920 [0262.787] CloseClipboard () returned 1 [0262.787] GetMessageA (lpMsg=0xb6efea0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 169 os_tid = 0xa9c [0262.789] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1640 [0262.789] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0x0) returned 0x102 [0262.789] ConnectNamedPipe (in: hNamedPipe=0x1860, lpOverlapped=0xb76fc30 | out: lpOverlapped=0xb76fc30) returned 0 [0262.789] GetLastError () returned 0x3e5 [0262.789] WaitForMultipleObjects (nCount=0x2, lpHandles=0xb76fc20*=0xb18, bWaitAll=0, dwMilliseconds=0xffffffff) Thread: id = 170 os_tid = 0x974 [0262.789] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{111F6A44-3C4D-6BC7-CED5-30CFE2D96473}") returned 0x141c [0262.789] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{62D813F7-59FC-E439-F3B6-9D58D74A210C}") returned 0x186c [0262.789] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{6C433A47-DB67-7E7B-C560-3F92C994E3E6}") returned 0x1868 [0262.789] SetLastError (dwErrCode=0xb7) [0262.789] CreateEventA (lpEventAttributes=0xb0877b0, bManualReset=1, bInitialState=0, lpName="Local\\{0D65F8EA-0843-C78A-7A91-BCEB4E55B04F}") returned 0x1870 [0262.789] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{A8435A97-E752-1A33-B15C-0BEE75506F02}") returned 0x1450 [0262.789] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{FB999B87-1EC7-E503-005F-32E93403862D}") returned 0x1840 [0262.789] SetLastError (dwErrCode=0xb7) [0262.789] OpenWaitableTimerA (dwDesiredAccess=0x100002, bInheritHandle=0, lpTimerName="Local\\{E089BDC1-BF33-12AE-4914-63668D8847FA}") returned 0x1878 [0262.789] OpenMutexA (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Local\\{53667D0F-9637-FD89-3837-2A81EC5BFE45}") returned 0x1410 [0262.789] SetLastError (dwErrCode=0xb7) [0262.790] WaitForMultipleObjects (nCount=0x2, lpHandles=0xb7efc00*=0xb18, bWaitAll=0, dwMilliseconds=0xffffffff)